apiVersion: v2
description: ONAP Policy
name: policy
-version: 14.0.4
+version: 14.0.5
dependencies:
- name: common
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
- condition: global.mariadbGalera.localCluster
+ condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster
- name: policy-nexus
version: ~14.x-0
repository: 'file://components/policy-nexus'
- name: postgres
version: ~13.x-0
repository: '@local'
- condition: global.postgres.localCluster
+ condition: global.postgres.useInPolicy,global.postgres.localCluster
apiVersion: v2
description: ONAP Policy Design API
name: policy-api
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
- /app/ready.py
args:
- --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
+ - {{ include "common.release" . }}-policy-pg-migrator-config
{{ end }}
env:
- name: NAMESPACE
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
# ============LICENSE_START=======================================================
# Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2021-2024 Nordix Foundation
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
name: policy-clamp-runtime-acm
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ url: jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/clampacm
driverClassName: org.mariadb.jdbc.Driver
+ {{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm
+ driverClassName: org.postgresql.Driver
+ {{ end }}
username: ${SQL_USER}
password: ${SQL_PASSWORD}
hikari:
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
properties:
hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ dialect: org.hibernate.dialect.MariaDBDialect
+ {{ else }}
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ {{ end }}
format_sql: true
metrics:
endpoints:
web:
exposure:
- include: health, metrics, prometheus
+ include: health, metrics, prometheus
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{ include "common.containerSecurityContext" . | indent 8 | trim }}
- name: {{ include "common.name" . }}-galera-config-readiness
+ name: {{ include "common.name" . }}-db-config-readiness
resources:
limits:
cpu: "100m"
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: logs
- mountPath: /var/log/onap
- - name: empty-dir
- mountPath: /tmp
- subPath: tmp-dir
- - mountPath: /opt/app/policy/clamp/etc/logback.xml
- subPath: logback.xml
- name: ac-runtime-config-processed
- - mountPath: /opt/app/policy/clamp/etc/mounted
- name: ac-runtime-config-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-runtime-config-processed
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-runtime-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
global:
nodePortPrefixExt: 304
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#Strimzi Kafka properties
kafkaTopics:
acRuntimeTopic:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
# default number of instances
replicaCount: 1
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config'
+ - '{{ include "common.release" . }}-galera-migrator-config'
customNaming:
toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
apiVersion: v2
description: ONAP Drools Policy Engine (PDP-D)
name: policy-drools-pdp
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# JVM options
-JVM_OPTIONS={{.Values.server.jvmOpts}}
+JVM_OPTIONS={{ .Values.server.jvmOpts | quote }}
# SYSTEM software configuration
# Relational (SQL) DB access
-SQL_HOST={{ .Values.db.name }}
-SQL_PORT=3306
-JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+SQL_HOST={{ .Values.db.mariadbName }}
+SQL_PORT={{ .Values.db.mariadbPort }}
+JDBC_URL=jdbc:mariadb://{{ .Values.db.mariadbName }}:{{ .Values.db.mariadbPort }}/
JDBC_OPTS=
+JDBC_DRIVER=org.mariadb.jdbc.Driver
MYSQL_CMD=
+{{ else }}
+SQL_HOST={{ .Values.db.pgName }}
+SQL_PORT={{ .Values.db.pgPort }}
+JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/
+JDBC_OPTS=
+JDBC_DRIVER=org.postgresql.Driver
+MYSQL_CMD=
+{{ end }}
# Liveness
LIVENESS_CONTROLLERS=*
# Open DMaaP
KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+KAFKA_ADDITIONAL_PROPS="{
+ \"group.id\": \"${GROUP_ID}\",
+ \"security.protocol\": \"SASL_PLAINTEXT\",
+ \"sasl.mechanism\": \"${SASL}\",
+ \"sasl.jaas.config\": \"${JAASLOGIN}\"
+ }"
+
DMAAP_HTTPS="false"
+KAFKA_HTTPS="false"
# AAI
# CDS
CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
-CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
\ No newline at end of file
--- /dev/null
+###
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#Database properties
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ else }}
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ end }}
+
+# default property values are commented out
+#distributed.locking.expire.check.seconds=900
+#distributed.locking.retry.seconds=60
+#distributed.locking.max.retries=2
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup}
+lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools}
+
+# Mandatory policy types that this PDP-D must support at a minimum
+lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES}
+
+kafka.source.topics=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics=${envd:POLICY_PDP_PAP_TOPIC}
+
+kafka.source.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.source.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.source.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.source.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.source.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.source.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
+
+kafka.sink.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.sink.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.sink.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.sink.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.sink.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
{{/*
# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada.
+# Modifications Copyright © 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-POOLING_TOPIC=pooling
+POOLING_TOPIC=policy-pdp-pooling
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
cpu: "3m"
memory: "20Mi"
{{- end }}
+ - command:
+ - sh
+ args:
+ - -c
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ {{- if .Values.global.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: drools-config
+ - mountPath: /config
+ name: drools-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ args:
+ - ls /tmp/policy-install;
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
- name: logs
mountPath: /var/log/onap
- name: empty-dir
subPath: tmp-dir
- mountPath: /opt/app/policy/etc/profile.d/base.conf
subPath: base.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/credentials.conf
+ subPath: credentials.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf
+ subPath: feature-pooling-messages.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-lifecycle.properties
+ subPath: feature-lifecycle.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/engine-system.properties
+ subPath: engine-system.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-distributed-locking.properties
+ subPath: feature-distributed-locking.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/logback.xml
+ subPath: logback.xml
name: drools-config
- {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-secret
- subPath: {{ base $path }}
- {{- end }}
- {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-config
- subPath: {{ base $path }}
- {{- end }}
+ - mountPath: /opt/app/policy/config/settings.xml
+ subPath: settings.xml
+ name: drools-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
path: {{ base $path }}
mode: 0755
{{- end }}
+ - name: drools-config-processed
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
- name: drools-secret
secret:
secretName: {{ include "common.fullname" . }}-secret
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
#################################################################
global:
nodePortPrefix: 302
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
# application image
+# The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes
image: onap/policy-pdpd-cl:2.1.3
+
pullPolicy: Always
# flag to enable debugging - application support required
- serviceAccount: strimzi-kafka-read
server:
- jvmOpts: -server -XshowSettings:vm
+ jvmOpts: "-server -XshowSettings:vm"
telemetry:
user: demo@people.osaaf.org
offline: true
db:
- name: policy-mariadb
+ mariadbName: policy-mariadb
+ pgName: policy-pg-primary
+ mariadbPort: 3306
+ pgPort: 5432
user: policy-user
password: policy_user
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
+ - name: a1-p-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: a1-p
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-read
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-write
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_cl_rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: unauthenticated.dcae_cl_output
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_topic
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-cl-mgt
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
apiVersion: v2
description: ONAP Policy Nexus
name: policy-nexus
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
# Modifications Copyright © 2024 Deutsche Telekom
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Application configuration defaults.
apiVersion: v2
description: ONAP Policy Administration (PAP)
name: policy-pap
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
converters:
preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
hikari:
maximumPoolSize: 20
jpa:
- properties:
- hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
hibernate:
ddl-auto: none
naming:
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- properties:
- hibernate:
- dialect: org.hibernate.dialect.PostgreSQLDialect
- format_sql: true
{{ end }}
server:
pap:
name: PapGroup
- aaf: false
topic:
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
password: "${API_PASSWORD}"
useHttps: false
basePath: policy/api/v1/healthcheck
- - clientName: distribution
- hostname: policy-distribution
- port: 6969
- userName: "${DISTRIBUTION_USER}"
- password: "${DISTRIBUTION_PASSWORD}"
- useHttps: false
- basePath: healthcheck
management:
endpoints:
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
-{{ end }} env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{ include "common.containerSecurityContext" . | indent 8 | trim }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - name: logs
- mountPath: /var/log/onap
- - name: empty-dir
- mountPath: /tmp
- subPath: tmp-dir
- - mountPath: /opt/app/policy/pap/etc/logback.xml
- subPath: logback.xml
- name: papconfig-processed
- - name: papconfig-processed
- mountPath: /opt/app/policy/pap/etc/mounted
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pap/etc/logback.xml
+ subPath: logback.xml
+ name: papconfig-processed
+ - name: papconfig-processed
+ mountPath: /opt/app/policy/pap/etc/mounted
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
nodePortPrefixExt: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 14.0.2
+version: 14.0.3
dependencies:
- name: common
{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
#
# Properties that the embedded PDP engine uses to configure and load
#
#
# JPA Properties
#
+{{ if .Values.global.mariadbGalera.useInPolicy }}
eclipselink.target-database=MySQL
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory
+{{ else }}
+eclipselink.target-database=PostgreSQL
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory
+{{ end }}
+jakarta.persistence.jdbc.user=${SQL_USER}
+jakarta.persistence.jdbc.password=${SQL_PASSWORD}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
name: pdpxconfig-processed
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: logs
emptyDir:
sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
#################################################################
global:
persistence: {}
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
restServer:
user: healthcheck
#!/bin/sh
#
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
export PGPASSWORD=${PG_ADMIN_PASSWORD};
-psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'"
for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
- psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
-done
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";"
+done
\ No newline at end of file
#!/bin/sh
{{/*
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
#!/bin/sh
{{/*
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
+
+exit $rc
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# limitations under the License.
*/}}
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- "-c"
path: db.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- key: db-pg.sh
path: db-pg.sh
{{ end }}
-
---
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-galera-config
+ name: {{ include "common.fullname" . }}-galera-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-galera-config
+ name: {{ include "common.name" . }}-galera-migrator-config
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-galera-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-galera-db-migrator
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_policy_init.sh
- - mountPath: /opt/app/policy/etc/db
- name: db-conf
- command:
- - /bin/sh
- - -cx
- - |
+ - name: {{ include "common.name" . }}-galera-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
{{- if include "common.requireSidecarKiller" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "sql"
- resources: {{ include "common.resources" . | nindent 10 }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if (include "common.requireSidecarKiller" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- resources:
- limits:
- cpu: 100m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 10Mi
+ - name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
- - name: db-conf
- emptyDir:
- medium: Memory
- sizeLimit: 64Mi
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-pg-config
+ name: {{ include "common.fullname" . }}-pg-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-pg-config
+ name: {{ include "common.name" . }}-pg-migrator-config
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-pg-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-pg-db-migrator
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_pg_policy_init.sh
- - mountPath: /opt/app/policy/etc/db
- name: db-conf
- command:
- - /bin/sh
- - -cx
- - |
+ - name: {{ include "common.name" . }}-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ command:
+ - /bin/sh
+ - -cx
+ - |
{{- if include "common.requireSidecarKiller" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_pg_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ .Values.postgres.service.name2 }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "postgres"
- - name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources: {{ include "common.resources" . | nindent 10 }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if (include "common.requireSidecarKiller" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- resources:
- limits:
- cpu: 100m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 10Mi
+ - name: policy-service-mesh-wait-for-job-container
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
items:
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
- - name: db-conf
- emptyDir:
- medium: Memory
- sizeLimit: 64Mi
-{{ end }}
+{{ end }}
\ No newline at end of file
nameOverride: *mariadbService
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
+ useInPolicy: true
prometheusEnabled: false
postgres:
localCluster: false
name3: tcp-pgset-replica
container:
name: postgres
+ useInPolicy: false
kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary (
+ ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
#################################################################
dbmigrator:
+ # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later.
image: onap/policy-db-migrator:3.1.3
- schema: policyadmin
+ # These schemas will be required with the new version of db-migrator
+ # schemas: "policyadmin clampacm pooling operationshistory"
+ schemas: "policyadmin"
policy_home: "/opt/app/policy"
subChartsOnly:
serviceAccount:
nameOverride: policy
roles:
- - read
+ - read
\ No newline at end of file
Code Review / oom.git / commitdiff