From 010965911185b9a1ef2008246fabc37f193baf2b Mon Sep 17 00:00:00 2001 From: jhh Date: Wed, 4 Sep 2019 07:47:25 -0500 Subject: [PATCH] refactor drools chart to allow customizations - move some values out of .conf files to values to avoid building the chart when deploying policy (drools). - move credentials to a single secret file, this is precursor work to deal with confidential info in a better way in future releases. - delete unused files. - generify mounting of configmaps/secrets as volumes to avoid explicitly having to modify statefulset.yaml. - update amsterdam controller with latest version in nexus at container instantiation. - update to the latest released drools image. Issue-ID: POLICY-1371 Signed-off-by: jhh Change-Id: I1497b61cd210ac4c00b957c2832de5acd01ea4d2 Signed-off-by: jhh --- .../config/drools/keys/feature-healthcheck.conf | 16 --- .../opt/policy/config/drools/keys/policy-keystore | Bin 5640 -> 0 bytes .../drools/resources/configmaps/amsterdam.pre.sh | 21 ++++ .../policy/config/drools => configmaps}/base.conf | 38 ++------ .../feature-pooling-dmaap.conf | 4 +- .../status.post.sh} | 17 ++-- .../resources/scripts/update-vfw-op-policy.sh | 107 --------------------- .../drools/resources/secrets/credentials.conf | 56 +++++++++++ .../policy/charts/drools/templates/NOTES.txt | 33 ------- .../policy/charts/drools/templates/configmap.yaml | 2 +- .../policy/charts/drools/templates/secrets.yaml | 8 +- .../charts/drools/templates/statefulset.yaml | 30 +++--- kubernetes/policy/charts/drools/values.yaml | 66 ++++++++++++- 13 files changed, 177 insertions(+), 221 deletions(-) delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore create mode 100644 kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh rename kubernetes/policy/charts/drools/resources/{config/opt/policy/config/drools => configmaps}/base.conf (66%) rename kubernetes/policy/charts/drools/resources/{config/opt/policy/config/drools => configmaps}/feature-pooling-dmaap.conf (81%) rename kubernetes/policy/charts/drools/resources/{config/opt/policy/config/drools/policy-management.conf => configmaps/status.post.sh} (50%) delete mode 100644 kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh create mode 100644 kubernetes/policy/charts/drools/resources/secrets/credentials.conf delete mode 100644 kubernetes/policy/charts/drools/templates/NOTES.txt diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf deleted file mode 100644 index 20d8298472..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -HEALTHCHECK_USER=demo@people.osaaf.org -HEALTHCHECK_PASSWORD=demo123456! diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore deleted file mode 100644 index ab25c3a341c08b911449ca8169d4919da8541101..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5640 zcmdUzXIK;4zQ&V~Ktk_b2tD+P6ahu)geG02N()6wC_$K-RR+SK!UZG{Fa&}CjTe1uWuaY^2dGF9B9WNL zZ7MLB0tNy?+tCyNf|SG*O3DB+HU3q=DIsUI(F_3H(G@aEauuwjhpVSA9_xdq2WXEv z$te-~URY0cRee2!Ujr#9$$ectyxg&lSPvXp0gyWyNJ5GJb0G4s%Sa>Qts_;jK6qCr zR|h-1E6x+C?1y*3`MBZ((L#X0pZAFXGqe6RPYFl-RjdQf!%G6^;|y@IP@!ef=;Lz7 z(P-)8G8QaU$B#T6o4GLunOL7jU|hqJ8=(?8?z;7v_Y2dK^aS5reumbRgvz#@9~ZVT z<#00jXc2ez4$BjE!R;KETm8aGHjTKJdDUSj`^y%sQ;s8>v{nW9eo%(1p9Jz%3%vYQotAp4 z1l3**2y+M3)5~5oaCY{=;+d=-Re7+y2&E?Aa}?;zdwYdUpLFOz%F1TaSrWSY6YK6w z$rHM=z06jGP~5{0IcN^jYYE8q62toEb(6kz!0FOA6ROsfPxcINfoV?i%$$ICP+x&A z)!6P9Ipe|r#h3@MH+T6!SsB2^a(}Rsoa%8scU<#sCI?hr$37 z;t8NW>YzF5fD%Q36gYNNQ$v}dj5i%&N{XxI>C`6rGRh<8w6>2|QU1Qlh{8ZzWnhq= z(j8JSw5e9G@lv_TM2Gq!S$65rB_k(5v)_s{>r=hI2S~yS-H{O!)N32fu3! z6@gR$n&jb^DgkN}H*!d}YzwWI>~x6w#2))Si%7KugWg*+SAc$H8WjtZDY9Cp;@OdVt}4eDkv)xJ5&1{san zY+znAmVeaVL2-}lqrtuk@4UhdoqnqqZ8C7s?vNM50X-5_tS|`KJt?}D*hMQrQj$Pt zH|njOyBd(#2EHfwHdDU4Q1t7|hOWk$8uIJ5u{#TyHp-e}!K6c+x;o~^>^5n3?)4Z$ zSzknYJaB@GwMWv{#g0mCXxy4jd`po~zCmrN;5GosSKW0@6&jl@kz4E%=t=6@RxVjL zv_3a`b0@QY=^a!DSDkZB;eBP`)Y_Kv0SWP$Xn(E2C9vI{G5|p%JCfS*@Zxp#X|)44 zW`f=%sxNi<-U+l+Q{hW08~O~A3wGT~!p{)P2@9HvSC%Zv*PYG6w;UyZcnsVZ>vIX~ z^M}hAeB$`iWnh&+7_1ZsBZ>dzGB@ispOqsrT>i0`{_9ov?=B;IBUb?vT?GsVwd~v$9aMSk zX#0GZms&d5{9R&|g4i+Kwcbqk@~6Xm5hdG&1za_s)x;8vMT23RlCE>+><(6DNx3}aO%sl0eYM{yaKAC`(DBK%0#by!r zuGD>7#Pbz1NArb)e3J3P3h}vf!-QwgX~(O==@_C|bZmQ^mC{S5gwu;Ah8D-a_;bcQ zFco#Kih(P!_NIGeWL=D&}_b>)4Qi zE$>vzR~K^bA5iLl(izFP-YGc1wL9EnYde{8-VN?xp&&K}XMKM-oI%q>Vh#!hc_h28P{K5ys; zDl>Z5Bx;3)vqo)9XpK*5EZH6%$t70e->$}snUW6nU9o!h@Pp^_2z^bau~~k2rL2<8 zn8eu)(W;gaQ98O$tpSVjD5m1&25Q4fJAP-50L+Wx$%-?Ht*5S9LQYw$tq-ZuzJk#Y z7+$anvUu$0YHvRsU4Qv}nLOsyNuKqTN6qUCh(>P2Lx&+UM`y9AV%p)@fr(UutGP`B zYV#3yKUbHfFclmOuhQI&PmtNv_y!kEhOKT43J>j*<%F>7(4|Dfxy0K*2BIUf)~&-G zC2Q+rUQ-iKO?lfWq~$y&Xvu8j8kudmn?}ngyF#Etu6O*yK=g%70hPdL{7%o__oxfSrzy*69&CB+( z%p+{>u}mAZZT9e-(dx)&>s{WOjHZ`FB?p5@y>RZX4uLZ+fr)|t$mC9bKy5S;uj1C))akWNX|N#`K>Sp{T;9 zCN$uUsQ#FrSO0)QNDni+Fo(AL{G#$f&y3a3wYX+}IA(oXf1~cp{&KfcHpVbLJilVb z%-yb~U#>B~GCg$L385AKL~qpx)xT2a%@@>tf@i^=qAp@6283w+*7<#ASNQGP6w~OW zQLV2QOVrD?3jB*f#>oD?C5i2{#oarC<2ttA3J-^JdAgJCceSV~a(7=(*gj}JXAz_s zS}=EYM}DAkrzWq{z)DV^5DrK5iQkK>e|%qs1P!w$L`iSY=$9N)1tfl}wNkLUL~xdM z&LeNtwh~mjyU=~BLKai(&O7LB{{3zM1wWxTcKXti+1p@g$8@y>1bxY($@x*?7t!xy zlqhI2>W&gY+WyeN~r{HRYL=hGva&%Oy>a5fBKr75TK`vm)ST614N z#ph^V>rM`)Ya0)r+@gvYxK;U}qHnqfH_4oPTsi2L8~3ZPDMm6w1fRo!NP-ZzajVAE zC7(7IX)U!3`7}||C|FNtL7=L!X8cW-_w9@I@YiNc_jMaVy-f~Z8AiguZTaD3p_EJg zo`FVjhMk*F&*&-J_-8~ad>p?}F>#*0nz(l^F3vq-f68hB9u#a=TQKMnP3M)lG?`de5Ye8OQ>Gyza4K@(q+udS=RJAmD@Ck+9gWRwk=MMM60_5|OKaLy zB-z9VR6d4!wPrnmD|p5g!csp(dx#e$ixqtE&ZP_`i^+JfHf}Wdk&k&wXwI+?x!k=Y zLs8%V5roH|Nr{jZn(p6a_TgL-ml3|M`Tkui7v^mKGn+AK5SNF2 zXXXvdQ&c%OoScSCYzf0t-~jF&^#n2?XdR6;gw=0yLCU5b%&REA+-72Hre}scM9h~K z08U@Z0aOq327lrq5S-EW+`cm(N9*B zuj-CH$yh4Prj%zgs-u3@z`du;xm7ryyUdBK?|+zV~CcYd2T)=LdDk>pji6gk#C@rTWL zGYiX)mFr1=I0yqa?~jEz1omZ2Zf7bjQ?P!qB&A`Aphf8{QltpwHkM?1m#H2$#?|qu zV+})CE#j-kfnLU*aDMx>S)BE&1>pvU{cRZP#1CEkm6||PiE@}oSxlLmOMncs6C)XzEME;wJj(!ZNXB-ejWw2xh?=rgn~b03$~SyfxqRcGcc zs=r(F6=U{riF83n__;0tV{_wO?(l`a9woX&h1BDk>{Mu@Dv@%h@Wx8F-KQZWJkPq~ zbC*XLBn9h)O55M|d13ImhmB85FSeJk%*z8^)aC0vo-e4*Bmk&=}wH)|tkftM%v zR8S-(eYMR!JB-DHdMSeyc(djiUOlrrH!m2E8cMSS)s84mzrK`KYT0jrFZMm8bB){e z?-&e0r!mTr`I*NU^W-sS_H_v;ENZ_{3jY|xsAf-QVsG_seZKxeVRt3xkiyrH zGj+j?%4TvMTfvz&n(r@fQl4G9VnxZ6>$K7#E`awidMz*-ZjIa5S|`{Ekm%l5YynFO zn_80uOvKO#4Cndm-BtUd^>zVr8L_+Q6F65Fvp;l>sl1-}BtI22O0wAdV)yA@Sp1MtPD`8jQhQCNHZA9hJZCCS|%dAr7GPtHN Ndyz?PjfO_D{{gyx " - exit 1 -fi - -K8S_HOST=$1 -POLICY_PDP_PORT=$2 -POLICY_DROOLS_PORT=$3 -RESOURCE_ID=$4 - -echo -echo -echo "Removing the vFW Policy from PDP.." -echo -echo - -curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyComponent" : "PDP", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy - -sleep 20 - -echo - -echo -echo "Updating vFW Operational Policy .." -echo - -curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller": "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy - -sleep 5 - -echo -echo -echo "Pushing the vFW Policy .." -echo -echo - -curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy - -sleep 20 - -echo -echo -echo "Restarting PDP-D .." -echo -echo - -POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools) -kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" - -sleep 20 - -echo -echo -echo "PDP-D amsterdam maven coordinates .." -echo -echo - -curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool - - -echo -echo -echo "PDP-D control loop updated .." -echo -echo - -curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf new file mode 100644 index 0000000000..36d3c3b376 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -0,0 +1,56 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +KEYSTORE_PASSWD={{.Values.keystore.password}} +TRUSTSTORE_PASSWD={{.Values.truststore.password}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +SQL_USER={{.Values.db.user}} +SQL_PASSWORD={{.Values.db.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} diff --git a/kubernetes/policy/charts/drools/templates/NOTES.txt b/kubernetes/policy/charts/drools/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/drools/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/charts/drools/templates/configmap.yaml index 1f9503130c..7daf473db2 100644 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/charts/drools/templates/configmap.yaml @@ -19,4 +19,4 @@ metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index e21084fe5d..31ba543c0e 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }} type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index beacbabd06..bb21ae14aa 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -78,15 +78,16 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-secret - subPath: feature-healthcheck.conf - - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf - name: drools-config - subPath: feature-pooling-dmaap.conf - - mountPath: /tmp/policy-install/config/base.conf + subPath: {{ base $path }} + {{- end }} + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-config - subPath: base.conf + subPath: {{ base $path }} + {{- end }} - mountPath: /var/log/onap name: policy-logs resources: @@ -125,18 +126,19 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap items: - - key: base.conf - path: base.conf - mode: 0755 - - key: feature-pooling-dmaap.conf - path: feature-pooling-dmaap.conf + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0755 + {{- end }} - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret items: - - key: feature-healthcheck.conf - path: feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0644 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 21f9169462..74e0fe8e1c 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -23,21 +23,18 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.1 +image: onap/policy-pdpd-cl:1.5.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - nexusPort: 8081 - # default number of instances replicaCount: 1 @@ -71,6 +68,65 @@ service: ingress: enabled: false +# Default installation values to be overridden + +server: + jvmOpts: -server -Xms1024m -Xmx2048m + +aaf: + enabled: "true" + +keystore: + password: Pol1cy_0nap + +truststore: + password: Pol1cy_0nap + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + nexus: admin + password: admin123 + port: 8081 + +db: + user: policy_user + password: policy_user + +pap: + user: healthcheck + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) -- 2.16.6