#
# JPA Properties
#
-eclipselink.target-database=PostgreSQL
jakarta.persistence.jdbc.driver=org.postgresql.Driver
jakarta.persistence.jdbc.url=jdbc:postgresql://postgres:5432/operationshistory
jakarta.persistence.jdbc.user=policy_user
jakarta.persistence.jdbc.password=policy_user
+
-# Copyright © 2022-2024 Nordix Foundation
+# Copyright © 2022-2025 Nordix Foundation
#
# Modifications Copyright © 2024 Deutsche Telekom
#
#
# http://www.apache.org/licenses/LICENSE-2.0
#
+# SPDX-License-Identifier: Apache-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
version: 11.0.1
dependencies:
- - name: mariadb-galera
+ - name: postgres
version: ~11.x-0
- repository: 'file://components/mariadb-galera'
- condition: mariadb-galera.enabled
+ repository: 'file://components/postgres'
+ condition: postgres.enabled
- name: policy-clamp-ac-k8s-ppnt
version: ~11.x-0
repository: 'file://components/policy-clamp-ac-k8s-ppnt'
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Chart for MariaDB Galera cluster
-name: mariadb-galera
-version: 11.0.0
-keywords:
- - mariadb
- - mysql
- - database
- - sql
- - galera
- - cluster
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ if .Values.mariadbConfiguration }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ .Chart.Name }}-configuration
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-data:
- my.cnf: |
-{{ .Values.mariadbConfiguration | indent 4 }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.podDisruptionBudget.create }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
- name: {{ .Chart.Name }}
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-spec:
-{{- if .Values.podDisruptionBudget.minAvailable }}
- minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
-{{- end }}
-{{- if .Values.podDisruptionBudget.maxUnavailable }}
- maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
-{{- end }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ .Chart.Name }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ .Chart.Name }}--0
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
-spec:
- capacity:
- storage: {{ .Values.persistence.size }}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy:
- storageClassName: "mariadb-galera-data"
- hostPath:
- path: /dockerdata-nfs/mariadb-galera/data-0
-
----
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ .Chart.Name }}--1
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
-spec:
- capacity:
- storage: {{ .Values.persistence.size }}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy:
- storageClassName: "mariadb-galera-data"
- hostPath:
- path: /dockerdata-nfs/mariadb-galera/data-1
-
----
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ .Chart.Name }}--2
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
-
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
-spec:
- capacity:
- storage: {{ .Values.persistence.size }}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy:
- storageClassName: "mariadb-galera-data"
- hostPath:
- path: /dockerdata-nfs/mariadb-galera/data-2
-
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ .Chart.Name }}-read
- namespace: default
-subjects:
-- kind: ServiceAccount
- name: {{ .Chart.Name }}-read
-roleRef:
- kind: Role
- name: read
- apiGroup: rbac.authorization.k8s.io
-
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: mariadb-galera-db-backup-credentials
- namespace: default
- labels:
- app: {{ .Chart.Name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- heritage: Helm
-type: Opaque
-stringData:
- login: {{ .Values.galera.mariabackup.user }}
- password: {{ .Values.galera.mariabackup.password }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: mariadb-galera-db-root-password
- namespace: default
- labels:
- app: {{ .Chart.Name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- heritage: Helm
-type: Opaque
-stringData:
- password: {{ .Values.rootUser.password }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: mariadb-galera-db-user-credentials
- namespace: default
- labels:
- app: {{ .Chart.Name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- heritage: Helm
-type: Opaque
-stringData:
- login: {{ .Values.db.user }}
- password: {{ .Values.db.password }}
-
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Chart.Name }}
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-spec:
- ports:
- - port: 3306
- targetPort: tcp-mysql
- protocol: TCP
- name: tcp-mysql
- ipFamilyPolicy: PreferDualStack
- type: ClusterIP
- selector:
- app.kubernetes.io/name: {{ .Chart.Name }}
- sessionAffinity: None
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Chart.Name }}-headless
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-spec:
- clusterIP: None
- ports:
- - port: 4567
- targetPort: tcp-galera
- protocol: TCP
- name: tcp-galera
- - port: 4568
- targetPort: tcp-ist
- protocol: TCP
- name: tcp-ist
- - port: 4444
- targetPort: tcp-sst
- protocol: TCP
- name: tcp-sst
- ipFamilyPolicy: PreferDualStack
- type: ClusterIP
- selector:
- app.kubernetes.io/name: {{ .Chart.Name }}
- sessionAffinity: None
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ .Chart.Name }}
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
-spec:
- podManagementPolicy: {{ .Values.podManagementPolicy }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ .Chart.Name }}
-
- serviceName: {{ .Chart.Name }}-headless
- updateStrategy:
- type: {{ .Values.updateStrategy.type }}
- {{- if (eq "Recreate" .Values.updateStrategy.type) }}
- rollingUpdate: null
- {{- end }}
- template:
- metadata:
- annotations:
- traffic.sidecar.istio.io/excludeInboundPorts: 4444,4567,4568
- traffic.sidecar.istio.io/excludeOutboundPorts: 4444,4567,4568
- traffic.sidecar.istio.io/includeInboundPorts: '*'
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
- name: {{ .Chart.Name }}
-
- spec:
- securityContext:
- runAsUser: 10001
- runAsGroup: 10001
- fsGroup: 10001
- initContainers:
- # we shouldn't need this but for unknown reason, it's fsGroup is not
- # applied
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /bootstrap/
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /tmp/
- {{- if .Values.mariadbConfiguration }}
- cp /config/my.cnf /actual/my.cnf
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /actual
- {{- end }}
- image: docker.io/library/busybox:1.34.1
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: previous-boot
- mountPath: /bootstrap
- - name: mariadb-tmp-folder
- mountPath: /tmp
- - name: {{ .Chart.Name }}
- mountPath: /data
- {{- if .Values.mariadbConfiguration }}
- - name: mariadb-galera-starting-config
- mountPath: /config/my.cnf
- subPath: my.cnf
- - name: mariadb-galera-actual-config
- mountPath: /actual
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- image: {{ .Values.global.dockerRepository }}/{{ .Values.global.image.mariadb }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
- command:
- - bash
- - -ec
- - |
- {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}}
- {{- $fullname := "mariadb-galera" }}
- {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }}
- # Bootstrap from the indicated node
- NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}"
- if [[ "$NODE_ID" -eq "{{ $bootstrapFromNode }}" ]]; then
- export MARIADB_GALERA_CLUSTER_BOOTSTRAP=yes
- export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP={{ ternary "yes" "no" .Values.galera.bootstrap.forceSafeToBootstrap }}
- fi
- {{- end }}
- exec /opt/bitnami/scripts/mariadb-galera/entrypoint.sh /opt/bitnami/scripts/mariadb-galera/run.sh
- env:
- - name: MY_POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.debug | quote }}
- - name: MARIADB_INIT_SLEEP_TIME
- value: {{ .Values.init_sleep_time | quote }}
- - name: MARIADB_GALERA_CLUSTER_NAME
- value: {{ .Values.galera.name | quote }}
- - name: MARIADB_GALERA_CLUSTER_ADDRESS
- value: "gcomm://{{ .Chart.Name }}-headless.default.svc.{{ .Values.global.clusterDomain }}"
- # Bitnami init script don't behave well in dual stack env.
- # set it here as long as https://github.com/bitnami/charts/issues/4077 is not solved.
- - name: MARIADB_GALERA_NODE_ADDRESS
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: MARIADB_ROOT_USER
- value: {{ .Values.rootUser.user | quote }}
- - name: MARIADB_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-root-password
- key: password
- - name: MARIADB_USER
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: login
- - name: MARIADB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: password
- - name: MARIADB_DATABASE
- value: {{ .Values.db.name | quote }}
- - name: MARIADB_GALERA_MARIABACKUP_USER
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-backup-credentials
- key: login
- - name: MARIADB_GALERA_MARIABACKUP_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-backup-credentials
- key: password
- {{- if .Values.extraFlags }}
- - name: MARIADB_EXTRA_FLAGS
- value: {{ .Values.extraFlags | quote }}
- {{- end }}
- ports:
- - containerPort: 3306
- name: tcp-mysql
- - containerPort: 4567
- name: tcp-galera
- - containerPort: 4568
- name: tcp-ist
- - containerPort: 4444
- name: tcp-sst
- {{- if .Values.livenessProbe.enabled }}
- livenessProbe:
- exec:
- command:
- - sh
- - -ec
- - |
- exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
- initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
- successThreshold: {{ .Values.livenessProbe.successThreshold }}
- failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
- {{- end }}
- {{- if .Values.readinessProbe.enabled }}
- readinessProbe:
- exec:
- command:
- - sh
- - -ec
- - |
- exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
- initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
- successThreshold: {{ .Values.readinessProbe.successThreshold }}
- failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
- {{- end }}
- {{- if .Values.startupProbe.enabled }}
- startupProbe:
- exec:
- command:
- - sh
- - -ec
- - |
- exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
- initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.startupProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
- successThreshold: {{ .Values.startupProbe.successThreshold }}
- failureThreshold: {{ .Values.startupProbe.failureThreshold }}
- {{- end }}
- resources:
-{{ toYaml .Values.resources.small | indent 12 }}
- volumeMounts:
- - name: previous-boot
- mountPath: /opt/bitnami/mariadb/.bootstrap
- - name: {{ .Chart.Name }}
- mountPath: /bitnami/mariadb
- - name: mariadb-tmp-folder
- mountPath: /opt/bitnami/mariadb/tmp
- {{- if .Values.mariadbConfiguration }}
- - name: mariadb-galera-actual-config
- mountPath: /opt/bitnami/mariadb/conf
- {{- end }}
- imagePullSecrets:
- - name: default-docker-registry-key
- {{- if .Values.schedulerName }}
- schedulerName: {{ .Values.schedulerName | quote }}
- {{- end }}
- {{- if .Values.priorityClassName }}
- priorityClassName: {{ .Values.priorityClassName }}
- {{- end }}
- serviceAccountName: mariadb-galera-read
- affinity:
- podAffinity: {}
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- namespaces:
- - default
- topologyKey: kubernetes.io/hostname
- weight: 1
- nodeAffinity: {}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end }}
- {{- if .Values.tolerations }}
- tolerations:
-{{ toYaml .Values.tolerations | indent 10 }}
- {{- end }}
- volumes:
- - name: previous-boot
- emptyDir: {}
- - name: mariadb-tmp-folder
- emptyDir: {}
- {{- if .Values.mariadbConfiguration }}
- - name: mariadb-galera-actual-config
- emptyDir: {}
- - name: mariadb-galera-starting-config
- configMap:
- name: {{ .Chart.Name }}-configuration
- {{- end }}
-{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- - name: {{ .Chart.Name }}
- persistentVolumeClaim:
- claimName: {{ .Values.persistence.existingClaim }}
-{{- else if not .Values.persistence.enabled }}
- - name: {{ .Chart.Name }}
- emptyDir: {}
-{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
- volumeClaimTemplates:
- - metadata:
- name: {{ .Chart.Name }}
- namespace: default
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: mariadb-galera-data
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end }}
+++ /dev/null
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence:
- mountPath: /dockerdata-nfs
- backup:
- mountPath: /dockerdata-nfs/backup
- clusterDomain: cluster.local
- metrics: {}
- dockerHubRepository: &dockerHubRepository docker.io
-
-passwordStrengthOverride: basic
-
-## Specify a imagePullPolicy
-## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-##
-pullPolicy: Always
-
-## Set to true if you would like to see extra information on logs
-## It turns BASH debugging in minideb-extras-base
-##
-debug: true
-
-## Sometimes, especially when a lot of pods are created at the same time,
-## actions performed on the databases are tried to be done before actual start.
-init_sleep_time: 5
-
-## String to partially override common.names.fullname template (will maintain the release name)
-##
-nameOverride: mariadb-galera
-
-## Use an alternate scheduler, e.g. "stork".
-## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
-##
-# schedulerName:
-
-## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
-## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
-##
-podManagementPolicy: OrderedReady
-
-
-## Pods Service Account
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
-##
-serviceAccount:
- nameOverride: mariadb-galera
- roles:
- - read
-
-## Pod Security Context
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-##
-securityContext:
- enabled: true
- user_id: 10001
- group_id: 10001
-
-## Database credentials for root (admin) user
-##
-rootUser:
- ## MariaDB admin user
- user: root
- ## MariaDB admin password
- ## Password is ignored if externalSecret is specified.
- ## If not set, password will be "randomly" generated
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
- ##
- password: dOM39tQX
- # externalSecret:
-
-## Custom db configuration
-##
-db:
- ## MariaDB username and password
- ## Password is ignored if externalSecret is specified.
- ## If not set, password will be "randomly" generated
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
- ##
- user: policy-user
- password: policy-user
- # externalSecret:
- ## Database to create
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
- ##
- # name: my_database
-
-## Galera configuration
-##
-galera:
- ## Galera cluster name
- ##
- name: galera
-
- ## Bootstraping options
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
- bootstrap:
- ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
- ##
- bootstrapFromNode: 0
- ## Force safe_to_bootstrap in grastate.date file.
- ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
- forceSafeToBootstrap: true
-
- ## Credentials to perform backups
- ##
- mariabackup:
- ## MariaBackup username and password
- ## Password is ignored if externalSecret is specified.
- ## If not set, password will be "randomly" generated
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
- ##
- user: mariabackup
- password: pt49gEq7
- # externalSecret:
-
-## The backup job will mount the mariadb data pvc in order to run mariabackup.
-## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
-backup:
- enabled: false
- cron: "00 00 * * *"
- retentionPeriod: 3
- persistence:
- ## If true, use a Persistent Volume Claim, If false, use emptyDir
- ##
- enabled: true
- # Enable persistence using an existing PVC
- # existingClaim:
- ## selector can be used to match an existing PersistentVolume
- ## selector:
- ## matchLabels:
- ## app: my-app
- selector: {}
- ## Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- ## Persistent Volume Claim annotations
- ##
- annotations:
- ## Persistent Volume Access Mode
- ##
- accessMode: ReadWriteOnce
- ## Persistent Volume size
- ##
- size: 2Gi
-
-## TLS configuration
-##
-tls:
- ## Enable TLS
- ##
- enabled: false
- ## Name of the secret that contains the certificates
- ##
- # certificatesSecret:
- ## Certificate filename
- ##
- # certFilename:
- ## Certificate Key filename
- ##
- # certKeyFilename:
- ## CA Certificate filename
- ##
- # certCAFilename:
-
-## Configure MariaDB with a custom my.cnf file
-## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
-## Alternatively, you can put your my.cnf under the files/ directory
-##
-mariadbConfiguration: |-
- [client]
- port=3306
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- plugin_dir=/opt/bitnami/mariadb/plugin
-
- [mysqld]
- lower_case_table_names = 1
- default_storage_engine=InnoDB
- basedir=/opt/bitnami/mariadb
- datadir=/bitnami/mariadb/data
- plugin_dir=/opt/bitnami/mariadb/plugin
- tmpdir=/opt/bitnami/mariadb/tmp
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
- bind_address=0.0.0.0
-
- ## Character set
- collation_server=utf8_unicode_ci
- init_connect='SET NAMES utf8'
- character_set_server=utf8
-
- ## MyISAM
- key_buffer_size=32M
- myisam_recover_options=FORCE,BACKUP
-
- ## Safety
- skip_host_cache
- skip_name_resolve
- max_allowed_packet=16M
- max_connect_errors=1000000
- sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
- sysdate_is_now=1
-
- ## Binary Logging
- log_bin=mysql-bin
- expire_logs_days=14
- # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
- sync_binlog=0
- # Required for Galera
- binlog_format=row
-
- ## Caches and Limits
- tmp_table_size=32M
- max_heap_table_size=32M
- # Re-enabling as now works with Maria 10.1.2
- query_cache_type=1
- query_cache_limit=4M
- query_cache_size=256M
- max_connections=500
- thread_cache_size=50
- open_files_limit=65535
- table_definition_cache=4096
- table_open_cache=4096
-
- ## InnoDB
- innodb=FORCE
- innodb_strict_mode=1
- # Mandatory per https://github.com/codership/documentation/issues/25
- innodb_autoinc_lock_mode=2
- # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
- innodb_doublewrite=1
- innodb_flush_method=O_DIRECT
- innodb_log_files_in_group=2
- innodb_log_file_size=128M
- innodb_flush_log_at_trx_commit=1
- innodb_file_per_table=1
- # 80% Memory is default reco.
- # Need to re-evaluate when DB size grows
- innodb_buffer_pool_size=2G
- innodb_file_format=Barracuda
-
- ## Logging
- log_error=/opt/bitnami/mariadb/logs/mysqld.log
- slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
- log_queries_not_using_indexes=1
- slow_query_log=1
-
- ## SSL
- ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
- # ssl_ca=/certs/ca.pem
- # ssl_cert=/certs/server-cert.pem
- # ssl_key=/certs/server-key.pem
-
- [galera]
- wsrep_on=ON
- wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
- wsrep_sst_method=mariabackup
- wsrep_slave_threads=4
- wsrep_cluster_address=gcomm://
- wsrep_cluster_name=galera
- wsrep_sst_auth="root:"
- # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
- innodb_flush_log_at_trx_commit=2
- # MYISAM REPLICATION SUPPORT #
- wsrep_replicate_myisam=ON
- binlog_format=row
- default_storage_engine=InnoDB
- innodb_autoinc_lock_mode=2
- transaction-isolation=READ-COMMITTED
- wsrep_causal_reads=1
- wsrep_sync_wait=7
-
- [mariadb]
- plugin_load_add=auth_pam
-
- ## Data-at-Rest Encryption
- ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
- # plugin_load_add=file_key_management
- # file_key_management_filename=/encryption/keyfile.enc
- # file_key_management_filekey=FILE:/encryption/keyfile.key
- # file_key_management_encryption_algorithm=AES_CTR
- # encrypt_binlog=ON
- # encrypt_tmp_files=ON
-
- ## InnoDB/XtraDB Encryption
- # innodb_encrypt_tables=ON
- # innodb_encrypt_temporary_tables=ON
- # innodb_encrypt_log=ON
- # innodb_encryption_threads=4
- # innodb_encryption_rotate_key_age=1
-
- ## Aria Encryption
- # aria_encrypt_tables=ON
- # encrypt_tmp_disk_tables=ON
-
-## MariaDB additional command line flags
-## Can be used to specify command line flags, for example:
-##
-## extraFlags: "--max-connect-errors=1000 --max_connections=155"
-
-## Desired number of cluster nodes
-##
-replicaCount: 1
-
-## updateStrategy for MariaDB Master StatefulSet
-## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
-##
-updateStrategy:
- type: RollingUpdate
-
-## Additional pod annotations for MariaDB Galera pods
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-## -> here required to enable mariadb-galera in istio
-##
-podAnnotations:
- # sidecar.istio.io/inject: "false"
- traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
- traffic.sidecar.istio.io/includeInboundPorts: '*'
- traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
-
-## Pod affinity preset
-## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
-## Allowed values: soft, hard
-##
-podAffinityPreset: ""
-
-## Pod anti-affinity preset
-## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
-## Allowed values: soft, hard
-##
-podAntiAffinityPreset: soft
-
-## Node affinity preset
-## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
-## Allowed values: soft, hard
-##
-nodeAffinityPreset:
- ## Node affinity type
- ## Allowed values: soft, hard
- type: ""
- ## Node label key to match
- ## E.g.
- ## key: "kubernetes.io/e2e-az-name"
- ##
- key: ""
- ## Node label values to match
- ## E.g.
- ## values:
- ## - e2e-az1
- ## - e2e-az2
- ##
- values: []
-
-## Affinity for pod assignment. Evaluated as a template.
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
-##
-affinity: {}
-
-## Node labels for pod assignment. Evaluated as a template.
-## ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## Tolerations for pod assignment. Evaluated as a template.
-## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-
-## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-##
-persistence:
- ## If true, use a Persistent Volume Claim, If false, use emptyDir
- ##
- enabled: true
- # Enable persistence using an existing PVC
- # existingClaim:
- mountPath: /dockerdata-nfs
- mountSubPath: "mariadb-galera/data"
- ## selector can be used to match an existing PersistentVolume
- ## selector:
- ## matchLabels:
- ## app: my-app
- selector: {}
- ## Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- ## Persistent Volume Claim annotations
- ##
- annotations:
- ## Persistent Volume Access Mode
- ## Use ReadWriteMany if backup is enabled, see backup section.
- ##
- accessMode: ReadWriteOnce
- ## Persistent Volume size
- ##
- size: 3Gi
-
-## Additional pod labels
-##
-# podLabels:
-# extraLabel: extraValue
-
-## Priority Class Name
-#
-# priorityClassName: 'priorityClass'
-
-## MariaDB Galera containers' resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-##
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 2Gi
- unlimited: {}
-
-## MariaDB Galera containers' liveness and readiness probes
-## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-##
-livenessProbe:
- enabled: true
- initialDelaySeconds: 1
- periodSeconds: 10
- timeoutSeconds: 180
- successThreshold: 1
- failureThreshold: 3
-readinessProbe:
- enabled: true
- initialDelaySeconds: 1
- periodSeconds: 10
- timeoutSeconds: 180
- successThreshold: 1
- failureThreshold: 3
-startupProbe:
- ## Initializing the database could take some time
- ##
- enabled: true
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 180
- successThreshold: 1
- # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
- # stating startup wasn't good (910s per default)
- failureThreshold: 90
-
-## Pod disruption budget configuration
-##
-podDisruptionBudget:
- ## Specifies whether a Pod disruption budget should be created
- ##
- create: true
- minAvailable: 1
- # maxUnavailable: 1
-
-## Prometheus exporter configuration
-##
-metrics:
- ## Bitnami MySQL Prometheus exporter image
- ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
- ##
- image: docker.io/bitnami/mysqld-exporter:0.12.1-debian-10-r264
- pullPolicy: Always
- ## MySQL exporter additional command line flags
- ## Can be used to specify command line flags
- ## E.g.:
- ## extraFlags:
- ## - --collect.binlog_size
- ##
- extraFlags: []
- ## MySQL Prometheus exporter containers' resource requests and limits
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
- ##
- resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 0.5
- memory: 256Mi
- ## MariaDB Galera metrics container's liveness and readiness probes
- ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- ##
- livenessProbe:
- enabled: true
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- readinessProbe:
- enabled: true
- initialDelaySeconds: 5
- periodSeconds: 10
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- ## MySQL Prometheus exporter service parameters
- ##
- service:
- type: ClusterIP
- port: 9104
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "9104"
-
- ## Prometheus Operator ServiceMonitor configuration
- ##
- serviceMonitor:
- enabled: false
- ## Namespace in which Prometheus is running
- ##
- # namespace: monitoring
-
- ## Interval at which metrics should be scraped.
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- # interval: 10s
-
- ## Timeout after which the scrape is ended
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- # scrapeTimeout: 10s
-
- ## ServiceMonitor selector labels
- ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
- ##
- # selector:
- # prometheus: kube-prometheus
-
- ## RelabelConfigs to apply to samples before scraping
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
- ## Value is evalued as a template
- ##
- relabelings: []
-
- ## MetricRelabelConfigs to apply to samples before ingestion
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
- ## Value is evalued as a template
- ##
- metricRelabelings: []
- # - sourceLabels:
- # - "__name__"
- # targetLabel: "__name__"
- # action: replace
- # regex: '(.*)'
- # replacement: 'example_prefix_$1'
-
- ## Prometheus Operator PrometheusRule configuration
- ##
- prometheusRules:
- enabled: false
-
- ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
- ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
- selector:
- app: prometheus-operator
- release: prometheus
-
- ## Rules as a map.
- rules: []
- # - alert: MariaDB-Down
- # annotations:
- # message: 'MariaDB instance {{ $labels.instance }} is down'
- # summary: MariaDB instance is down
- # expr: absent(up{job="mariadb-galera"} == 1)
- # labels:
- # severity: warning
- # service: mariadb-galera
- # for: 5m
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023,2025 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
- driverClassName: org.mariadb.jdbc.Driver
+ url: jdbc:postgresql://{{ .Values.db.service.name }}/policyadmin
+ driverClassName: org.postgresql.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
hikari:
database:
name: PolicyProviderParameterGroup
implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
- driver: org.mariadb.jdbc.Driver
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+ driver: org.postgresql.Driver
+ url: jdbc:postgresql://{{ .Values.db.service.name }}/policyadmin
user: "${SQL_USER}"
password: "${SQL_PASSWORD}"
persistenceUnit: PolicyDb
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /app/ready.py
args:
- --job-name
- - policy-galera-config
+ - policy-pg-config
env:
- name: NAMESPACE
valueFrom:
emptyDir:
medium: Memory
imagePullSecrets:
- - name: "default-docker-registry-key"
\ No newline at end of file
+ - name: "default-docker-registry-key"
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023,2025 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user: policy-user
password: policy-user
service:
- name: mariadb-galera
- internalPort: 3306
+ name: postgres-service
+ internalPort: 5432
restServer:
user: policyadmin
# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024 Nordix Foundation.
+# Copyright (C) 2022,2024-2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
- driverClassName: org.mariadb.jdbc.Driver
+ url: jdbc:postgresql://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
+ driverClassName: org.postgresql.Driver
username: ${SQL_USER}
password: ${SQL_PASSWORD}
hikari:
protocol: {{ .Values.jaeger.collector.protocol }}
sampler:
jaeger-remote:
- endpoint: {{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}
\ No newline at end of file
+ endpoint: {{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022-2024 Nordix Foundation.
+# Copyright (C) 2022-2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /app/ready.py
args:
- --job-name
- - policy-galera-init
+ - policy-pg-init
env:
- name: NAMESPACE
valueFrom:
# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024 Nordix Foundation.
+# Copyright (C) 2022,2024-2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user: policy-user
password: policy-user
service:
- name: mariadb-galera
- internalPort: 3306
+ name: postgres-service
+ internalPort: 5432
# default number of instances
replicaCount: 1
portOtlpHttp: 4318
portJaegerGrpc: 14250
-applicationName: acm-r
\ No newline at end of file
+applicationName: acm-r
{{/*
-# Copyright © 2023-2024 Nordix Foundation.
+# Copyright © 2023-2025 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# http://www.apache.org/licenses/LICENSE-2.0
#
+# SPDX-License-Identifier: Apache-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# Relational (SQL) DB access
SQL_HOST={{ .Values.db.name }}
-SQL_PORT=3306
-JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+SQL_PORT=5432
+JDBC_URL=jdbc:postgresql://{{ .Values.db.name }}:5432/
JDBC_OPTS=
MYSQL_CMD=
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /app/ready.py
args:
- --job-name
- - policy-galera-config
+ - policy-pg-config
env:
- name: NAMESPACE
valueFrom:
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023,2025 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
offline: true
db:
- name: mariadb-galera
+ name: postgres-service
user: policy-user
password: policy-user
# ============LICENSE_START=======================================================
-# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
- driverClassName: org.mariadb.jdbc.Driver
+ url: jdbc:postgresql://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ driverClassName: org.postgresql.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
hikari:
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /app/ready.py
args:
- --job-name
- - policy-galera-config
+ - policy-pg-config
env:
- name: NAMESPACE
valueFrom:
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user: policy-user
password: policy-user
service:
- name: mariadb-galera
- internalPort: 3306
+ name: postgres-service
+ internalPort: 5432
restServer:
user: policyadmin
#
# JPA Properties
#
-eclipselink.target-database=MySQL
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
+jakarta.persistence.jdbc.user=${SQL_USER}
+jakarta.persistence.jdbc.password=${SQL_PASSWORD}
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2025 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /app/ready.py
args:
- --job-name
- - policy-galera-config
+ - policy-pg-config
env:
- name: NAMESPACE
valueFrom:
# ============LICENSE_START=======================================================
-# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user: policy-user
password: policy-user
service:
- name: mariadb-galera
- internalPort: 3306
+ name: postgres-service
+ internalPort: 5432
restServer:
user: policyadmin
-{{/*
-# Copyright © 2022 Nordix Foundation
+# Copyright © 2025 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# http://www.apache.org/licenses/LICENSE-2.0
#
+# SPDX-License-Identifier: Apache-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ .Chart.Name }}-read
+apiVersion: v2
+description: Chart for Postgres database
+name: postgres
+version: 11.0.0
--- /dev/null
+{{/*
+ # Copyright © 2025 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-secret
+ labels:
+ app: {{ .Chart.Name }}
+data:
+ POSTGRES_DB: {{ .Values.config.pgDatabase }}
+ POSTGRES_USER: {{ .Values.config.pgUserName }}
+ POSTGRES_PASSWORD: {{ .Values.config.pgUserPassword }}
+
--- /dev/null
+{{/*
+ # Copyright © 2025 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.global.repository }}/{{ .Values.global.image.postgres }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ envFrom:
+ - configMapRef:
+ name: {{ .Chart.Name }}-secret
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgresdata
+ volumes:
+ - name: postgresdata
+ persistentVolumeClaim:
+ claimName: postgres-volume-claim
+
--- /dev/null
+{{/*
+ # Copyright © 2025 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ .Chart.Name }}-volume
+ labels:
+ type: local
+ app: {{ .Chart.Name }}
+spec:
+ storageClassName: manual
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ hostPath:
+ path: {{ .Values.persistence.mountPath }}
+
--- /dev/null
+{{/*
+ # Copyright © 2025 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ .Chart.Name }}-volume-claim
+ labels:
+ app: {{ .Chart.Name }}
+spec:
+ storageClassName: manual
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+
--- /dev/null
+{{/*
+ # Copyright © 2025 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}-service
+ labels:
+ app: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ selector:
+ app: {{ .Chart.Name }}
+
--- /dev/null
+# Copyright © 2025 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+
+pullPolicy: Always
+
+# application configuration
+config:
+ pgUserName: policy-user
+ pgUserPassword: policy-user
+ pgDatabase: userdb
+ pgDataPath: data
+
+nodeSelector: {}
+
+affinity: {}
+
+## Persist data to a persitent volume
+persistence:
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteMany
+ size: 1Gi
+ mountPath: /dockerdata-nfs/postgres/data
+ mountInitPath: postgres
+
+service:
+ type: NodePort
+ name: pgsvc
+ externalPort: 5432
+ internalPort: 5432
+
--- /dev/null
+#!/bin/bash -xv
+# Copyright (C) 2025 Nordix Foundation. All rights reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+export PGPASSWORD=${PG_PASSWORD} # Set the password
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U "${PG_USER}" -d postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_PASSWORD}';"
+
+# Loop through the databases to create and set permissions
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ # Create the database
+ psql -h ${PG_HOST} -p ${PG_PORT} -U "${PG_USER}" -d postgres --command "CREATE DATABASE ${db};"
+
+ # Alter database owner
+ psql -h ${PG_HOST} -p ${PG_PORT} -U "${PG_USER}" -d postgres --command "ALTER DATABASE ${db} OWNER TO \"${PG_USER}\";"
+
+ # Grant all privileges on the database
+ psql -h ${PG_HOST} -p ${PG_PORT} -U "${PG_USER}" -d postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";"
+done
+
+++ /dev/null
-#!/bin/sh
-{{/*
-# ============LICENSE_START====================================================
-# Copyright (C) 2022 Nordix Foundation.
-# =============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
-exit $rc
-#!/bin/bash
-{{/*
-#
+#!/bin/sh
# ============LICENSE_START====================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2025 Nordix Foundation.
# =============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END======================================================
-*/}}
-mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in migration pooling policyadmin policyclamp operationshistory clampacm
-do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
done
-mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
+exit $rc
{{/*
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2025 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# http://www.apache.org/licenses/LICENSE-2.0
#
+# SPDX-License-Identifier: Apache-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
apiVersion: batch/v1
kind: Job
metadata:
- name: policy-galera-init
+ name: policy-pg-init
namespace: default
labels:
- app: policy-galera-init
+ app: policy-pg-init
spec:
template:
metadata:
labels:
- app: policy-galera-init
- name: policy-galera-init
+ app: policy-pg-init
+ name: policy-pg-init
spec:
- imagePullSecrets:
- - name: "default-docker-registry-key"
initContainers:
- - name: policy-mariadb-readiness
+ - name: policy-pg-readiness
image: {{ .Values.global.repository }}/{{ .Values.global.image.readiness }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
- --container-name
- - {{ index .Values "mariadb-galera" "service" "name" }}
+ - postgres
env:
- name: NAMESPACE
valueFrom:
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: policy-galera-config
- image: {{ .Values.global.dockerRepository }}/{{ .Values.mariadb.image }}
+ - name: policy-pg-config
+ image: {{ .Values.global.repository }}/{{ .Values.global.image.postgres}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /dbcmd-config/db.sh
+ - mountPath: /dbcmd-config/db-pg.sh
name: {{ .Chart.Name }}-config
- subPath: db.sh
+ subPath: db-pg.sh
command:
- /bin/sh
- -cx
- |
- /dbcmd-config/db.sh
+ /dbcmd-config/db-pg.sh
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-root-password
- key: password
- optional: false
- - name: MYSQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- - name: MYSQL_USER
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: login
- optional: false
- - name: MYSQL_PORT
- value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ - name: PG_PASSWORD
+ value: {{ .Values.dbConfig.postgres.password }}
+ - name: PG_HOST
+ value: {{ .Values.dbConfig.postgres.service }}
+ - name: PG_USER
+ value: {{ .Values.dbConfig.postgres.user }}
+ - name: PG_PORT
+ value: "{{ .Values.dbConfig.postgres.port }}"
resources:
limits:
cpu: 1
- memory: 4Gi
+ memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
name: {{ .Chart.Name }}-db-configmap
defaultMode: 0755
items:
- - key: db.sh
- path: db.sh
+ - key: db-pg.sh
+ path: db-pg.sh
---
apiVersion: batch/v1
kind: Job
metadata:
- name: policy-galera-config
+ name: policy-pg-config
namespace: default
labels:
- app: policy-galera-config
+ app: policy-pg-config
spec:
template:
metadata:
labels:
- app: policy-galera-config
- name: policy-galera-config
+ app: policy-pg-config
+ name: policy-pg-config
spec:
- imagePullSecrets:
- - name: "default-docker-registry-key"
initContainers:
- name: policy-init-readiness
image: {{ .Values.global.repository }}/{{ .Values.global.image.readiness }}
- /app/ready.py
args:
- --job-name
- - policy-galera-init
+ - policy-pg-init
env:
- name: NAMESPACE
valueFrom:
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: policy-galera-db-migrator-policy
+ - name: policy-pg-db-migrator-policy
image: {{ .Values.global.repository }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ - mountPath: /dbcmd-config/init_pg.sh
name: {{ .Chart.Name }}-policy-config
- subPath: db_migrator_policy_init.sh
+ subPath: init_pg.sh
command:
- /bin/sh
- -cx
- |
- /dbcmd-config/db_migrator_policy_init.sh
+ /dbcmd-config/init_pg.sh
env:
- name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ value: {{ .Values.dbConfig.postgres.service }}
- name: SQL_USER
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: login
- optional: false
+ value: {{ .Values.dbConfig.postgres.user }}
- name: SQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: password
- optional: false
+ value: {{ .Values.dbConfig.postgres.password }}
- name: SQL_DB
value: {{ .Values.dbmigrator.policyadmin.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
- name: SCRIPT_DIRECTORY
- value: "sql"
+ value: "postgres"
+ - name: PGPASSWORD
+ value: {{ .Values.dbConfig.postgres.password }}
resources:
limits:
cpu: 1
name: {{ .Chart.Name }}-db-configmap
defaultMode: 0755
items:
- - key: db_migrator_policy_init.sh
- path: db_migrator_policy_init.sh
+ - key: init_pg.sh
+ path: init_pg.sh
---
apiVersion: batch/v1
kind: Job
metadata:
- name: policy-galera-config-clamp
+ name: policy-pg-config-clamp
namespace: default
labels:
- app: policy-galera-config-clamp
+ app: policy-pg-config-clamp
spec:
template:
metadata:
labels:
- app: policy-galera-config-clamp
- name: policy-galera-config-clamp
+ app: policy-pg-config-clamp
+ name: policy-pg-config-clamp
spec:
- imagePullSecrets:
- - name: "default-docker-registry-key"
initContainers:
- name: policy-init-readiness
image: {{ .Values.global.repository }}/{{ .Values.global.image.readiness }}
- /app/ready.py
args:
- --job-name
- - policy-galera-config
+ - policy-pg-config
env:
- name: NAMESPACE
valueFrom:
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: policy-galera-db-migrator-clamp
+ - name: policy-pg-db-migrator-clamp
image: {{ .Values.global.repository }}/{{ .Values.global.image.dbMigrator }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ - mountPath: /dbcmd-config/init_pg.sh
name: {{ .Chart.Name }}-clamp-config
- subPath: db_migrator_policy_init.sh
+ subPath: init_pg.sh
command:
- /bin/sh
- -cx
- |
- /dbcmd-config/db_migrator_policy_init.sh
+ /dbcmd-config/init_pg.sh
env:
- name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ value: {{ .Values.dbConfig.postgres.service }}
- name: SQL_USER
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: login
- optional: false
+ value: {{ .Values.dbConfig.postgres.user }}
- name: SQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-user-credentials
- key: password
- optional: false
+ value: {{ .Values.dbConfig.postgres.password }}
- name: SQL_DB
value: {{ .Values.dbmigrator.clampacm.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
- name: SCRIPT_DIRECTORY
- value: "sql"
+ value: "postgres"
+ - name: PGPASSWORD
+ value: {{ .Values.dbConfig.postgres.password }}
resources:
limits:
cpu: 1
name: {{ .Chart.Name }}-db-configmap
defaultMode: 0755
items:
- - key: db_migrator_policy_init.sh
- path: db_migrator_policy_init.sh
+ - key: init_pg.sh
+ path: init_pg.sh
-# Copyright © 2022-2024 Nordix Foundation
+# Copyright © 2022-2025 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
+# SPDX-License-Identifier: Apache-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
global:
aafEnabled: false
- mariadb:
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
- config: &mariadbConfig
- mysqlDatabase: policyadmin
- service: &mariadbService
- name: &mariadb-galera mariadb-galera
- internalPort: 3306
prometheusEnabled: false
kafkaServer: kafka
repository: nexus3.onap.org:10001
image:
readiness: onap/oom/readiness:3.0.1
- mariadb: bitnami/mariadb-galera:10.5.8
+ postgres: library/postgres:16.4
api: onap/policy-api:$tag
pap: onap/policy-pap:$tag
apex: onap/policy-apex-pdp:$tag
a1pmsparticipant: onap/policy-clamp-ac-a1pms-ppnt:$tag
dbMigrator: onap/policy-db-migrator:$tag
-policy-mariadb-galera:
+postgres:
enabled: true
policy-models-simulator:
enabled: true
# DB configuration defaults.
#################################################################
-
-mariadb:
- image: mariadb:10.5.8
+dbConfig:
+ postgres:
+ user: "policy-user"
+ service: "postgres-service"
+ port: "5432"
+ password: "policy-user"
dbmigrator:
image: onap/policy-db-migrator:$tag
affinity: {}
-mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
- db:
- user: policy-user
- # password:
- name: &mysqlDbName policyadmin
- nameOverride: *mariadb-galera
- # mariadb-galera.service and global.mariadb.service must be equals
- service: *mariadbService
- #replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: policy/maria/data
- serviceAccount:
- nameOverride: *mariadb-galera
# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
Code Review / policy / docker.git / commitdiff