From: Andreas Geissler Date: Fri, 5 May 2023 08:40:13 +0000 (+0000) Subject: Merge "[POLICY] Update docker images to latest versions" X-Git-Tag: 12.0.0~37 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=797229eebacfb1ec6b8c8b5cfae4a825d8450050;hp=-c;p=oom.git Merge "[POLICY] Update docker images to latest versions" --- 797229eebacfb1ec6b8c8b5cfae4a825d8450050 diff --combined kubernetes/policy/components/policy-apex-pdp/values.yaml index cef846cb0e,46eaca22e1..1ae79801ae --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@@ -25,6 -25,7 +25,7 @@@ global: nodePortPrefix: 302 persistence: {} + useStrimziKafkaPf: set-via-parent-chart-global-value ################################################################# # Secrets metaconfig @@@ -47,7 -48,7 +48,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-apex-pdp:2.9.1 + image: onap/policy-apex-pdp:2.9.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -89,11 -90,6 +90,11 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) flavor: small @@@ -144,11 -140,11 +145,11 @@@ metrics # application configuration config: # Event consumption (kafka) properties - useStrimziKafka: true + useStrimziKafkaPf: true kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: - groupId: policy-group + groupId: policy-apex app: listener: policyPdpPapTopic: policy-pdp-pap @@@ -163,3 -159,21 +164,21 @@@ # # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. + kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-apex + type: group + operations: [Create, Describe, Read, Write] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-heartbeat + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + + readinessCheck: + wait_for: + - message-router diff --combined kubernetes/policy/components/policy-api/values.yaml index 344994cc08,ab8c31ff20..3b64507880 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@@ -24,6 -24,8 +24,8 @@@ global: nodePortPrefix: 304 persistence: {} + postgres: + localCluster: false ################################################################# # Secrets metaconfig @@@ -46,7 -48,7 +48,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-api:2.8.1 + image: onap/policy-api:2.8.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -58,7 -60,9 +60,9 @@@ db password: policy_user service: name: policy-mariadb + pgName: policy-pg-primary internalPort: 3306 + internalPgPort: 5432 restServer: user: policyadmin @@@ -95,22 -99,18 +99,22 @@@ service - name: http port: 6969 - ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: policy-pap-read + flavor: small resources: small: limits: cpu: 1 - memory: 4Gi + memory: 6Gi requests: - cpu: 100m + cpu: 150m memory: 1Gi large: limits: diff --combined kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index f1d94f0fbe,47b0955f01..0c9fe5201a --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@@ -42,7 -42,7 +42,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1 + image: onap/policy-clamp-ac-a1pms-ppnt:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-a1pms-ppnt @@@ -74,11 -74,6 +74,11 @@@ affinity: { ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --combined kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index df8896f9f3,808c60ef86..9f043ba930 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@@ -42,7 -42,7 +42,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-ac-http-ppnt:6.4.1 + image: onap/policy-clamp-ac-http-ppnt:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-http-ppnt @@@ -64,11 -64,6 +64,11 @@@ affinity: { ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --combined kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 6e4a72cf36,99f6206b20..3d0754c656 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@@ -43,7 -43,7 +43,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-ac-k8s-ppnt:6.4.1 + image: onap/policy-clamp-ac-k8s-ppnt:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-k8s-ppnt @@@ -86,11 -86,6 +86,11 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + flavor: small resources: small: diff --combined kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index 3e6164ae0d,28718505df..13e9472238 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@@ -42,7 -42,7 +42,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-ac-kserve-ppnt:6.4.1 + image: onap/policy-clamp-ac-kserve-ppnt:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-kserve-ppnt @@@ -64,11 -64,6 +64,11 @@@ affinity: { ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --combined kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index abbfb7a25e,c2c43c7313..708bd7dad4 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@@ -54,7 -54,7 +54,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-ac-pf-ppnt:6.4.1 + image: onap/policy-clamp-ac-pf-ppnt:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-pf-ppnt @@@ -84,11 -84,6 +84,11 @@@ affinity: { ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --combined kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index cb73314f1d,fef8598ef7..4ec221369b --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@@ -49,7 -49,7 +49,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-clamp-runtime-acm:6.4.1 + image: onap/policy-clamp-runtime-acm:6.4.2 pullPolicy: Always componentName: &componentName policy-clamp-runtime-acm @@@ -119,28 -119,22 +119,28 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + - serviceAccount: policy-gui-read + flavor: small resources: small: limits: cpu: 1 - memory: 4Gi + memory: 6Gi requests: - cpu: 100m - memory: 1Gi + cpu: 200m + memory: 2Gi large: limits: cpu: 2 memory: 8Gi requests: - cpu: 200m - memory: 2Gi + cpu: 400m + memory: 4Gi unlimited: {} #Pods Service Account @@@ -155,4 -149,4 +155,4 @@@ readinessCheck wait_for_job_container: containers: - - '{{ include "common.release" . }}-policy-galera-config' + - '{{ include "common.release" . }}-policy-galera-config' diff --combined kubernetes/policy/components/policy-distribution/values.yaml index d93074bbe6,e367dd0e15..3c71e78072 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@@ -58,7 -58,7 +58,7 @@@ global # Application configuration defaults. ################################################################# # application image - image: onap/policy-distribution:2.9.1 + image: onap/policy-distribution:2.9.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -118,11 -118,6 +118,11 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: policy-pap-read + flavor: small resources: small: diff --combined kubernetes/policy/components/policy-drools-pdp/values.yaml index b30baec959,6b6c576e6a..ddc81b6980 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@@ -41,7 -41,7 +41,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-pdpd-cl:1.12.1 + image: onap/policy-pdpd-cl:1.12.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -80,11 -80,6 +80,11 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + server: jvmOpts: -server -XshowSettings:vm diff --combined kubernetes/policy/components/policy-gui/values.yaml index a6ddd205d9,330161e316..975f103ef9 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@@ -29,7 -29,7 +29,7 @@@ subChartsOnly flavor: small # application image - image: onap/policy-gui:2.4.1 + image: onap/policy-gui:2.4.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -89,13 -89,7 +89,13 @@@ ingress config: ssl: "redirect" -#resources: {} +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: istio-ingress + namespace: istio-ingress + + #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following diff --combined kubernetes/policy/components/policy-pap/values.yaml index a190fb0cdd,6674effd62..a3bdba9b88 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@@ -25,6 -25,9 +25,9 @@@ global: nodePortPrefixExt: 304 persistence: {} + useStrimziKafkaPf: set-via-parent-chart-global-value + postgres: + localCluster: false ################################################################# # Secrets metaconfig @@@ -66,7 -69,7 +69,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-pap:2.8.1 + image: onap/policy-pap:2.8.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -79,7 -82,9 +82,9 @@@ db password: policy_user service: name: policy-mariadb + pgName: policy-pg-primary internalPort: 3306 + internalPgPort: 5432 restServer: user: policyadmin @@@ -124,32 -129,29 +129,35 @@@ service ports: - name: http-api port: 6969 + - name: debug-port + port: 5005 + protocol: TCP ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + - serviceAccount: portal-app-read + flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 2 + memory: 6Gi requests: - cpu: 100m - memory: 1Gi + cpu: 200m + memory: 2Gi large: limits: - cpu: 2 + cpu: 4 memory: 8Gi requests: - cpu: 200m - memory: 2Gi + cpu: 400m + memory: 4Gi unlimited: {} #Pods Service Account @@@ -177,14 -179,24 +185,24 @@@ metrics # application configuration config: # Event consumption (kafka) properties - useStrimziKafka: true + useStrimziKafkaPf: true kafkaBootstrap: strimzi-kafka-bootstrap kafka: + topics: + policyHeartbeat: policy-heartbeat + policyNotification: policy-notification + policyPdpPap: policy-pdp-pap consumer: - groupId: policy-group + groupId: policy-pap app: listener: policyPdpPapTopic: policy-pdp-pap + + dmaap: + topics: + policyHeartbeat: POLICY-HEARTBEAT + policyNotification: POLICY-NOTIFICATION + policyPdpPap: POLICY-PDP-PAP # If targeting a custom kafka cluster, ie useStrimziKakfa: false # uncomment below config and target your kafka bootstrap servers, # along with any other security config. @@@ -196,3 -208,25 +214,25 @@@ # # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. + kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-pap + type: group + operations: [Create, Describe, Read, Write] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-heartbeat + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-notification + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + + readinessCheck: + wait_for: + - message-router diff --combined kubernetes/policy/components/policy-xacml-pdp/values.yaml index 222da883cb,e589c4b315..f20ad9ae41 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@@ -49,7 -49,7 +49,7 @@@ secrets # Application configuration defaults. ################################################################# # application image - image: onap/policy-xacml-pdp:2.8.1 + image: onap/policy-xacml-pdp:2.8.2 pullPolicy: Always # flag to enable debugging - application support required @@@ -102,47 -102,22 +102,47 @@@ service ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: dcae-datafile-collector-read + - serviceAccount: dcae-datalake-admin-ui-read + - serviceAccount: dcae-datalake-des-read + - serviceAccount: dcae-datalake-feeder-read + - serviceAccount: dcae-heartbeat-read + - serviceAccount: dcae-hv-ves-collector-read + - serviceAccount: dcae-kpi-ms-read + - serviceAccount: dcae-pm-mapper-read + - serviceAccount: dcae-pmsh-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-restconf-collector-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-snmptrap-collector-read + - serviceAccount: dcae-son-handler-read + - serviceAccount: dcae-tcagen2-read + - serviceAccount: dcae-ves-collector-read + - serviceAccount: dcae-ves-mapper-read + - serviceAccount: dcae-ves-openapi-manager-read + - serviceAccount: message-router-read + - serviceAccount: oof-read + - serviceAccount: sdnc-read + flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 2 + memory: 6Gi requests: - cpu: 100m - memory: 1Gi + cpu: 200m + memory: 2Gi large: limits: cpu: 2 memory: 8Gi requests: cpu: 200m - memory: 2Gi + memory: 4Gi unlimited: {} #Pods Service Account