From 4a9f7dfda1d5bb8c6f8dce3ff6b86baf08b96eb5 Mon Sep 17 00:00:00 2001 From: Deena Mukundan Date: Fri, 17 Jan 2025 13:18:34 +0100 Subject: [PATCH] Addition of OPA-PDP Helm charts Issue-ID: POLICY-5142 Change-Id: I810c514940048a4a32acc00eabdfa653692cb7b2 Signed-off-by: Deena Mukundan --- kubernetes/policy/Chart.yaml | 6 +- .../policy/components/policy-opa-pdp/Chart.yaml | 33 +++ .../policy-opa-pdp/resources/config/config.json | 43 ++++ .../resources/policies/policy-data.tar.gz | Bin 0 -> 30720 bytes .../templates/authorizationpolicy.yaml | 21 ++ .../policy-opa-pdp/templates/configmap.yaml | 42 ++++ .../policy-opa-pdp/templates/deployment.yaml | 137 +++++++++++ .../policy-opa-pdp/templates/kafkauser.yaml | 20 ++ .../components/policy-opa-pdp/templates/pvc.yaml | 38 ++++ .../policy-opa-pdp/templates/secrets.yaml | 21 ++ .../policy-opa-pdp/templates/service.yaml | 21 ++ .../policy-opa-pdp/templates/serviceMonitor.yaml | 23 ++ .../policy/components/policy-opa-pdp/values.yaml | 253 +++++++++++++++++++++ kubernetes/policy/values.yaml | 4 + 14 files changed, 661 insertions(+), 1 deletion(-) create mode 100755 kubernetes/policy/components/policy-opa-pdp/Chart.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/resources/config/config.json create mode 100644 kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/authorizationpolicy.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/kafkauser.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/secrets.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/service.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/templates/serviceMonitor.yaml create mode 100755 kubernetes/policy/components/policy-opa-pdp/values.yaml diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 2bf703c622..6a2e819718 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 15.0.1 +version: 15.0.2 dependencies: - name: common @@ -53,6 +53,10 @@ dependencies: version: ~15.x-0 repository: 'file://components/policy-drools-pdp' condition: policy-drools-pdp.enabled + - name: policy-opa-pdp + version: ~15.x-0 + repository: 'file://components/policy-opa-pdp' + condition: policy-opa-pdp.enabled - name: policy-distribution version: ~15.x-0 repository: 'file://components/policy-distribution' diff --git a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml new file mode 100755 index 0000000000..6416e5016e --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy OPA PDP (PDP-O) +name: policy-opa-pdp +version: 15.0.0 + +dependencies: + - name: common + version: ~13.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local' + - name: serviceAccount + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json new file mode 100755 index 0000000000..e978b84186 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json @@ -0,0 +1,43 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{ + "logging": { + "level": "debug" + }, + "services": [ + { + "name": "opa-bundle-server", + "url": "http://policy-opa-pdp:8282/opa/bundles" + } + ], + "bundles": { + "opabundle": { + "service": "opa-bundle-server", + "resource": "bundle.tar.gz", + "polling": { + "min_delay_seconds": 60, + "max_delay_seconds": 120 + } + } + }, + "decision_logs": { + "console": true + } +} diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz b/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..fa841c0191c80abdcbab3c937d96e3c5d8d49268 GIT binary patch literal 30720 zcmeHP>u=jQ63^G_uOJj0+Fc}yCHavC+XK?>-eULec8j*(f*@feCRQs;K2feO*X#d& zGo&6g{gCWR-93~>(O7&8hrc0bhQpCVn$xqRem?{FOh%(4_~TAS1NARf;pfO5PKMsl zAA5u0(ZF?wo_|C}{jw#gFL+KfLXH-9izHucAF-)^d(S_0O^EWRcQoj65ukuu$lo7K z#@=K&0r`8rH#GA98VjeEKYnxG^EByvSd{;G2>W{T{vY|ikNaPd|Iqb8{)5gr*+B3c z-~XR10w0^Rgs0gJt^xakT!})gkk$ANKXw#Ct&MWDPpUSeCQbvIM`?ofZ?lN}gC-xS z-Y93YIm>9i$QZWs&dDpi$vk60G>`I%m+5p(7C19hz0P}S;RKWgDlkib*puy#hTEKPQ zjMlJud5zmHFSjqWhB_E3T0he`W_kk+Ex!#~qh_=wj@Pud{I+PFw?}KT*Jd2)V5n&Q zO7HKJCgpY71}?uDF5fwCg3D_M*T8w+7hL0AaJ|c-BuHm8W=%`XYo)(hDf~wLHEOHB zy!N1-@3qDzyFmMGv7{L#KgH2w(@JZl#>UMnZP={zN9|VHURH8H(9U;(c9|?P8cyjP z{^;#AZPv=Sm^6bnYTll$U5jD+mG*qEmG)c*L)B*g1fQ-EF5hcmDxWvQHEv-l+iuM9 zVQ>kb?ArQlZE*HYk&b{o{{=w`(T~1D0HDzKJpaQ{&@<WOugJfr5CF=5$N7KY z`xE{AKN+~@{NIPXb((luwW-|yH#E<)=x&iSZePe_tnK2be1fLwGGUp0VbeGYYIo13 zGgKh<1)kOiLIW2kV%x*d1_F2KU1ha)bcfiG?{DZH&^jcrsXOrS+1LPG+Uw6^|EJjl zO``vZm`e{v0N2ER@!ug_02uwhF0JlM*5%*55kUFx(EkwYbv6AznhZxq|93C#b&7?W zr$G!le|z9}!BOjjrC3q>A}EaJ10%ny{bdyx3?8Yx#F?_e;JT>^}%wxBo+LFgEtT#IMi4h5bh}cY|sGt+*_c zHcr@k)iIF8;VepO^QkCs8x7@Jd${+F)5rDufx9Sn*crv&jxw%%En4lHv*%M0vW%0^wI*t+W)? z;C6q6Io5DsDSm9+jCYjlk#(OjVpuAezfARi@JN9M%Kg9pd`yYL3eo4EMe~<5gw3NS+|L?<{v5|lO z(my&{mA`m;bTamkb~t#0|2G)>BhCLC4F}-=oA*CD6v7r#a~gc04~*dUx2yS`hUxo?X-AJ{ymt0CjCG0^!&fEJ2LveQ#o%VR_TAa z{SPw%L55i#@ctmE`;U+!5?Ul=cdG?bttu^K%3xja*;*rm3SMe*$sJe-k*KUBDqcyo zS#>R1TstCBk-R8Xd)WX?+6rUshbTI38$ecDmNrkMFIkios!f=D zZXeyQ_CNbKyx!PP8o(j?e{Ammw{6)@%h%-p2k3v_6~F(Wod3qIZ|?s)mGd@YrT#Cr z|GNHHU44wT!Kct?G@qh=y%ND=Zp*v1x_-v;X&Pb+`}OZ{-`U~}AkGoeZ5O1r5j!ac z5pn4#+(G;2p9JY`^E2hU5vcaRn(WtcFmQkUKN<{;|G!&s9o24@f44@U!T)#twfnz` z=NkRrk%V`XDfPd){nw4awm8r+QTve?Qnq3U{lIk>Ux^Wk5Dny*gI1Rgz1j`D`j}(H zD0WcY*FHNw$#S)MU9XnPc17lJ-J~dxwN-9(U0)SJ@TOoAbJ>wkB zkIJmw|G>`#n){y;z#jh|lQ)nteTtbTA-NQmo4kUX7ElM|*_)S_uf78dciQl=j-k=J zX~ao!jD+wXWMVQ-XhM((nWc~{L+;azQ1Y7Pn6sP{g>TsF zApzK7f~b8Ftq>>{-=T%bW5)&n5rvdo_>nSfT(YY;EYJ9N$h9aD7fR_p+~P^*optf> zX}aVD{sVFsSpDRC@}m%$CNc1X-oRxbZ~*8>NzO9(fwr6r9?6W(=a9V*PYg=oZY>91 zp~tUpfBy{z1)9G=2gr9m@j)yh)WaiG*945@(8T|YXLv)#+|Kq zoyX)-L@h*0nOKcs3Mf71Q<%F`ySXS>jAn~==oiXvLU!T>NeuGh6E-BUS4!!EIEy4U zRk(FOWsFbO6Tkz0`c8J{Vn>xU9qWmZzo3h9C^;$yvas{3DGNT7oXD19e2}R+;u9I; zk!~)!y`pL14_ig8SZGxpK1qkT99JNLGX*Jw^x(o*rsZJ~#Ho{q3XZ38ML{vg)h*8m zf{fSjJ^5{O2>luM5 z)(I?Yp|Ea6uUoQ&7g)$0D=(+9y%aJMztx7l72<+3QugRLPBp2Lsp^7T6d)lX?pvJO zZLKXpUqRj>svqRO6uz8yu^s?l92y6aO9DyYiV&A6JF$W#QqHZ?Pn2+2>Oes~Jiq~_l@H@VtDKv%9GI-jcSp>g9iaQ~Nxq(i9A)6@*R;LTB}GQaizM zZ$IM4kPZr34f