Added helm charts for api, pap, apex-pdp and policy-participant.
Issue-ID: POLICY-4457
Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech>
Change-Id: I10d721d17d773b3226dbd0473c3d55dae3be42a4
version: ~11.x-0
repository: 'file://components/policy-models-simulator'
condition: policy-models-simulator.enabled
+ - name: policy-api
+ version: ~11.x-0
+ repository: 'file://components/policy-api'
+ condition: policy-api.enabled
+ - name: policy-pap
+ version: ~11.x-0
+ repository: 'file://components/policy-pap'
+ condition: policy-pap.enabled
+ - name: policy-apex-pdp
+ version: ~11.x-0
+ repository: 'file://components/policy-apex-pdp'
+ condition: policy-apex-pdp.enabled
+ - name: policy-clamp-ac-pf-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-pf-ppnt'
+ condition: policy-clamp-ac-pf-ppnt.enabled
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy APEX PDP
+name: policy-apex-pdp
+version: 11.0.0
+
--- /dev/null
+{
+ "name":"OnapPfParameterGroup",
+ "restServerParameters": {
+ "host": "0.0.0.0",
+ "port": 6969,
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
+ "https": false,
+ "prometheus": true
+ },
+ "pdpStatusParameters":{
+ "pdpGroup": "defaultGroup",
+ "timeIntervalMs": 120000,
+ "pdpType":"apex",
+ "description":"Pdp Heartbeat",
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.native.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.operational.common.Apex",
+ "version": "1.0.0"
+ }
+ ]
+ },
+ "topicParameterGroup": {
+ "topicSources" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : false,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
+ }],
+ "topicSinks" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : false,
+ "topicCommInfrastructure" : "dmaap"
+ }]
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: Release
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: "MobnDove6!Qibh"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+
+
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ .Chart.Name }}
+ release: RELEASE
+ sessionAffinity: None
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+spec:
+ serviceName: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ release: RELEASE
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: password
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apexconfig-input
+ - mountPath: /config
+ name: apexconfig
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["sh","-c"]
+ args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /var/log/onap
+ name: policy-logs
+ - mountPath: /home/apexuser/config
+ name: apexconfig
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: policy-logs
+ emptyDir: {}
+ - name: apexconfig-input
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: apexconfig
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ aafEnabled: false
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-apex-pdp:2.8.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-apex-pdp
+ portName: http
+ externalPort: 6969
+ internalPort: 6969
+ nodePort: 37
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ unlimited: {}
+
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-apex-pdp
+ roles:
+ - read
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Design API
+name: policy-api
+version: 11.0.0
+
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+server:
+ port: {{ .Values.service.internalPort }}
+ ssl:
+ enabled: false
+
+spring:
+ security.user:
+ name: "${RESTSERVER_USER}"
+ password: "${RESTSERVER_PASSWORD}"
+ mvc.converters.preferred-json-mapper: gson
+ datasource:
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+ driverClassName: org.mariadb.jdbc.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
+ jpa:
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+
+policy-api:
+ name: ApiGroup
+ aaf: false
+
+database:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ driver: org.mariadb.jdbc.Driver
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+ user: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ persistenceUnit: PolicyDb
+
+policy-preload:
+ policyTypes:
+ - policytypes/onap.policies.monitoring.tcagen2.yaml
+ - policytypes/onap.policies.monitoring.tcagen2.v2.yaml
+ - policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml
+ - policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml
+ - policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml
+ - policytypes/onap.policies.monitoring.dcae-pm-mapper.yaml
+ - policytypes/onap.policies.Optimization.yaml
+ - policytypes/onap.policies.optimization.Resource.yaml
+ - policytypes/onap.policies.optimization.Service.yaml
+ - policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.DistancePolicy.yaml
+ - policytypes/onap.policies.optimization.resource.HpaPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.PciPolicy.yaml
+ - policytypes/onap.policies.optimization.service.QueryPolicy.yaml
+ - policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.Vim_fit.yaml
+ - policytypes/onap.policies.optimization.resource.VnfPolicy.yaml
+ - policytypes/onap.policies.controlloop.guard.Common.yaml
+ - policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml
+ - policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml
+ - policytypes/onap.policies.controlloop.guard.common.MinMax.yaml
+ - policytypes/onap.policies.controlloop.guard.common.Filter.yaml
+ - policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml
+ - policytypes/onap.policies.Naming.yaml
+ - policytypes/onap.policies.Match.yaml
+ - policytypes/onap.policies.native.Drools.yaml
+ - policytypes/onap.policies.native.Xacml.yaml
+ - policytypes/onap.policies.native.Apex.yaml
+ - policytypes/onap.policies.controlloop.operational.Common.yaml
+ - policytypes/onap.policies.controlloop.operational.common.Apex.yaml
+ - policytypes/onap.policies.controlloop.operational.common.Drools.yaml
+ policies:
+ - policies/sdnc.policy.naming.input.tosca.yaml
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health,metrics,prometheus
+ path-mapping.prometheus: metrics
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/metric.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty" level="ERROR" />
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-creds
+ key: login
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-creds
+ key: password
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: password
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/api/bin/policy-api.sh"]
+ args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.api }}
+ port: {{ .Values.service.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+ scheme: HTTP
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeout }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/api/etc/mounted
+ name: apiconfig-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: apiconfig
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-db-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ .Chart.Name }}
+ release: release
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 304
+ persistence: {}
+ aafEnabled: false
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-api:2.7.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+db:
+ user: policy-user
+ password: policy-user
+ service:
+ name: mariadb-galera
+ internalPort: 3306
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 120
+ api: /policy/api/v1/healthcheck
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
+
+service:
+ type: ClusterIP
+ name: policy-api
+ portName: http
+ externalPort: 6969
+ internalPort: 6969
+ nodePort: 40
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-api
+ roles:
+ - read
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Policy Participant
+name: policy-clamp-ac-pf-ppnt
+version: 11.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+ bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+participant:
+ pdpGroup: defaultGroup
+ pdpType: apex
+ policyApiParameters:
+ clientName: api
+ hostname: policy-api
+ port: 6969
+ userName: ${API_USER}
+ password: ${API_PASSWORD}
+ useHttps: false
+ allowSelfSignedCerts: true
+ policyPapParameters:
+ clientName: pap
+ hostname: policy-pap
+ port: 6969
+ userName: ${PAP_USER}
+ password: ${PAP_PASSWORD}
+ useHttps: false
+ allowSelfSignedCerts: true
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: org.onap.PM_Policy
+ version: 1.0.0
+ participantType:
+ name: org.onap.policy.clamp.acm.PolicyParticipant
+ version: 2.3.1
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: false
+ topicSinks:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: false
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: false
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+
+server:
+ port: 8085
+ servlet:
+ context-path: /onap/policyparticipant
+ ssl:
+ enabled: false
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pf-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: RELEASE
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: API_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-secret
+ key: login
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-secret
+ key: password
+ - name: PAP_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-pap-secret
+ key: login
+ - name: PAP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-pap-secret
+ key: login
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-pf-ppnt-config
+ - mountPath: /config
+ name: ac-pf-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8085
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-pf-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-pf-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-pf-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+ namespace: default
+
--- /dev/null
+{{/*
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-api-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.api.user }}
+ password: {{ .Values.restServer.api.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-pap-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.pap.user }}
+ password: {{ .Values.restServer.pap.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: "HuveRotkMosl5!"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.participantppnt.user }}
+ password: {{ .Values.restServer.participantppnt.password }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: Service\r
+metadata:\r
+ name: {{ .Chart.Name }}\r
+ namespace: default\r
+ labels:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ app.kubernetes.io/instance: RELEASE\r
+ app.kubernetes.io/managed-by: Helm\r
+spec:\r
+ ports:\r
+ - port: {{ .Values.service.ports.port }}\r
+ targetPort: {{ .Values.service.ports.port }}\r
+ protocol: TCP\r
+ name: {{ .Values.service.ports.name }}\r
+ ipFamilyPolicy: PreferDualStack\r
+ type: {{ .Values.service.type }}\r
+ selector:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ app.kubernetes.io/instance: RELEASE\r
+ sessionAffinity: None\r
+\r
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.3.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+# application configuration
+restServer:
+ api:
+ user: policyadmin
+ password: zb!XztG34
+ pap:
+ user: policyadmin
+ password: zb!XztG34
+ participantppnt:
+ user: participantUser
+ password: zb!XztG34
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-pf-ppnt
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 8085
+ nodePort: 42
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-pf-ppnt
+ roles:
+ - read
+
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Administration (PAP)
+name: policy-pap
+version: 11.0.0
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: "${RESTSERVER_USER}"
+ password: "${RESTSERVER_PASSWORD}"
+ http:
+ converters:
+ preferred-json-mapper: gson
+ datasource:
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ driverClassName: org.mariadb.jdbc.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
+ jpa:
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+ bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+server:
+ port: 6969
+ ssl:
+ enabled: false
+
+pap:
+ name: PapGroup
+ aaf: false
+ pdpParameters:
+ heartBeatMs: 120000
+ updateParameters:
+ maxRetryCount: 1
+ maxWaitMs: 30000
+ stateChangeParameters:
+ maxRetryCount: 1
+ maxWaitMs: 30000
+ savePdpStatisticsInDb: false
+ topicParameterGroup:
+ topicSources:
+ - topic: POLICY-PDP-PAP
+ servers:
+ - message-router
+ useHttps: false
+ fetchTimeout: 15000
+ topicCommInfrastructure: dmaap
+ - topic: POLICY-HEARTBEAT
+ effectiveTopic: POLICY-PDP-PAP
+ consumerGroup: policy-pap
+ servers:
+ - message-router
+ useHttps: false
+ fetchTimeout: 15000
+ topicCommInfrastructure: dmaap
+ topicSinks:
+ - topic: POLICY-PDP-PAP
+ servers:
+ - message-router
+ useHttps: false
+ topicCommInfrastructure: dmaap
+ - topic: POLICY-NOTIFICATION
+ servers:
+ - message-router
+ useHttps: false
+ topicCommInfrastructure: dmaap
+# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+ healthCheckRestClientParameters:
+ - clientName: api
+ hostname: policy-api
+ port: 6969
+ userName: "${API_USER}"
+ password: "${API_PASSWORD}"
+ useHttps: false
+ basePath: policy/api/v1/healthcheck
+ - clientName: distribution
+ hostname: policy-distribution
+ port: 6969
+ userName: "${DISTRIBUTION_USER}"
+ password: "${DISTRIBUTION_PASSWORD}"
+ useHttps: false
+ basePath: healthcheck
+ - clientName: dmaap
+ hostname: message-router
+ port: 3904
+ useHttps: false
+ basePath: topics
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+ path-mapping.prometheus: metrics
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: RELEASE
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: login
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: password
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+ - name: API_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-secret
+ key: login
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-secret
+ key: password
+ - name: DISTRIBUTION_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-distribution-secret
+ key: login
+ - name: DISTRIBUTION_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-distribution-secret
+ key: password
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: papconfig
+ - mountPath: /config
+ name: papconfig-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
+ args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
+ ports:
+ - containerPort: 6969
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.api }}
+ port: {{ .Values.readiness.port }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+ scheme: HTTP
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeout }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/pap/etc/mounted
+ name: papconfig-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: papconfig
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: papconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
+
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-api-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.healthCheckRestClient.api.user }}
+ password: {{ .Values.healthCheckRestClient.api.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-db-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-distribution-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.healthCheckRestClient.distribution.user }}
+ password: {{ .Values.healthCheckRestClient.distribution.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: "Zule4]TateGila"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ name: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: RELEASE
+ heritage: Helm
+
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.name }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ ipFamilyPolicy: PreferDualStack
+ type: {{ .Values.service.type }}
+ selector:
+ app: {{ .Chart.Name }}
+ release: RELEASE
+ sessionAffinity: None
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-pap:2.7.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+ user: policy-user
+ password: policy-user
+ service:
+ name: mariadb-galera
+ internalPort: 3306
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+
+healthCheckRestClient:
+ api:
+ user: policyadmin
+ password: zb!XztG34
+ distribution:
+ user: healthcheck
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 120
+ port: http-api
+ api: /policy/pap/v1/healthcheck
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
+
+service:
+ type: ClusterIP
+ name: policy-pap
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-pap
+ roles:
+ - read
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
#################################################################
global:
- aafEnabled: true
+ aafEnabled: false
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-password
- name: &dbRootPassSecretName 'policy-db-root-password'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
- password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- policy: generate
- - uid: db-secret
- name: &dbSecretName 'policy-db-secret'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "db" "user" }}'
- password: '{{ index .Values "mariadb-galera" "db" "password" }}'
- passwordPolicy: generate
- - uid: policy-app-user-creds
- name: &policyAppCredsSecret 'policy-app-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
- login: '{{ .Values.config.policyAppUserName }}'
- password: '{{ .Values.config.policyAppUserPassword }}'
- passwordPolicy: generate
-
-db: &dbSecretsHook
- credsExternalSecret: *dbSecretName
policy-models-simulator:
enabled: true
enabled: true
policy-clamp-runtime-acm:
enabled: true
- db: *dbSecretsHook
- config:
- appUserExternalSecret: *policyAppCredsSecret
+policy-api:
+ enabled: true
+policy-pap:
+ enabled: true
+policy-apex-pdp:
+ enabled: true
+policy-clamp-ac-pf-ppnt:
+ enabled: true
+
#################################################################
# DB configuration defaults.
db:
user: policy-user
# password:
- externalSecret: *dbSecretName
name: &mysqlDbName policyadmin
- rootUser:
- externalSecret: *dbRootPassSecretName
nameOverride: *mariadb-galera
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
serviceAccount:
nameOverride: *mariadb-galera
+restServer:
+ policyPapUserName: policyadmin
+ policyPapUserPassword: zb!XztG34
+ policyApiUserName: policyadmin
+ policyApiUserPassword: zb!XztG34
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
flavor: small
Code Review / policy / docker.git / commitdiff