--- /dev/null
+spring:\r
+ cloud:\r
+ kubernetes:\r
+ enabled: false\r
+ discovery:\r
+ enabled: false\r
+ security:\r
+ user:\r
+ name: participantUser\r
+ password: zb!XztG34\r
+ autoconfigure:\r
+ exclude:\r
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration\r
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration\r
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration\r
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration\r
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration\r
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration\r
+\r
+security:\r
+ enable-csrf: false\r
+\r
+participant:\r
+ intermediaryParameters:\r
+ reportingTimeIntervalMs: 120000\r
+ description: Participant Description\r
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04\r
+ clampAutomationCompositionTopics:\r
+ topicSources:\r
+ - topic: POLICY-ACRUNTIME-PARTICIPANT\r
+ servers:\r
+ - ${topicServer:message-router}\r
+ topicCommInfrastructure: dmaap\r
+ fetchTimeout: 15000\r
+ topicSinks:\r
+ - topic: POLICY-ACRUNTIME-PARTICIPANT\r
+ servers:\r
+ - ${topicServer:message-router}\r
+ topicCommInfrastructure: dmaap\r
+ participantSupportedElementTypes:\r
+ -\r
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement\r
+ typeVersion: 1.0.1\r
+\r
+customresourcedefinition:\r
+ group: serving.kserve.io\r
+ version: v1beta1\r
+ plural: inferenceservices\r
+ grace-period: 10\r
+\r
+management:\r
+ endpoints:\r
+ web:\r
+ base-path: /\r
+ exposure:\r
+ include: health, metrics, prometheus\r
+server:\r
+ port: 6969\r
+ servlet:\r
+ context-path: /onap/policy/clamp/acm/kserveparticipant\r
+ ssl:\r
+ enabled: false\r
'-c', './a1pms-participant.sh',
'message-router', '3904'
]
+ policy-clamp-ac-kserve-ppnt:
+ image: ${CONTAINER_LOCATION}onap/policy-clamp-ac-kserve-ppnt:${POLICY_CLAMP_VERSION}
+ container_name: policy-clamp-ac-kserve-ppnt
+ depends_on:
+ - simulator
+ hostname: policy-clamp-ac-kserve-ppnt
+ ports:
+ - 30297:6969
+ volumes:
+ - ./config/clamp/KserveParticipantParameters.yaml:/opt/app/policy/clamp/etc/KserveParticipantParameters.yaml:ro
+ - ./config/clamp/logback.xml:/opt/app/policy/clamp/etc/logback.xml:ro
+ - ./wait_for_port.sh:/opt/app/policy/bin/wait_for_port.sh:ro
+ entrypoint: /opt/app/policy/bin/wait_for_port.sh
+ command: [
+ '-c', './kserve-participant.sh',
+ 'message-router', '3904'
+ ]
prometheus:
image: prom/prometheus:v2.32.1
container_name: prometheus
APEX_IP=policy-apex-pdp:${DEFAULT_PORT}
POLICY_PDPX_IP=policy-xacml-pdp:${DEFAULT_PORT}
POLICY_DROOLS_IP=policy-drools-pdp:9696
-
+DISTRIBUTION_IP=policy-distribution:6969
DMAAP_IP=message-router:3904
APEX_EVENTS_IP=policy-apex-pdp:23324
PROMETHEUS_IP=prometheus:9090
+DIST_TEMP_FOLDER=/tmp/distribution
+
export ROBOT_VARIABLES=
ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_API_IP:$POLICY_API_IP
-v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP
-v APEX_EVENTS_IP:$APEX_EVENTS_IP -v DMAAP_IP:$DMAAP_IP -v PROMETHEUS_IP:${PROMETHEUS_IP}
--v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP"
+-v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP -v TEMP_FOLDER:${DIST_TEMP_FOLDER}
+-v DISTRIBUTION_IP:$DISTRIBUTION_IP"
echo "Run Robot test"
echo ROBOT_VARIABLES="${ROBOT_VARIABLES}"
POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot"
POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot"
POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot"
+POLICY_DISTRIBUTION_ROBOT="distribution-test.robot"
POLICY_API_CONTAINER="policy-api"
POLICY_PAP_CONTAINER="policy-pap"
POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm"
POLICY_APEX_CONTAINER="policy-apex-pdp"
POLICY_DROOLS_CONTAINER="policy-drools-pdp"
POLICY_XACML_CONTAINER="policy-xacml-pdp"
+POLICY_DISTRIBUTION_CONTAINER="policy-distribution"
+
+DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar
+DIST_TEMP_FOLDER=/tmp/distribution
export PROJECT=""
export ROBOT_FILE=""
echo "Build docker image for robot framework"
cd ${WORKSPACE}/csit/resources || exit;
clone_models
+ if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then
+ copy_csar_file
+ fi
echo "Build robot framework docker image"
docker login -u docker -p docker nexus3.onap.org:10001
docker build . --file Dockerfile \
>tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json
}
+function copy_csar_file () {
+ zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \
+ --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q
+ # Remake temp directory
+ sudo rm -rf "${DIST_TEMP_FOLDER}"
+ sudo mkdir "${DIST_TEMP_FOLDER}"
+ sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar
+ sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar
+}
function get_robot_file () {
case $PROJECT in
export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER)
;;
+ distribution | policy-distribution)
+ export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT)
+ export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,
+ $POLICY_DISTRIBUTION_CONTAINER)
+ ;;
+
*)
echo "unknown project supplied"
;;
version: ~11.x-0
repository: 'file://components/policy-xacml-pdp'
condition: policy-xacml-pdp.enabled
+ - name: policy-distribution
+ version: ~11.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+ - name: policy-clamp-ac-http-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-http-ppnt'
+ condition: policy-clamp-ac-http-ppnt.enabled
+ - name: policy-clamp-ac-kserve-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-kserve-ppnt'
+ condition: policy-clamp-ac-kserve-ppnt.enabled
+ - name: policy-clamp-ac-a1pms-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-a1pms-ppnt'
+ condition: policy-clamp-ac-a1pms-ppnt.enabled
## Desired number of cluster nodes
##
-replicaCount: 3
+replicaCount: 1
## updateStrategy for MariaDB Master StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+++ /dev/null
-{
- "groups": [
- {
- "name": "defaultGroup",
- "version": "1.0.0",
- "description": "The default group that registers all supported policy types and pdps.",
- "pdpGroupState": "ACTIVE",
- "pdpSubgroups": [
- {
- "pdpType": "apex",
- "supportedPolicyTypes": [
- {
- "name": "onap.policies.controlloop.operational.common.Apex",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.native.Apex",
- "version": "1.0.0"
- }
- ],
- "currentInstanceCount": 0,
- "desiredInstanceCount": 1,
- "policies": []
- }
- ]
- }
- ]
-}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM A1PMS Participant
+name: policy-clamp-ac-a1pms-ppnt
+version: 11.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: participantUser
+ password: zb!XztG34
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+security:
+ enable-csrf: false
+
+a1pms:
+ baseUrl: http://a1policymanagement.onap:8081
+ headers:
+ content-type: application/json
+ endpoints:
+ health: /a1-policy/v2/rics
+ services: /a1-policy/v2/services
+ service: /a1-policy/v2/services/{service_id}
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00
+ clampAutomationCompositionTopics:
+ topicSources:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ topicSinks:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
+ typeVersion: 1.0.1
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8086
+ servlet:
+ context-path: /onap/policy/clamp/acm/a1pmsparticipant
+ ssl:
+ enabled: false
+
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: RELEASE
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-a1pms-ppnt-config
+ - mountPath: /config
+ name: ac-a1pms-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8086
+ name: a1pms-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-a1pms-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-create
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-a1pms-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-a1pms-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-binding
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-create
+ namespace: default
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: {{ .Values.config.jaas }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-create
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-a1pms-ppnt:6.4-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: a1pms-api
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: a1pms-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-a1pms-ppnt
+ useNodePortExt: true
+ ports:
+ name: a1pms-api
+ port: 8086
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-a1pms-ppnt
+ roles:
+ - create
+
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+ jaas: KuldHochQipa7,
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Http Participant
+name: policy-clamp-ac-http-ppnt
+version: 11.0.0
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+{{- if .Values.config.useStrimziKafka }}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+ bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01
+ clampAutomationCompositionTopics:
+ topicSources:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: false
+ topicSinks:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
+ typeVersion: 1.0.0
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8084
+ servlet:
+ context-path: /onap/policy/clamp/acm/httpparticipant
+ ssl:
+ enabled: false
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: release
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-http-ppnt-config
+ - mountPath: /config
+ name: ac-http-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8084
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-http-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-http-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-http-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: release-read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+#Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: "Tokm6*DaheWaro"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
\ No newline at end of file
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: Service\r
+metadata:\r
+ name: {{ .Chart.Name }}\r
+ namespace: default\r
+ labels:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ app.kubernetes.io/instance: release\r
+ app.kubernetes.io/managed-by: Helm\r
+spec:\r
+ ports:\r
+ - port: {{ .Values.service.ports.port }}\r
+ targetPort: {{ .Values.service.ports.port }}\r
+ protocol: TCP\r
+ name: {{ .Values.service.ports.name }}\r
+ ipFamilyPolicy: PreferDualStack\r
+ type: {{ .Values.service.type }}\r
+ selector:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ app.kubernetes.io/instance: release\r
+ sessionAffinity: None\r
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-http-ppnt:6.4-SNAPSHOT-latest
+pullPolicy: Always
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-http-ppnt
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 8084
+ nodePort: 42
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-http-ppnt
+ roles:
+ - read
+
+config:
+ # Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
intermediaryParameters:
reportingTimeIntervalMs: 120000
description: Participant Description
- participantId:
- name: K8sParticipant0
- version: 1.0.0
- participantType:
- name: org.onap.policy.clamp.acm.KubernetesParticipant
- version: 2.3.4
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c02
clampAutomationCompositionTopics:
topicSources:
-
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: false
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
+ typeVersion: 1.0.0
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.4.0
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-k8s-ppnt:6.4-SNAPSHOT-latest
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Kserve Participant
+name: policy-clamp-ac-kserve-ppnt
+version: 11.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ cloud:
+ kubernetes:
+ enabled: false
+ discovery:
+ enabled: false
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+ bootstrap-servers: release-{{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04
+ clampAutomationCompositionTopics:
+ topicSources:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ topicSinks:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
+ typeVersion: 1.0.1
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - release-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - release-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+customresourcedefinition:
+ group: serving.kserve.io
+ version: v1beta1
+ plural: inferenceservices
+ grace-period: 10
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8087
+ servlet:
+ context-path: /onap/policy/clamp/acm/kserveparticipant
+ ssl:
+ enabled: false
+
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: RELEASE
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-kserve-ppnt-config
+ - mountPath: /config
+ name: ac-kserve-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8087
+ name: kserve-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-kserve-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-create
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-kserve-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-kserve-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-binding
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-create
+ namespace: default
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: {{ .Values.config.jaas }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-create
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-kserve-ppnt:6.4-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: kserve-api
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: kserve-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-kserve-ppnt
+ useNodePortExt: true
+ ports:
+ name: kserve-api
+ port: 8087
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-kserve-ppnt
+ roles:
+ - create
+
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+ jaas: KuldHochQipa7,
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
intermediaryParameters:
reportingTimeIntervalMs: 120000
description: Participant Description
- participantId:
- name: org.onap.PM_Policy
- version: 1.0.0
- participantType:
- name: org.onap.policy.clamp.acm.PolicyParticipant
- version: 2.3.1
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c03
clampAutomationCompositionTopics:
topicSources:
-
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: false
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
+ typeVersion: 1.0.0
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
valueFrom:
secretKeyRef:
name: {{ .Chart.Name }}-pap-secret
- key: login
+ key: password
- name: RESTSERVER_USER
valueFrom:
secretKeyRef:
valueFrom:
secretKeyRef:
name: {{ .Chart.Name }}-restserver-secret
- key: login
+ key: password
{{- if .Values.config.useStrimziKafka }}
- name: JAASLOGIN
valueFrom:
# Application configuration defaults.
#################################################################
# application image
-image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.3.1
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.4-SNAPSHOT-latest
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Distribution
+name: policy-distribution
+version: 11.0.0
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name":"SDCDistributionGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":6969,
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
+ "https": false,
+ "prometheus": true
+ },
+ "receptionHandlerParameters":{
+ "FileReceptionHandler":{
+ "receptionHandlerType":"File",
+ "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandler",
+ "receptionHandlerConfigurationName":"fileConfiguration",
+ "pluginHandlerParameters":{
+ "policyDecoders":{
+ "ApexDecoder":{
+ "decoderType":"ApexDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
+ "decoderConfigurationName": "apexDecoderConfiguration"
+ }
+ },
+ "policyForwarders":{
+ "LifeCycleApiForwarder":{
+ "forwarderType":"LifeCycleAPI",
+ "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
+ "forwarderConfigurationName": "lifecycleApiConfiguration"
+ }
+ }
+ }
+ }
+ },
+ "receptionHandlerConfigurationParameters":{
+ "fileConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandlerConfigurationParameterGroup",
+ "parameters":{
+ "watchPath": "/opt/app/policy/distribution/etc/temp/",
+ "maxThread": 1
+ }
+ }
+ },
+ "policyDecoderConfigurationParameters":{
+ "apexDecoderConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
+ "parameters":{
+ "policyFileName": "apex_policy.json",
+ "policyTypeFileName": "apex_policy_type.json"
+ }
+ }
+ },
+ "policyForwarderConfigurationParameters":{
+ "lifecycleApiConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
+ "parameters":{
+ "apiParameters": {
+ "clientName": "policy-api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": false
+ },
+ "papParameters": {
+ "clientName": "policy-pap",
+ "hostname": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}",
+ "useHttps": false
+ },
+ "deployPolicies": true
+ }
+ }
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ release: release
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: password
+ - name: API_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ key: login
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ key: password
+ - name: PAP_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-papparameters-creds
+ key: login
+ - name: PAP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-papparameters-creds
+ key: password
+ - name: SDCBE_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ key: login
+ - name: SDCBE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ key: password
+ volumeMounts:
+ - mountPath: /config-input
+ name: distributionconfig-input
+ - mountPath: /config
+ name: distributionconfig
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+ args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/distribution/etc/mounted
+ name: distributionconfig
+ - mountPath: /opt/app/policy/distribution/etc/temp
+ name: tmpdir
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: distributionconfig-input
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: distributionconfig
+ emptyDir:
+ medium: Memory
+ - name: tmpdir
+ hostPath:
+ path: /tmp/distribution
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.apiParameters.user }}
+ password: {{ .Values.apiParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-papparameters-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.papParameters.user }}
+ password: {{ .Values.papParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.sdcBe.user }}
+ password: {{ .Values.sdcBe.user }}
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation . All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ .Chart.Name }}
+ release: release
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-distribution:2.9-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+apiParameters:
+ user: policyadmin
+ password: zb!XztG34
+papParameters:
+ user: policyadmin
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-distribution
+ portName: http
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-distribution
+ roles:
+ - read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-distribution
+ interval: 60s
+ isHttps: false
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-distribution-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: release
+ heritage: Helm
"currentInstanceCount": 0,
"desiredInstanceCount": 1,
"policies": []
+ },
+ {
+ "pdpType": "xacml",
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.controlloop.guard.common.FrequencyLimiter",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.MinMax",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.Blacklist",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.Filter",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.monitoring.*",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.*",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.AffinityPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.DistancePolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.HpaPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.OptimizationPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.PciPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.service.QueryPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.service.SubscriberPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.Vim_fit",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.VnfPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.native.Xacml",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.Naming",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.match.*",
+ "version": "1.0.0"
+ }
+ ],
+ "currentInstanceCount": 0,
+ "desiredInstanceCount": 1,
+ "policies": [
+ {
+ "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP",
+ "version": "1.0.0"
+ }
+ ]
}
]
}
+++ /dev/null
-{
- "groups": [
- {
- "name": "defaultGroup",
- "version": "1.0.0",
- "description": "The default group that registers all supported policy types and pdps.",
- "pdpGroupState": "ACTIVE",
- "pdpSubgroups": [
- {
- "pdpType": "xacml",
- "supportedPolicyTypes": [
- {
- "name": "onap.policies.controlloop.guard.common.FrequencyLimiter",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.controlloop.guard.common.MinMax",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.controlloop.guard.common.Blacklist",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.controlloop.guard.common.Filter",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.monitoring.*",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.*",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.AffinityPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.DistancePolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.HpaPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.OptimizationPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.PciPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.service.QueryPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.service.SubscriberPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.Vim_fit",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.optimization.resource.VnfPolicy",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.native.Xacml",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.Naming",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.match.*",
- "version": "1.0.0"
- }
- ],
- "currentInstanceCount": 0,
- "desiredInstanceCount": 1,
- "policies": [
- {
- "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP",
- "version": "1.0.0"
- }
- ]
- }
- ]
- }
- ]
-}
enabled: true
policy-xacml-pdp:
enabled: true
-
+policy-distribution:
+ enabled: true
+policy-clamp-ac-http-ppnt:
+ enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
+policy-clamp-ac-a1pms-ppnt:
+ enabled: true
#################################################################
# DB configuration defaults.
Code Review / policy / docker.git / commitdiff