+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024-2025 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-spring:
- application:
- name: k8s-ppnt
- autoconfigure:
- exclude: >
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
- org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
- security:
- user:
- name: ${RESTSERVER_USER}
- password: ${RESTSERVER_PASSWORD}
-
-security:
- enable-csrf: false
-
-participant:
- localChartDirectory: /home/policy/local-charts
- infoFileName: CHART_INFO.json
- intermediaryParameters:
- topics:
- operationTopic: policy-acruntime-participant
- syncTopic: acm-ppnt-sync
- reportingTimeIntervalMs: 120000
- description: Participant Description
- participantId: 101c62b3-8918-41b9-a747-d21eb79c6c02
- clampAutomationCompositionTopics:
- topicSources:
- -
- topic: ${participant.intermediaryParameters.topics.operationTopic}
- servers:
- - "{{ .Values.global.kafkaServer }}:9092"
- topicCommInfrastructure: kafka
- fetchTimeout: 15000
- useHttps: false
- allowTracing: {{ include "policy-clamp-ac-k8s-ppnt.jaeger-enabled" . }}
- additionalProps:
- group.id: policy-clamp-ac-k8s-ppnt
- -
- topic: ${participant.intermediaryParameters.topics.syncTopic}
- servers:
- - "{{ .Values.global.kafkaServer }}:9092"
- topicCommInfrastructure: kafka
- fetchTimeout: 15000
- useHttps: false
- allowTracing: {{ include "policy-clamp-ac-k8s-ppnt.jaeger-enabled" . }}
- topicSinks:
- -
- topic: ${participant.intermediaryParameters.topics.operationTopic}
- servers:
- - "{{ .Values.global.kafkaServer }}:9092"
- topicCommInfrastructure: kafka
- useHttps: false
- allowTracing: {{ include "policy-clamp-ac-k8s-ppnt.jaeger-enabled" . }}
- participantSupportedElementTypes:
- -
- typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
- typeVersion: 1.0.0
-
-management:
- tracing:
- propagation:
- produce: [{{ .Values.jaeger.producer.type }}]
- sampling:
- probability: {{ .Values.jaeger.sampling.probability }}
- endpoints:
- web:
- base-path: /
- exposure:
- include: health, metrics, prometheus
-
-server:
- # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
- # See springboot documentation.
- port: 8083
- servlet:
- context-path: /onap/k8sparticipant
- ssl:
- enabled: false
-
-
-logging:
- # Configuration of logging
- level:
- ROOT: INFO
- org.springframework: ERROR
- org.springframework.data: ERROR
- org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
- org.onap.policy.clamp.controlloop.participant.kubernetes: INFO
-
- file:
- name: /var/log/onap/policy/clamp/application.log
-
-chart:
- api:
- enabled: false
-
-# Permitted list of helm repositories. Values are updated from values.yaml
-
-
-tracing:
- enabled: {{ .Values.jaeger.enabled }}
- exporter:
- endpoint: "{{ .Values.jaeger.collector.host }}:{{ include "policy-clamp-ac-k8s-ppnt.exporter-port" . }}"
- protocol: {{ .Values.jaeger.collector.protocol }}
- sampler:
- jaeger-remote:
- endpoint: "{{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}"
\ No newline at end of file
+++ /dev/null
-#!/usr/bin/env sh
-#
-# ============LICENSE_START=======================================================
-# Copyright (C) 2024 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-KEYSTORE="${KEYSTORE:-$POLICY_HOME/etc/ssl/policy-keystore}"
-TRUSTSTORE="${TRUSTSTORE:-$POLICY_HOME/etc/ssl/policy-truststore}"
-KEYSTORE_PASSWD="${KEYSTORE_PASSWD:-Pol1cy_0nap}"
-TRUSTSTORE_PASSWD="${TRUSTSTORE_PASSWD:-Pol1cy_0nap}"
-
-if [ "$#" -eq 1 ]; then
- CONFIG_FILE=$1
-fi
-
-if [ -z "$CONFIG_FILE" ]; then
- CONFIG_FILE="${POLICY_HOME}/etc/KubernetesParticipantParameters.yaml"
-fi
-
-echo "Policy clamp Kubernetes participant config file: $CONFIG_FILE"
-
-if [ -f "${POLICY_HOME}/etc/mounted/policy-truststore" ]; then
- echo "overriding policy-truststore"
- cp -f "${POLICY_HOME}"/etc/mounted/policy-truststore "${TRUSTSTORE}"
-fi
-
-if [ -f "${POLICY_HOME}/etc/mounted/policy-keystore" ]; then
- echo "overriding policy-keystore"
- cp -f "${POLICY_HOME}"/etc/mounted/policy-keystore "${KEYSTORE}"
-fi
-
-if [ -f "${POLICY_HOME}/etc/mounted/logback.xml" ]; then
- echo "overriding logback xml file"
- cp -f "${POLICY_HOME}"/etc/mounted/logback.xml "${POLICY_HOME}"/etc/
-fi
-
-$JAVA_HOME/bin/java \
- -Dlogging.config="${POLICY_HOME}/etc/logback.xml" \
- -Dserver.ssl.keyStore="${KEYSTORE}" \
- -Dserver.ssl.keyStorePassword="${KEYSTORE_PASSWD}" \
- -Djavax.net.ssl.trustStore="${TRUSTSTORE}" \
- -Djavax.net.ssl.trustStorePassword="${TRUSTSTORE_PASSWD}" \
- -Dotel.java.global-autoconfigure.enabled=true \
- -jar /app/app.jar \
- --spring.config.location="${CONFIG_FILE}"
+++ /dev/null
-<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2022 Nordix Foundation.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/k8s-participant/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/k8s-participant/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/k8s-participant/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="acm-network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
-</configuration>
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# Copyright (C) 2022,2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ .Chart.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
heritage: Helm
-data:
-{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
-{{- if .Values.repoList }}
-{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }}
-{{ toYaml .Values.repoList | indent 4 }}
-{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
-{{- end }}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022-2024 Nordix Foundation.
+# Copyright (C) 2022-2024,2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{ .Chart.Name }}
spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: RESTSERVER_USER
- valueFrom:
- secretKeyRef:
- name: {{ .Chart.Name }}-restserver-secret
- key: login
-
- - name: RESTSERVER_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Chart.Name }}-restserver-secret
- key: password
-
-
- volumeMounts:
- - mountPath: /config-input
- name: ac-k8s-ppnt-config
- - mountPath: /config
- name: ac-k8s-ppnt-config-processed
- image: docker.io/dibi/envsubst:1
- imagePullPolicy: {{ .Values.pullPolicy }}
- name: {{ .Chart.Name }}-update-config
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.global.repository }}/{{ .Values.global.image.k8sparticipant }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
- command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
- args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+ env:
+ - name: HTTP_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+ - name: HTTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+ - name: SERVER_PORT
+ value: "8083"
+ - name: topicCommInfrastructure
+ value: kafka
+ - name: kafkaServer
+ value: "{{ .Values.global.kafkaServer }}:9092"
+ - name: HELM_REPOS
+ value: {{ .Values.repoList.helm.repos | quote }}
+ - name: HELM_PROTOCOLS
+ value: {{ .Values.repoList.helm.protocols }}
{{- $jaegerEnabled := tpl "policy-clamp-ac-k8s-ppnt.jaeger-enabled" . | trimSuffix "\n" -}}
{{- if $jaegerEnabled }}
- env:
+ - name: allowTracing
+ value: "true"
+ - name: jaegerProducerType
+ value: {{ .Values.jaeger.producer.type | quote }}
+ - name: jaegerSamplingProbability
+ value: {{ .Values.jaeger.sampling.probability | quote }}
+ - name: tracingExporterEndpoint
+ value: {{ .Values.jaeger.collector.host }}:{{ include "policy-clamp-ac-k8s-ppnt.exporter-port" . }}
+ - name: tracingExporterProtocol
+ value: {{ .Values.jaeger.collector.protocol }}
+ - name: tracingSamplerEndpoint
+ value: "{{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}"
- name: OTEL_SERVICE_NAME
value: {{ .Values.applicationName }}
- name: OTEL_EXPORTER_OTLP_PROTOCOL
value: {{ include "policy-clamp-ac-k8s-ppnt.jaeger-protocol" . }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ printf "%s:%s" (.Values.jaeger.collector.host) (include "policy-clamp-ac-k8s-ppnt.exporter-port" .) }}
+ - name: OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED
+ value: "true"
{{- end }}
ports:
- containerPort: 8083
- name: http-api
+ name: k8s-api
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/policy/clamp/etc/mounted
- name: ac-k8s-ppnt-config-processed
- - mountPath: /opt/app/policy/clamp/bin/kubernetes-participant.sh
- name: ac-k8s-ppnt-config
- subPath: kubernetes-participant.sh
resources:
{{ toYaml .Values.resources.small | indent 12 }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: ac-k8s-ppnt-config
- configMap:
- name: {{ .Chart.Name }}-configmap
- defaultMode: 0755
- - name: ac-k8s-ppnt-config-processed
- emptyDir:
- medium: Memory
imagePullSecrets:
- name: default-docker-registry-key"
# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024 Nordix Foundation.
+# Copyright (C) 2022,2024,2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- port: http-api
+ port: k8s-api
readiness:
initialDelaySeconds: 50
periodSeconds: 10
failureThreshold: 10
- port: http-api
+ port: k8s-api
service:
type: NodePort
name: policy-clamp-ac-k8s-ppnt
useNodePortExt: true
ports:
- name: http-api
+ name: k8s-api
port: 8083
nodePort: 30443
# Update the config here for permitting repositories and protocols
repoList:
helm:
- repos:
- -
- repoName: kong
- address: https://charts.konghq.com
- -
- repoName: bitnami
- address: https://charts.bitnami.com/bitnami
-
- -
- repoName: policy-chartmuseum
- address: http://policy-chartmuseum:8080
-
- protocols:
- - http
- - https
+ repos: "[{'repoName':'kong','address':'https://charts.konghq.com'},{'repoName':'bitnami','address':'https://charts.bitnami.com/bitnami'},{'repoName':'policy-chartmuseum','address':'http://policy-chartmuseum:8080'}]"
+ protocols: "http,https"
jaeger:
service:
sampling:
probability: "1.0"
producer:
- type: B3,W3C,B3_MULTI
+ type: "[B3,W3C,B3_MULTI]"
collector:
protocol: grpc
host: "http://jaeger"
portOtlpHttp: 4318
portJaegerGrpc: 14250
-applicationName: k8s-ppnt
\ No newline at end of file
+applicationName: k8s-ppnt
Code Review / policy / docker.git / commitdiff