APEX_IP=policy-apex-pdp:${DEFAULT_PORT}
POLICY_PDPX_IP=policy-xacml-pdp:${DEFAULT_PORT}
POLICY_DROOLS_IP=policy-drools-pdp:9696
-
+DISTRIBUTION_IP=policy-distribution:6969
DMAAP_IP=message-router:3904
APEX_EVENTS_IP=policy-apex-pdp:23324
PROMETHEUS_IP=prometheus:9090
+DIST_TEMP_FOLDER=/tmp/distribution
+
export ROBOT_VARIABLES=
ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_API_IP:$POLICY_API_IP
-v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP
-v APEX_EVENTS_IP:$APEX_EVENTS_IP -v DMAAP_IP:$DMAAP_IP -v PROMETHEUS_IP:${PROMETHEUS_IP}
--v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP"
+-v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP -v TEMP_FOLDER:${DIST_TEMP_FOLDER}
+-v DISTRIBUTION_IP:$DISTRIBUTION_IP"
echo "Run Robot test"
echo ROBOT_VARIABLES="${ROBOT_VARIABLES}"
POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot"
POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot"
POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot"
+POLICY_DISTRIBUTION_ROBOT="distribution-test.robot"
POLICY_API_CONTAINER="policy-api"
POLICY_PAP_CONTAINER="policy-pap"
POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm"
POLICY_APEX_CONTAINER="policy-apex-pdp"
POLICY_DROOLS_CONTAINER="policy-drools-pdp"
POLICY_XACML_CONTAINER="policy-xacml-pdp"
+POLICY_DISTRIBUTION_CONTAINER="policy-distribution"
+
+DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar
+DIST_TEMP_FOLDER=/tmp/distribution
export PROJECT=""
export ROBOT_FILE=""
echo "Build docker image for robot framework"
cd ${WORKSPACE}/csit/resources || exit;
clone_models
+ if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then
+ copy_csar_file
+ fi
echo "Build robot framework docker image"
docker login -u docker -p docker nexus3.onap.org:10001
docker build . --file Dockerfile \
>tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json
}
+function copy_csar_file () {
+ zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \
+ --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q
+ # Remake temp directory
+ sudo rm -rf "${DIST_TEMP_FOLDER}"
+ sudo mkdir "${DIST_TEMP_FOLDER}"
+ sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar
+ sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar
+}
function get_robot_file () {
case $PROJECT in
export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER)
;;
+ distribution | policy-distribution)
+ export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT)
+ export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,
+ $POLICY_DISTRIBUTION_CONTAINER)
+ ;;
+
*)
echo "unknown project supplied"
;;
version: ~11.x-0
repository: 'file://components/policy-xacml-pdp'
condition: policy-xacml-pdp.enabled
+ - name: policy-distribution
+ version: ~11.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+ - name: policy-clamp-ac-http-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-http-ppnt'
+ condition: policy-clamp-ac-http-ppnt.enabled
## Desired number of cluster nodes
##
-replicaCount: 3
+replicaCount: 1
## updateStrategy for MariaDB Master StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Http Participant
+name: policy-clamp-ac-http-ppnt
+version: 11.0.0
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+{{- if .Values.config.useStrimziKafka }}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+ bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: HttpParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.policy.clamp.acm.HttpParticipant
+ version: 2.3.4
+ clampAutomationCompositionTopics:
+ topicSources:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: false
+ topicSinks:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# - topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8084
+ servlet:
+ context-path: /onap/policy/clamp/acm/httpparticipant
+ ssl:
+ enabled: false
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: release
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-http-ppnt-config
+ - mountPath: /config
+ name: ac-http-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8084
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-http-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-http-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-http-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: release-read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+#Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: "Tokm6*DaheWaro"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
\ No newline at end of file
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: Service\r
+metadata:\r
+ name: {{ .Chart.Name }}\r
+ namespace: default\r
+ labels:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ app.kubernetes.io/instance: release\r
+ app.kubernetes.io/managed-by: Helm\r
+spec:\r
+ ports:\r
+ - port: {{ .Values.service.ports.port }}\r
+ targetPort: {{ .Values.service.ports.port }}\r
+ protocol: TCP\r
+ name: {{ .Values.service.ports.name }}\r
+ ipFamilyPolicy: PreferDualStack\r
+ type: {{ .Values.service.type }}\r
+ selector:\r
+ app.kubernetes.io/name: {{ .Chart.Name }}\r
+ app.kubernetes.io/instance: release\r
+ sessionAffinity: None\r
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-http-ppnt:6.3.1
+pullPolicy: Always
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-http-ppnt
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 8084
+ nodePort: 42
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-http-ppnt
+ roles:
+ - read
+
+config:
+ # Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Distribution
+name: policy-distribution
+version: 11.0.0
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name":"SDCDistributionGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":6969,
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
+ "https": false,
+ "prometheus": true
+ },
+ "receptionHandlerParameters":{
+ "FileReceptionHandler":{
+ "receptionHandlerType":"File",
+ "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandler",
+ "receptionHandlerConfigurationName":"fileConfiguration",
+ "pluginHandlerParameters":{
+ "policyDecoders":{
+ "ApexDecoder":{
+ "decoderType":"ApexDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
+ "decoderConfigurationName": "apexDecoderConfiguration"
+ }
+ },
+ "policyForwarders":{
+ "LifeCycleApiForwarder":{
+ "forwarderType":"LifeCycleAPI",
+ "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
+ "forwarderConfigurationName": "lifecycleApiConfiguration"
+ }
+ }
+ }
+ }
+ },
+ "receptionHandlerConfigurationParameters":{
+ "fileConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandlerConfigurationParameterGroup",
+ "parameters":{
+ "watchPath": "/opt/app/policy/distribution/etc/temp/",
+ "maxThread": 1
+ }
+ }
+ },
+ "policyDecoderConfigurationParameters":{
+ "apexDecoderConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
+ "parameters":{
+ "policyFileName": "apex_policy.json",
+ "policyTypeFileName": "apex_policy_type.json"
+ }
+ }
+ },
+ "policyForwarderConfigurationParameters":{
+ "lifecycleApiConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
+ "parameters":{
+ "apiParameters": {
+ "clientName": "policy-api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": false
+ },
+ "papParameters": {
+ "clientName": "policy-pap",
+ "hostname": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}",
+ "useHttps": false
+ },
+ "deployPolicies": true
+ }
+ }
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ release: release
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: password
+ - name: API_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ key: login
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ key: password
+ - name: PAP_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-papparameters-creds
+ key: login
+ - name: PAP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-papparameters-creds
+ key: password
+ - name: SDCBE_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ key: login
+ - name: SDCBE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ key: password
+ volumeMounts:
+ - mountPath: /config-input
+ name: distributionconfig-input
+ - mountPath: /config
+ name: distributionconfig
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+ args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/distribution/etc/mounted
+ name: distributionconfig
+ - mountPath: /opt/app/policy/distribution/etc/temp
+ name: tmpdir
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: distributionconfig-input
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: distributionconfig
+ emptyDir:
+ medium: Memory
+ - name: tmpdir
+ hostPath:
+ path: /tmp/distribution
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-apiparameters-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.apiParameters.user }}
+ password: {{ .Values.apiParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-papparameters-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.papParameters.user }}
+ password: {{ .Values.papParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-sdcbe-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.sdcBe.user }}
+ password: {{ .Values.sdcBe.user }}
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation . All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ .Chart.Name }}
+ release: release
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-distribution:2.9-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+apiParameters:
+ user: policyadmin
+ password: zb!XztG34
+papParameters:
+ user: policyadmin
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-distribution
+ portName: http
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-distribution
+ roles:
+ - read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-distribution
+ interval: 60s
+ isHttps: false
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-distribution-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ .Chart.Name }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: release
+ heritage: Helm
enabled: true
policy-xacml-pdp:
enabled: true
-
+policy-distribution:
+ enabled: true
+policy-clamp-ac-http-ppnt:
+ enabled: true
#################################################################
# DB configuration defaults.
Code Review / policy / docker.git / commitdiff