From 1cb7d82c9771764b43a9121ef4bcd124638e2f2e Mon Sep 17 00:00:00 2001 From: FrancescoFioraEst Date: Thu, 19 Feb 2026 15:37:41 +0000 Subject: [PATCH] Fix GroupAuthorizationException in ACM Issue-ID: POLICY-5547 Change-Id: I2c3fe06ce804a65bb08757c9e20bec2d9b805686 Signed-off-by: FrancescoFioraEst --- .../policy-clamp-ac-a1pms-ppnt/Chart.yaml | 2 +- .../resources/config/application.yaml | 141 ++++++++++++++++++++ .../templates/configmap.yaml | 1 + .../templates/deployment.yaml | 16 ++- .../policy-clamp-ac-a1pms-ppnt/values.yaml | 1 + .../policy-clamp-ac-http-ppnt/Chart.yaml | 2 +- .../resources/config/application.yaml | 132 ++++++++++++++++++ .../templates/configmap.yaml | 1 + .../templates/deployment.yaml | 16 ++- .../policy-clamp-ac-http-ppnt/values.yaml | 1 + .../policy-clamp-ac-kserve-ppnt/Chart.yaml | 2 +- .../resources/config/application.yaml | 146 ++++++++++++++++++++ .../templates/configmap.yaml | 1 + .../templates/deployment.yaml | 16 ++- .../policy-clamp-ac-kserve-ppnt/values.yaml | 1 + .../components/policy-clamp-ac-pf-ppnt/Chart.yaml | 2 +- .../resources/config/application.yaml | 148 +++++++++++++++++++++ .../templates/configmap.yaml | 1 + .../templates/deployment.yaml | 16 ++- .../components/policy-clamp-ac-pf-ppnt/values.yaml | 1 + 20 files changed, 639 insertions(+), 8 deletions(-) create mode 100644 kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/application.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/application.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/application.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/application.yaml diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index cadc26aedf..d64484e423 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp A1PMS Participant name: policy-clamp-ac-a1pms-ppnt -version: 17.0.0 +version: 17.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/application.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/application.yaml new file mode 100644 index 0000000000..a970d6e69f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/application.yaml @@ -0,0 +1,141 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022,2024,2026 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + application: + name: a1pms-ppnt + security: + user: + name: ${HTTP_USER:participantUser} + password: ${HTTP_PASSWORD:zb!XztG34} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration +security: + enable-csrf: false + +a1pms: + baseUrl: ${a1pmsBaseUrl:http://a1policymanagement.onap:8081} + headers: + content-type: application/json + endpoints: + health: /a1-policy/v2/rics + services: /a1-policy/v2/services + service: /a1-policy/v2/services/{service_id} + +participant: + intermediaryParameters: + topics: + operationTopic: policy-acruntime-participant + syncTopic: acm-ppnt-sync + threadPoolSize: 10 + topicValidation: ${TOPIC_VALIDATION:false} + clampAdminTopics: + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + additionalProps: + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + reportingTimeIntervalMs: 120000 + description: Participant A1pms + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 + clampAutomationCompositionTopics: + topicSources: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-a1pms-ppnt} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + - topic: ${participant.intermediaryParameters.topics.syncTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-a1pms-ppnt}-${POD_UID} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + topicSinks: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement + typeVersion: 1.0.1 + +management: + tracing: + propagation: + produce: ${jaegerProducerType:B3} + sampling: + probability: ${jaegerSamplingProbability:1.0} + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + endpoint: + health: + access: unrestricted + show-details: always + probes: + enabled: true + show-components: always + +server: + port: 6969 + ssl: + enabled: false + servlet: + context-path: /onap/policy/clamp/acm/a1pmsparticipant + +tracing: + enabled: ${allowTracing:false} + exporter: + endpoint: ${tracingExporterEndpoint:http://jaeger:4318/v1/traces} + protocol: ${tracingExporterProtocol:http} + sampler: + jaeger-remote: + endpoint: ${tracingSamplerEndpoint:http://jaeger:14250} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml index 6b1ec4c724..4aaef7805d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} data: +{{ tpl (.Files.Glob "resources/config/application.yaml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index 414a57554c..98e35e1506 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -36,6 +36,8 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["java", "-jar", "/app/app.jar"] env: + - name: SPRING_CONFIG_LOCATION + value: /opt/app/policy/clamp/etc/mounted/application.yaml - name: HTTP_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 14 }} - name: HTTP_PASSWORD @@ -48,10 +50,12 @@ spec: value: kafka - name: kafkaServer value: "{{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}" + - name: KAFKA_GROUP_ID + value: {{ (first .Values.kafkaUser.acls).name }} - name: allowAutoCreateTopics value: "false" - name: kafkaSecurityProtocol - vale: SASL_PLAINTEXT + value: SASL_PLAINTEXT - name: kafkaSaslMechanism value: {{ .Values.kafkaUser.authenticationType | upper }} - name: kafkaSaslJaasConfig @@ -59,6 +63,10 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -75,6 +83,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-a1pms-ppnt-config - name: logs mountPath: /var/log/onap - name: empty-dir @@ -91,6 +101,10 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: + - name: ac-a1pms-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index 6b74425abf..e89e2ae72f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -142,6 +142,7 @@ kafkaUser: - name: *componentName type: group operations: [Read] + patternType: prefix - name: *acRuntimeOperationTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index 4d714e5848..5a16890d9e 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Http Participant name: policy-clamp-ac-http-ppnt -version: 17.0.0 +version: 17.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/application.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/application.yaml new file mode 100644 index 0000000000..cc7e7d78ac --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/application.yaml @@ -0,0 +1,132 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2024,2026 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + application: + name: http-ppnt + security: + user: + name: ${HTTP_USER:participantUser} + password: ${HTTP_PASSWORD:zb!XztG34} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + +security: + enable-csrf: false +participant: + intermediaryParameters: + topics: + operationTopic: policy-acruntime-participant + syncTopic: acm-ppnt-sync + threadPoolSize: 10 + topicValidation: ${TOPIC_VALIDATION:false} + clampAdminTopics: + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + additionalProps: + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + reportingTimeIntervalMs: 120000 + description: Participant Http + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01 + clampAutomationCompositionTopics: + topicSources: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-http-ppnt} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + - topic: ${participant.intermediaryParameters.topics.syncTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-http-ppnt}-${POD_UID} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + topicSinks: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement + typeVersion: 1.0.0 + +management: + tracing: + propagation: + produce: ${jaegerProducerType:B3} + sampling: + probability: ${jaegerSamplingProbability:1.0} + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + endpoint: + health: + access: unrestricted + show-details: always + probes: + enabled: true + show-components: always + +server: + port: 6969 + ssl: + enabled: false + servlet: + context-path: /onap/policy/clamp/acm/httpparticipant + +tracing: + enabled: ${allowTracing:false} + exporter: + endpoint: ${tracingExporterEndpoint:http://jaeger:4318/v1/traces} + protocol: ${tracingExporterProtocol:http} + sampler: + jaeger-remote: + endpoint: ${tracingSamplerEndpoint:http://jaeger:14250} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml index 7a96634a46..c45c66b2f0 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} data: +{{ tpl (.Files.Glob "resources/config/application.yaml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 6970ef9f90..83b224bd7c 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -36,6 +36,8 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["java", "-jar", "/app/app.jar"] env: + - name: SPRING_CONFIG_LOCATION + value: /opt/app/policy/clamp/etc/mounted/application.yaml - name: HTTP_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 14 }} - name: HTTP_PASSWORD @@ -46,10 +48,12 @@ spec: value: kafka - name: kafkaServer value: "{{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}" + - name: KAFKA_GROUP_ID + value: {{ (first .Values.kafkaUser.acls).name }} - name: allowAutoCreateTopics value: "false" - name: kafkaSecurityProtocol - vale: SASL_PLAINTEXT + value: SASL_PLAINTEXT - name: kafkaSaslMechanism value: {{ .Values.kafkaUser.authenticationType | upper }} - name: kafkaSaslJaasConfig @@ -57,6 +61,10 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -73,6 +81,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-http-ppnt-config - name: logs mountPath: /var/log/onap - name: empty-dir @@ -89,6 +99,10 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: ac-http-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index f2667a85c4..e16acc7624 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -140,6 +140,7 @@ kafkaUser: - name: *componentName type: group operations: [Read] + patternType: prefix - name: *acRuntimeOperationTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml index 2d9e7773bf..dac2fdf244 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Kserve Participant name: policy-clamp-ac-kserve-ppnt -version: 17.0.0 +version: 17.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/application.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/application.yaml new file mode 100644 index 0000000000..13e9278873 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/application.yaml @@ -0,0 +1,146 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023,2026 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + application: + name: kserve-ppnt + cloud: + kubernetes: + enabled: false + discovery: + enabled: false + security: + user: + name: ${HTTP_USER:participantUser} + password: ${HTTP_PASSWORD:zb!XztG34} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration + - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration + +security: + enable-csrf: false + +participant: + intermediaryParameters: + topics: + operationTopic: policy-acruntime-participant + syncTopic: acm-ppnt-sync + threadPoolSize: 10 + topicValidation: ${TOPIC_VALIDATION:false} + clampAdminTopics: + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + additionalProps: + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + reportingTimeIntervalMs: 120000 + description: Participant Kserve + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04 + clampAutomationCompositionTopics: + topicSources: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-kserve-ppnt} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + - topic: ${participant.intermediaryParameters.topics.syncTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-kserve-ppnt}-${POD_UID} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + topicSinks: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement + typeVersion: 1.0.1 + +customresourcedefinition: + group: serving.kserve.io + version: v1beta1 + plural: inferenceservices + grace-period: 10 + +management: + tracing: + propagation: + produce: ${jaegerProducerType:B3} + sampling: + probability: ${jaegerSamplingProbability:1.0} + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + endpoint: + health: + access: unrestricted + show-details: always + probes: + enabled: true + show-components: always + +server: + port: 6969 + servlet: + context-path: /onap/policy/clamp/acm/kserveparticipant + ssl: + enabled: false + +tracing: + enabled: ${allowTracing:false} + exporter: + endpoint: ${tracingExporterEndpoint:http://jaeger:4318/v1/traces} + protocol: ${tracingExporterProtocol:http} + sampler: + jaeger-remote: + endpoint: ${tracingSamplerEndpoint:http://jaeger:14250} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml index fbf16b6aef..770e7af5a2 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} data: +{{ tpl (.Files.Glob "resources/config/application.yaml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml index a967c34d16..a9e38162e9 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -36,6 +36,8 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["java", "-jar", "/app/app.jar"] env: + - name: SPRING_CONFIG_LOCATION + value: /opt/app/policy/clamp/etc/mounted/application.yaml - name: HTTP_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 14 }} - name: HTTP_PASSWORD @@ -46,10 +48,12 @@ spec: value: kafka - name: kafkaServer value: "{{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}" + - name: KAFKA_GROUP_ID + value: {{ (first .Values.kafkaUser.acls).name }} - name: allowAutoCreateTopics value: "false" - name: kafkaSecurityProtocol - vale: SASL_PLAINTEXT + value: SASL_PLAINTEXT - name: kafkaSaslMechanism value: {{ .Values.kafkaUser.authenticationType | upper }} - name: kafkaSaslJaasConfig @@ -57,6 +61,10 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -73,6 +81,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-kserve-ppnt-config - name: logs mountPath: /var/log/onap - name: empty-dir @@ -89,6 +99,10 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: + - name: ac-kserve-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index 67017a5f77..dc3071e43a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -139,6 +139,7 @@ kafkaUser: - name: *componentName type: group operations: [Read] + patternType: prefix - name: *acRuntimeOperationTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index 87890a4001..20560ce55f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Policy Participant name: policy-clamp-ac-pf-ppnt -version: 17.0.0 +version: 17.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/application.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/application.yaml new file mode 100644 index 0000000000..4b04fd6fc5 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/application.yaml @@ -0,0 +1,148 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2024,2026 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + application: + name: pf-ppnt + security: + user: + name: ${HTTP_USER:participantUser} + password: ${HTTP_PASSWORD:zb!XztG34} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + useHttps: false + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + useHttps: false + allowSelfSignedCerts: true + intermediaryParameters: + topics: + operationTopic: policy-acruntime-participant + syncTopic: acm-ppnt-sync + threadPoolSize: 10 + topicValidation: ${TOPIC_VALIDATION:false} + clampAdminTopics: + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + additionalProps: + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + reportingTimeIntervalMs: 120000 + description: Participant Policy + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c03 + clampAutomationCompositionTopics: + topicSources: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-pf-ppnt} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + - topic: ${participant.intermediaryParameters.topics.syncTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + fetchTimeout: 15000 + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + group.id: ${KAFKA_GROUP_ID:policy-clamp-ac-pf-ppnt}-${POD_UID} + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + topicSinks: + - topic: ${participant.intermediaryParameters.topics.operationTopic} + servers: + - ${kafkaServer:kafka:9092} + topicCommInfrastructure: ${topicCommInfrastructure:NOOP} + useHttps: ${kafkaUseHttps:false} + allowTracing: ${allowTracing:false} + additionalProps: + allow.auto.create.topics: ${allowAutoCreateTopics:true} + security.protocol: ${kafkaSecurityProtocol:PLAINTEXT} + sasl.mechanism: ${kafkaSaslMechanism:GSSAPI} + sasl.jaas.config: ${kafkaSaslJaasConfig:} + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement + typeVersion: 1.0.0 + +management: + tracing: + propagation: + produce: ${jaegerProducerType:B3} + sampling: + probability: ${jaegerSamplingProbability:1.0} + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + endpoint: + health: + access: unrestricted + show-details: always + probes: + enabled: true + show-components: always + +server: + port: 6969 + ssl: + enabled: false + servlet: + context-path: /onap/policy/clamp/acm/policyparticipant + +tracing: + enabled: ${allowTracing:false} + exporter: + endpoint: ${tracingExporterEndpoint:http://jaeger:4318/v1/traces} + protocol: ${tracingExporterProtocol:http} + sampler: + jaeger-remote: + endpoint: ${tracingSamplerEndpoint:http://jaeger:14250} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml index 7a96634a46..c45c66b2f0 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} data: +{{ tpl (.Files.Glob "resources/config/application.yaml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 5243d5d938..f21b2820e3 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -36,6 +36,8 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["java", "-jar", "/app/app.jar"] env: + - name: SPRING_CONFIG_LOCATION + value: /opt/app/policy/clamp/etc/mounted/application.yaml - name: HTTP_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 14 }} - name: HTTP_PASSWORD @@ -54,10 +56,12 @@ spec: value: kafka - name: kafkaServer value: "{{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}" + - name: KAFKA_GROUP_ID + value: {{ (first .Values.kafkaUser.acls).name }} - name: allowAutoCreateTopics value: "false" - name: kafkaSecurityProtocol - vale: SASL_PLAINTEXT + value: SASL_PLAINTEXT - name: kafkaSaslMechanism value: {{ .Values.kafkaUser.authenticationType | upper }} - name: kafkaSaslJaasConfig @@ -65,6 +69,10 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -81,6 +89,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-pf-ppnt-config - name: logs mountPath: /var/log/onap - name: empty-dir @@ -97,6 +107,10 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: ac-pf-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index ad41d020e9..99baa20b98 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -161,6 +161,7 @@ kafkaUser: - name: *componentName type: group operations: [Read] + patternType: prefix - name: *acRuntimeOperationTopic type: topic operations: [Read, Write] -- 2.16.6