#!/bin/bash
# ============LICENSE_START=======================================================
# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
+#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
export HTTP_PARTICIPANT_PORT=30009
export K8S_PARTICIPANT_PORT=30010
export SIM_PARTICIPANT_PORT=30011
+export OPA_PORT=30012
export SIMULATOR_PORT=30904
# Retrieve pod names
export API_POD=$(get_pod_name api)
export DMAAP_POD=$(get_pod_name message-router)
export XACML_POD=$(get_pod_name xacml)
+ export OPA_POD=$(get_pod_name opa-pdp)
export DROOLS_POD=$(get_pod_name drools-pdp)
export DIST_POD=$(get_pod_name distribution)
export ACM_POD=$(get_pod_name acm-runtime)
export DMAAP_SVC=$(get_svc_name message-router)
export DROOLS_SVC=$(get_svc_name drools-pdp)
export XACML_SVC=$(get_svc_name policy-xacml-pdp)
+ export OPA_SVC=$(get_svc_name policy-opa-pdp)
export DIST_SVC=$(get_svc_name policy-distribution)
export ACM_SVC=$(get_svc_name policy-clamp-runtime-acm)
export POLICY_PPNT_SVC=$(get_svc_name policy-clamp-ac-pf-ppnt)
expose_service $PAP_SVC
expose_service $API_SVC
expose_service $XACML_SVC
+ expose_service_opa_pdp $OPA_SVC
expose_service $DROOLS_SVC
expose_service $DIST_SVC
expose_service $ACM_SVC
microk8s kubectl get svc --no-headers -o custom-columns=':metadata.name' | grep $1
}
+function expose_service_opa_pdp() {
+ microk8s kubectl expose service $1 --name $1"-svc" --type NodePort --protocol TCP --port 8282 --target-port 8282
+}
+
function expose_service() {
microk8s kubectl expose service $1 --name $1"-svc" --type NodePort --protocol TCP --port 6969 --target-port 6969
}
patch_port "$DIST_SVC" $DIST_PORT
patch_port "$DROOLS_SVC" $DROOLS_PORT
patch_port "$XACML_SVC" $XACML_PORT
+ patch_port "$OPA_SVC" $OPA_PORT
}
function setup_message_router_svc() {
#
# ============LICENSE_START====================================================
# Copyright (C) 2022-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# =============================================================================
+#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
POLICY_PAP_ROBOT="pap-test.robot pap-slas.robot"
POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot apex-slas.robot"
POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot xacml-pdp-slas.robot"
+POLICY_OPA_PDP_ROBOT="opa-pdp-test.robot"
POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot"
POLICY_DISTRIBUTION_ROBOT="distribution-test.robot"
POLICY_APEX_CONTAINER="policy-apex-pdp"
POLICY_DROOLS_CONTAINER="policy-drools-pdp"
POLICY_XACML_CONTAINER="policy-xacml-pdp"
+POLICY_OPA_CONTAINER="policy-opa-pdp"
POLICY_DISTRIBUTION_CONTAINER="policy-distribution"
POLICY_K8S_PPNT_CONTAINER="policy-clamp-ac-k8s-ppnt"
POLICY_HTTP_PPNT_CONTAINER="policy-clamp-ac-http-ppnt"
export SET_VALUES="--set $POLICY_XACML_CONTAINER.enabled=true"
;;
+ opa-pdp | policy-opa-pdp)
+ export ROBOT_FILE=($POLICY_OPA_PDP_ROBOT)
+ export READINESS_CONTAINERS=($POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,$POLICY_OPA_CONTAINER)
+ export SET_VALUES="--set $POLICY_OPA_CONTAINER.enabled=true"
+ ;;
+
drools-pdp | policy-drools-pdp)
export ROBOT_FILE=($POLICY_DROOLS_PDP_ROBOT)
export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER)
*)
echo "Unknown project supplied. Enabling all policy charts for the deployment"
export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,
- $POLICY_DISTRIBUTION_CONTAINER,$POLICY_DROOLS_CONTAINER,$POLICY_XACML_CONTAINER,
+ $POLICY_DISTRIBUTION_CONTAINER,$POLICY_DROOLS_CONTAINER,$POLICY_XACML_CONTAINER,$POLICY_OPA_CONTAINER,
$POLICY_CLAMP_CONTAINER,$POLICY_PF_PPNT_CONTAINER,$POLICY_K8S_PPNT_CONTAINER,
$POLICY_HTTP_PPNT_CONTAINER,$POLICY_SIM_PPNT_CONTAINER)
export SET_VALUES="--set $POLICY_APEX_CONTAINER.enabled=true --set $POLICY_XACML_CONTAINER.enabled=true
- --set $POLICY_DISTRIBUTION_CONTAINER.enabled=true --set $POLICY_DROOLS_CONTAINER.enabled=true
+ --set $POLICY_OPA_CONTAINER.enabled=true --set $POLICY_DISTRIBUTION_CONTAINER.enabled=true --set $POLICY_DROOLS_CONTAINER.enabled=true
--set $POLICY_CLAMP_CONTAINER.enabled=true --set $POLICY_PF_PPNT_CONTAINER.enabled=true
--set $POLICY_K8S_PPNT_CONTAINER.enabled=true --set $POLICY_HTTP_PPNT_CONTAINER.enabled=true
--set $POLICY_SIM_PPNT_CONTAINER.enabled=true"
# Copyright © 2022-2024 Nordix Foundation
#
+# Modifications Copyright © 2024 Deutsche Telekom
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
apiVersion: v2
description: ONAP Policy
name: policy
-version: 11.0.0
+version: 11.0.1
dependencies:
- name: mariadb-galera
version: ~11.x-0
repository: 'file://components/policy-drools-pdp'
condition: policy-drools-pdp.enabled
+ - name: policy-opa-pdp
+ version: ~11.x-0
+ repository: 'file://components/policy-opa-pdp'
+ condition: policy-opa-pdp.enabled
- name: policy-xacml-pdp
version: ~11.x-0
repository: 'file://components/policy-xacml-pdp'
"prometheus": true
},
"pdpStatusParameters": {
- "pdpGroup": "sampleGroup",
+ "pdpGroup": "defaultGroup",
"timeIntervalMs": 20000,
"pdpType": "apex",
"description": "Pdp Heartbeat",
}
]
}
-}
\ No newline at end of file
+}
--- /dev/null
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+\r
+apiVersion: v2\r
+description: ONAP Policy OPA PDP\r
+name: policy-opa-pdp\r
+version: 11.0.0\r
+\r
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "logging": {
+ "level": "debug"
+ },
+ "services": [
+ {
+ "name": "opa-bundle-server",
+ "url": "http://policy-opa-pdp:8282/opa/bundles"
+ }
+ ],
+ "bundles": {
+ "opabundle": {
+ "service": "opa-bundle-server",
+ "resource": "bundle.tar.gz",
+ "polling": {
+ "min_delay_seconds": 60,
+ "max_delay_seconds": 120
+ }
+ }
+ },
+ "decision_logs": {
+ "console": true
+ }
+}
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: ConfigMap\r
+metadata:\r
+ name: {{ .Chart.Name }}-configmap-policies-data\r
+ namespace: default\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: release\r
+ heritage: Helm\r
+ {{- with .Files.Glob "resources/policies/*" }}\r
+binaryData:\r
+ {{- range $path, $bytes := . }}\r
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}\r
+ {{- end }}\r
+ {{- end }}\r
+---\r
+apiVersion: v1\r
+kind: ConfigMap\r
+metadata:\r
+ name: {{ .Chart.Name }}-configmap-config\r
+ namespace: default\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: release\r
+ heritage: Helm\r
+data:\r
+{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }}\r
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: apps/v1\r
+kind: Deployment\r
+metadata:\r
+ name: {{ .Chart.Name }}\r
+ namespace: default\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: release\r
+ heritage: Helm\r
+spec:\r
+ selector:\r
+ matchLabels:\r
+ app: {{ .Chart.Name }}\r
+ replicas: {{ .Values.replicaCount }}\r
+ template:\r
+ metadata:\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ release: release\r
+ spec:\r
+ initContainers:\r
+ - command:\r
+ - /bin/sh\r
+ args:\r
+ - -c\r
+ - |\r
+ echo "*** set right permissions to the different folders"\r
+ chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /var/log;\r
+ chmod -R 755 /var/log\r
+ chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /opt/;\r
+ chmod -R 755 /opt/*\r
+ tar -xvf /tmp/policies/policy-data.tar.gz -C /opt/\r
+ image: busybox:latest\r
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
+ securityContext:\r
+ runAsUser: 1000\r
+ runAsGroup: 1000\r
+ allowPrivilegeEscalation: false\r
+ readOnlyRootFilesystem: true\r
+ name: {{ .Chart.Name }}-readiness\r
+ volumeMounts:\r
+ - name: logs\r
+ mountPath: /var/log\r
+ - name: tmp-policies-data\r
+ mountPath: /tmp/policies\r
+ - name : opa-policies-data\r
+ mountPath: /opt/\r
+\r
+ containers:\r
+ - name: {{ .Chart.Name }}\r
+ image: {{ .Values.global.image.opapdp }}\r
+ imagePullPolicy: {{ .Values.global.pullPolicy }} \r
+ ports:\r
+ - containerPort: {{ .Values.service.internalPort }}\r
+ # disable liveness probe when breakpoints set in debugger\r
+ # so K8s doesn't restart unresponsive container\r
+ {{- if eq .Values.liveness.enabled true }}\r
+ livenessProbe:\r
+ tcpSocket:\r
+ port: {{ .Values.service.internalPort }}\r
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}\r
+ periodSeconds: {{ .Values.liveness.periodSeconds }}\r
+ {{ end -}}\r
+ readinessProbe:\r
+ httpGet:\r
+ path: {{ .Values.readiness.api }}\r
+ port: {{ .Values.service.internalPort }}\r
+ httpHeaders:\r
+ - name: Authorization\r
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}\r
+ scheme: HTTP\r
+ successThreshold: {{ .Values.readiness.successThreshold }}\r
+ failureThreshold: {{ .Values.readiness.failureThreshold }}\r
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}\r
+ periodSeconds: {{ .Values.readiness.periodSeconds }}\r
+ timeoutSeconds: {{ .Values.readiness.timeout }}\r
+ env:\r
+ - name: UseSASLForKAFKA\r
+ value: "{{ .Values.kafka.useSASL }}" \r
+ - name: BOOSTSTRAP_SERVER\r
+ value: "{{ .Values.kafka.brokers }}"\r
+ - name: KAFKA_USERNAME\r
+ value: "{{ .Values.kafka.username }}"\r
+ - name: KAFKA_PASSWORD\r
+ value: "{{ .Values.kafka.password }}" \r
+ - name: LOG_LEVEL\r
+ value: "{{ .Values.log.loglevel }}"\r
+ - name: GROUPID\r
+ value: "{{ .Values.kafka.groupid }}"\r
+ - name: TOPIC\r
+ value: "{{ .Values.kafka.topic }}"\r
+ volumeMounts:\r
+ - name: opa-policies-data\r
+ mountPath: /opt\r
+ - name: opa-config\r
+ mountPath: /app/config\r
+ - name: opa-bundles\r
+ mountPath: /app/bundles\r
+ - name: logs\r
+ mountPath: /var/log\r
+ resources:\r
+{{ toYaml .Values.resources.small | indent 12 }}\r
+ {{- if .Values.nodeSelector }}\r
+ nodeSelector:\r
+{{ toYaml .Values.nodeSelector | indent 10 }}\r
+ {{- end -}}\r
+ {{- if .Values.affinity }}\r
+ affinity:\r
+{{ toYaml .Values.affinity | indent 10 }}\r
+ {{- end }}\r
+ serviceAccountName: {{ .Chart.Name }}-read\r
+ volumes:\r
+ - name: tmp-policies-data\r
+ configMap:\r
+ name: {{ .Chart.Name }}-configmap-policies-data\r
+ defaultMode: 0755\r
+ - name: opa-policies-data\r
+ persistentVolumeClaim:\r
+ claimName: {{ .Chart.Name }}-policies-data\r
+ - name: opa-config\r
+ configMap:\r
+ name: {{ .Chart.Name }}-configmap-config\r
+ defaultMode: 0755\r
+ - name: opa-bundles\r
+ emptyDir:\r
+ sizeLimit: {{ .Values.dirSizes.bundleDir.sizeLimit }}\r
+ - name: logs\r
+ emptyDir:\r
+ sizeLimit: {{ .Values.dirSizes.bundleDir.sizeLimit }}\r
+\r
+ imagePullSecrets:\r
+ - name: "default-docker-registry-key"\r
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ .Chart.Name }}-policies-data
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: 13.0.1
+ heritage: {{ .Release.Service }}
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 5G
+ storageClassName: microk8s-hostpath
+ volumeMode: Filesystem
+
+
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: rbac.authorization.k8s.io/v1\r
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.\r
+kind: RoleBinding\r
+metadata:\r
+ name: {{ .Chart.Name }}-read\r
+ namespace: default\r
+subjects:\r
+ - kind: ServiceAccount\r
+ name: {{ .Chart.Name }}-read\r
+roleRef:\r
+ kind: Role\r
+ name: read\r
+ apiGroup: rbac.authorization.k8s.io\r
+\r
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+apiVersion: v1\r
+kind: Secret\r
+metadata:\r
+ name: {{ .Chart.Name }}-restserver-creds\r
+ namespace: default\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: release\r
+ heritage: Helm\r
+type: Opaque\r
+stringData:\r
+ login: {{ .Values.restServer.user }}\r
+ password: {{ .Values.restServer.password }}\r
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: ServiceAccount\r
+metadata:\r
+ name: {{ .Chart.Name }}-read\r
+ namespace: default\r
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: v1\r
+kind: Service\r
+metadata:\r
+ name: {{ .Chart.Name }}\r
+ namespace: default\r
+ labels:\r
+ app: {{ .Chart.Name }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: release\r
+ heritage: Helm\r
+spec:\r
+ type: {{ .Values.service.type }}\r
+ ports:\r
+ - port: {{ .Values.service.externalPort }}\r
+ targetPort: {{ .Values.service.internalPort }}\r
+ name: {{ .Values.service.portName }}\r
+ selector:\r
+ app: {{ .Chart.Name }}\r
+ release: release\r
+\r
--- /dev/null
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+\r
+#################################################################\r
+# Global configuration defaults.\r
+#################################################################\r
+global:\r
+ persistence: {}\r
+ image:\r
+ opapdp: nexus3.onap.org:10001/onap/policy-opa-pdp:1.0.5-SNAPSHOT\r
+log:\r
+ loglevel: "debug"\r
+\r
+permissions:\r
+ uid: 100\r
+ gid: 102\r
+\r
+#################################################################\r
+# Secrets metaconfig\r
+#################################################################\r
+secrets:\r
+ - uid: restserver-creds\r
+ type: basicAuth\r
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'\r
+ login: '{{ .Values.restServer.user }}'\r
+ password: '{{ .Values.restServer.password }}'\r
+#################################################################\r
+# Application configuration defaults.\r
+#################################################################\r
+# application image\r
+pullPolicy: Always\r
+\r
+# flag to enable debugging - application support required\r
+debugEnabled: false\r
+\r
+# application configuration\r
+\r
+restServer:\r
+ user: policyadmin\r
+ password: zb!XztG34\r
+\r
+# default number of instances\r
+replicaCount: 1\r
+\r
+nodeSelector: {}\r
+\r
+affinity: {}\r
+\r
+# probe configuration parameters\r
+liveness:\r
+ initialDelaySeconds: 20\r
+ periodSeconds: 10\r
+ # necessary to disable liveness probe when setting breakpoints\r
+ # in debugger so K8s doesn't restart unresponsive container\r
+ enabled: true\r
+\r
+readiness:\r
+ initialDelaySeconds: 10\r
+ periodSeconds: 120\r
+ api: /ready\r
+ successThreshold: 1\r
+ failureThreshold: 3\r
+ timeout: 60\r
+\r
+service:\r
+ type: ClusterIP\r
+ name: policy-opa-pdp\r
+ portName: http\r
+ externalPort: 8282\r
+ internalPort: 8282\r
+\r
+ingress:\r
+ enabled: false\r
+\r
+flavor: small\r
+resources:\r
+ small:\r
+ limits:\r
+ cpu: 1\r
+ memory: 4Gi\r
+ requests:\r
+ cpu: 100m\r
+ memory: 1Gi\r
+ unlimited: {}\r
+\r
+dirSizes:\r
+ bundleDir:\r
+ sizeLimit: 1000Mi\r
+\r
+#Pods Service Account\r
+serviceAccount:\r
+ nameOverride: policy-opa-pdp\r
+ roles:\r
+ - read\r
+kafka:\r
+ groupid: "policy-opa-pdp"\r
+ topic: "policy-pdp-pap"\r
+ useSASL: "false"\r
+ username: ""\r
+ password: ""\r
+ brokers: "kafka.default.svc.cluster.local:9092"\r
+\r
{
"groups": [
+ {
+ "name": "opaGroup",
+ "version": "1.0.0",
+ "description": "The group that registers policy types for opa.",
+ "pdpGroupState": "ACTIVE",
+ "pdpSubgroups": [
+ {
+ "pdpType": "opa",
+ "desiredInstanceCount": 1,
+ "properties": {},
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.native.opa",
+ "version": "1.0.0"
+ }
+ ],
+ "policies": []
+ }
+ ]
+ },
{
"name": "defaultGroup",
"version": "1.0.0",
Code Review / policy / docker.git / commitdiff