From ef52ca58b1537289846ae69522dc1495ae987bcf Mon Sep 17 00:00:00 2001 From: rameshiyer27 Date: Wed, 11 Jan 2023 17:02:00 +0000 Subject: [PATCH] Add CSIT helm charts for policy Added helm charts for api, pap, apex-pdp and policy-participant. Issue-ID: POLICY-4457 Signed-off-by: zrrmmua Change-Id: I10d721d17d773b3226dbd0473c3d55dae3be42a4 --- helm/policy/Chart.yaml | 16 ++ helm/policy/components/policy-apex-pdp/Chart.yaml | 23 +++ .../resources/config/OnapPfConfig.json | 42 +++++ .../policy-apex-pdp/resources/config/logback.xml | 103 ++++++++++++ .../policy-apex-pdp/templates/configmap.yaml | 38 +++++ .../policy-apex-pdp/templates/role-binding.yaml | 33 ++++ .../policy-apex-pdp/templates/secrets.yaml | 49 ++++++ .../policy-apex-pdp/templates/service-account.yaml | 20 +++ .../policy-apex-pdp/templates/service.yaml | 46 ++++++ .../policy-apex-pdp/templates/statefulset.yaml | 131 +++++++++++++++ helm/policy/components/policy-apex-pdp/values.yaml | 116 +++++++++++++ helm/policy/components/policy-api/Chart.yaml | 24 +++ .../policy-api/resources/config/apiParameters.yaml | 102 ++++++++++++ .../policy-api/resources/config/logback.xml | 159 ++++++++++++++++++ .../components/policy-api/templates/configmap.yaml | 37 +++++ .../policy-api/templates/deployment.yaml | 148 +++++++++++++++++ .../policy-api/templates/role-binding.yaml | 33 ++++ .../components/policy-api/templates/secret.yaml | 53 ++++++ .../policy-api/templates/service-account.yaml | 25 +++ .../components/policy-api/templates/service.yaml | 39 +++++ helm/policy/components/policy-api/values.yaml | 98 +++++++++++ .../components/policy-clamp-ac-pf-ppnt/Chart.yaml | 22 +++ .../config/PolicyParticipantParameters.yaml | 128 +++++++++++++++ .../resources/config/logback.xml | 103 ++++++++++++ .../templates/configmap.yaml | 32 ++++ .../templates/deployment.yaml | 150 +++++++++++++++++ .../templates/role-binding.yaml | 37 +++++ .../policy-clamp-ac-pf-ppnt/templates/secrets.yaml | 80 +++++++++ .../templates/service-account.yaml | 25 +++ .../policy-clamp-ac-pf-ppnt/templates/service.yaml | 43 +++++ .../components/policy-clamp-ac-pf-ppnt/values.yaml | 119 ++++++++++++++ helm/policy/components/policy-pap/Chart.yaml | 23 +++ .../policy-pap/resources/config/logback.xml | 103 ++++++++++++ .../policy-pap/resources/config/papParameters.yaml | 136 +++++++++++++++ .../components/policy-pap/templates/configmap.yaml | 38 +++++ .../policy-pap/templates/deployment.yaml | 182 +++++++++++++++++++++ .../policy-pap/templates/role-binding.yaml | 33 ++++ .../components/policy-pap/templates/secrets.yaml | 97 +++++++++++ .../policy-pap/templates/service-account.yaml | 20 +++ .../components/policy-pap/templates/service.yaml | 43 +++++ helm/policy/components/policy-pap/values.yaml | 132 +++++++++++++++ helm/policy/values.yaml | 50 ++---- 42 files changed, 2897 insertions(+), 34 deletions(-) create mode 100755 helm/policy/components/policy-apex-pdp/Chart.yaml create mode 100755 helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json create mode 100755 helm/policy/components/policy-apex-pdp/resources/config/logback.xml create mode 100755 helm/policy/components/policy-apex-pdp/templates/configmap.yaml create mode 100644 helm/policy/components/policy-apex-pdp/templates/role-binding.yaml create mode 100755 helm/policy/components/policy-apex-pdp/templates/secrets.yaml create mode 100644 helm/policy/components/policy-apex-pdp/templates/service-account.yaml create mode 100755 helm/policy/components/policy-apex-pdp/templates/service.yaml create mode 100755 helm/policy/components/policy-apex-pdp/templates/statefulset.yaml create mode 100755 helm/policy/components/policy-apex-pdp/values.yaml create mode 100644 helm/policy/components/policy-api/Chart.yaml create mode 100644 helm/policy/components/policy-api/resources/config/apiParameters.yaml create mode 100755 helm/policy/components/policy-api/resources/config/logback.xml create mode 100644 helm/policy/components/policy-api/templates/configmap.yaml create mode 100755 helm/policy/components/policy-api/templates/deployment.yaml create mode 100644 helm/policy/components/policy-api/templates/role-binding.yaml create mode 100644 helm/policy/components/policy-api/templates/secret.yaml create mode 100644 helm/policy/components/policy-api/templates/service-account.yaml create mode 100644 helm/policy/components/policy-api/templates/service.yaml create mode 100644 helm/policy/components/policy-api/values.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml create mode 100644 helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml create mode 100755 helm/policy/components/policy-pap/Chart.yaml create mode 100755 helm/policy/components/policy-pap/resources/config/logback.xml create mode 100644 helm/policy/components/policy-pap/resources/config/papParameters.yaml create mode 100755 helm/policy/components/policy-pap/templates/configmap.yaml create mode 100755 helm/policy/components/policy-pap/templates/deployment.yaml create mode 100644 helm/policy/components/policy-pap/templates/role-binding.yaml create mode 100755 helm/policy/components/policy-pap/templates/secrets.yaml create mode 100644 helm/policy/components/policy-pap/templates/service-account.yaml create mode 100755 helm/policy/components/policy-pap/templates/service.yaml create mode 100755 helm/policy/components/policy-pap/values.yaml diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index f1930303..3ad91554 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -33,3 +33,19 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-models-simulator' condition: policy-models-simulator.enabled + - name: policy-api + version: ~11.x-0 + repository: 'file://components/policy-api' + condition: policy-api.enabled + - name: policy-pap + version: ~11.x-0 + repository: 'file://components/policy-pap' + condition: policy-pap.enabled + - name: policy-apex-pdp + version: ~11.x-0 + repository: 'file://components/policy-apex-pdp' + condition: policy-apex-pdp.enabled + - name: policy-clamp-ac-pf-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-pf-ppnt' + condition: policy-clamp-ac-pf-ppnt.enabled diff --git a/helm/policy/components/policy-apex-pdp/Chart.yaml b/helm/policy/components/policy-apex-pdp/Chart.yaml new file mode 100755 index 00000000..dd75e97c --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/Chart.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy APEX PDP +name: policy-apex-pdp +version: 11.0.0 + diff --git a/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json new file mode 100755 index 00000000..d03b3795 --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -0,0 +1,42 @@ +{ + "name":"OnapPfParameterGroup", + "restServerParameters": { + "host": "0.0.0.0", + "port": 6969, + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", + "https": false, + "prometheus": true + }, + "pdpStatusParameters":{ + "pdpGroup": "defaultGroup", + "timeIntervalMs": 120000, + "pdpType":"apex", + "description":"Pdp Heartbeat", + "supportedPolicyTypes": [ + { + "name": "onap.policies.native.Apex", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.operational.common.Apex", + "version": "1.0.0" + } + ] + }, + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "useHttps" : false, + "fetchTimeout": 15000, + "topicCommInfrastructure" : "dmaap" + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "useHttps" : false, + "topicCommInfrastructure" : "dmaap" + }] + } +} diff --git a/helm/policy/components/policy-apex-pdp/resources/config/logback.xml b/helm/policy/components/policy-apex-pdp/resources/config/logback.xml new file mode 100755 index 00000000..d156414d --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/apex-pdp/error.log + + /var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/apex-pdp/debug.log + + /var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/apex-pdp/network.log + + /var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-apex-pdp/templates/configmap.yaml b/helm/policy/components/policy-apex-pdp/templates/configmap.yaml new file mode 100755 index 00000000..1910433b --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: Release + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml b/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml new file mode 100644 index 00000000..12e1addf --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-apex-pdp/templates/secrets.yaml b/helm/policy/components/policy-apex-pdp/templates/secrets.yaml new file mode 100755 index 00000000..60443044 --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/secrets.yaml @@ -0,0 +1,49 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: "MobnDove6!Qibh" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + + + diff --git a/helm/policy/components/policy-apex-pdp/templates/service-account.yaml b/helm/policy/components/policy-apex-pdp/templates/service-account.yaml new file mode 100644 index 00000000..2a46e911 --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/service-account.yaml @@ -0,0 +1,20 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/policy-apex-pdp/templates/service.yaml b/helm/policy/components/policy-apex-pdp/templates/service.yaml new file mode 100755 index 00000000..032424e5 --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/service.yaml @@ -0,0 +1,46 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ .Chart.Name }} + release: RELEASE + sessionAffinity: None diff --git a/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml b/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml new file mode 100755 index 00000000..29291afc --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -0,0 +1,131 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +spec: + serviceName: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: RELEASE + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: password +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: apexconfig-input + - mountPath: /config + name: apexconfig + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["sh","-c"] + args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] + ports: + - containerPort: {{ .Values.service.externalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: REPLICAS + value: "{{ .Values.replicaCount }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/log/onap + name: policy-logs + - mountPath: /home/apexuser/config + name: apexconfig + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: policy-logs + emptyDir: {} + - name: apexconfig-input + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: apexconfig + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-apex-pdp/values.yaml b/helm/policy/components/policy-apex-pdp/values.yaml new file mode 100755 index 00000000..0218b937 --- /dev/null +++ b/helm/policy/components/policy-apex-pdp/values.yaml @@ -0,0 +1,116 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. + +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + aafEnabled: false + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-apex-pdp:2.8.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +restServer: + user: healthcheck + password: zb!XztG34 + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-apex-pdp + portName: http + externalPort: 6969 + internalPort: 6969 + nodePort: 37 + +ingress: + enabled: false + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 10m + memory: 1Gi + unlimited: {} + + +#Pods Service Account +serviceAccount: + nameOverride: policy-apex-pdp + roles: + - read + +# application configuration +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + policyPdpPapTopic: policy-pdp-pap +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. diff --git a/helm/policy/components/policy-api/Chart.yaml b/helm/policy/components/policy-api/Chart.yaml new file mode 100644 index 00000000..ddf11078 --- /dev/null +++ b/helm/policy/components/policy-api/Chart.yaml @@ -0,0 +1,24 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Design API +name: policy-api +version: 11.0.0 + + diff --git a/helm/policy/components/policy-api/resources/config/apiParameters.yaml b/helm/policy/components/policy-api/resources/config/apiParameters.yaml new file mode 100644 index 00000000..1e8d3da1 --- /dev/null +++ b/helm/policy/components/policy-api/resources/config/apiParameters.yaml @@ -0,0 +1,102 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +server: + port: {{ .Values.service.internalPort }} + ssl: + enabled: false + +spring: + security.user: + name: "${RESTSERVER_USER}" + password: "${RESTSERVER_PASSWORD}" + mvc.converters.preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin + driverClassName: org.mariadb.jdbc.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + hikari: + maximumPoolSize: 20 + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + +policy-api: + name: ApiGroup + aaf: false + +database: + name: PolicyProviderParameterGroup + implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl + driver: org.mariadb.jdbc.Driver + url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin + user: "${SQL_USER}" + password: "${SQL_PASSWORD}" + persistenceUnit: PolicyDb + +policy-preload: + policyTypes: + - policytypes/onap.policies.monitoring.tcagen2.yaml + - policytypes/onap.policies.monitoring.tcagen2.v2.yaml + - policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml + - policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml + - policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml + - policytypes/onap.policies.monitoring.dcae-pm-mapper.yaml + - policytypes/onap.policies.Optimization.yaml + - policytypes/onap.policies.optimization.Resource.yaml + - policytypes/onap.policies.optimization.Service.yaml + - policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml + - policytypes/onap.policies.optimization.resource.DistancePolicy.yaml + - policytypes/onap.policies.optimization.resource.HpaPolicy.yaml + - policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml + - policytypes/onap.policies.optimization.resource.PciPolicy.yaml + - policytypes/onap.policies.optimization.service.QueryPolicy.yaml + - policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml + - policytypes/onap.policies.optimization.resource.Vim_fit.yaml + - policytypes/onap.policies.optimization.resource.VnfPolicy.yaml + - policytypes/onap.policies.controlloop.guard.Common.yaml + - policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml + - policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml + - policytypes/onap.policies.controlloop.guard.common.MinMax.yaml + - policytypes/onap.policies.controlloop.guard.common.Filter.yaml + - policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml + - policytypes/onap.policies.Naming.yaml + - policytypes/onap.policies.Match.yaml + - policytypes/onap.policies.native.Drools.yaml + - policytypes/onap.policies.native.Xacml.yaml + - policytypes/onap.policies.native.Apex.yaml + - policytypes/onap.policies.controlloop.operational.Common.yaml + - policytypes/onap.policies.controlloop.operational.common.Apex.yaml + - policytypes/onap.policies.controlloop.operational.common.Drools.yaml + policies: + - policies/sdnc.policy.naming.input.tosca.yaml + +management: + endpoints: + web: + base-path: / + exposure: + include: health,metrics,prometheus + path-mapping.prometheus: metrics diff --git a/helm/policy/components/policy-api/resources/config/logback.xml b/helm/policy/components/policy-api/resources/config/logback.xml new file mode 100755 index 00000000..da8c8c79 --- /dev/null +++ b/helm/policy/components/policy-api/resources/config/logback.xml @@ -0,0 +1,159 @@ + + + + + + /var/log/onap/policy/api/error.log + + /var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/api/debug.log + + /var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/api/network.log + + /var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + /var/log/onap/policy/api/metric.log + + /var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + %X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n + + + + + + + + + /var/log/onap/policy/api/audit.log + + /var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + %X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-api/templates/configmap.yaml b/helm/policy/components/policy-api/templates/configmap.yaml new file mode 100644 index 00000000..2ddfab37 --- /dev/null +++ b/helm/policy/components/policy-api/templates/configmap.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-api/templates/deployment.yaml b/helm/policy/components/policy-api/templates/deployment.yaml new file mode 100755 index 00000000..f93854ce --- /dev/null +++ b/helm/policy/components/policy-api/templates/deployment.yaml @@ -0,0 +1,148 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-creds + key: login + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-creds + key: password + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: password + volumeMounts: + - mountPath: /config-input + name: apiconfig + - mountPath: /config + name: apiconfig-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/api/bin/policy-api.sh"] + args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"] + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: {{ .Values.readiness.api }} + port: {{ .Values.service.internalPort }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: HTTP + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/api/etc/mounted + name: apiconfig-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: apiconfig + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: apiconfig-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" \ No newline at end of file diff --git a/helm/policy/components/policy-api/templates/role-binding.yaml b/helm/policy/components/policy-api/templates/role-binding.yaml new file mode 100644 index 00000000..38fb4a6b --- /dev/null +++ b/helm/policy/components/policy-api/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io + diff --git a/helm/policy/components/policy-api/templates/secret.yaml b/helm/policy/components/policy-api/templates/secret.yaml new file mode 100644 index 00000000..68e4dddc --- /dev/null +++ b/helm/policy/components/policy-api/templates/secret.yaml @@ -0,0 +1,53 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-db-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + + diff --git a/helm/policy/components/policy-api/templates/service-account.yaml b/helm/policy/components/policy-api/templates/service-account.yaml new file mode 100644 index 00000000..310cab47 --- /dev/null +++ b/helm/policy/components/policy-api/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + diff --git a/helm/policy/components/policy-api/templates/service.yaml b/helm/policy/components/policy-api/templates/service.yaml new file mode 100644 index 00000000..7a2e6473 --- /dev/null +++ b/helm/policy/components/policy-api/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ .Chart.Name }} + release: release \ No newline at end of file diff --git a/helm/policy/components/policy-api/values.yaml b/helm/policy/components/policy-api/values.yaml new file mode 100644 index 00000000..09418b7d --- /dev/null +++ b/helm/policy/components/policy-api/values.yaml @@ -0,0 +1,98 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 304 + persistence: {} + aafEnabled: false + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-api:2.7.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +db: + user: policy-user + password: policy-user + service: + name: mariadb-galera + internalPort: 3306 + +restServer: + user: policyadmin + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 120 + api: /policy/api/v1/healthcheck + successThreshold: 1 + failureThreshold: 3 + timeout: 60 + +service: + type: ClusterIP + name: policy-api + portName: http + externalPort: 6969 + internalPort: 6969 + nodePort: 40 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + +#Pods Service Account +serviceAccount: + nameOverride: policy-api + roles: + - read diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml new file mode 100644 index 00000000..39627061 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM Policy Participant +name: policy-clamp-ac-pf-ppnt +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml new file mode 100644 index 00000000..be8a3550 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -0,0 +1,128 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + autoconfigure: + exclude: > + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration, + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration, + org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} + bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + useHttps: false + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + useHttps: false + allowSelfSignedCerts: true + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: org.onap.PM_Policy + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.PolicyParticipant + version: 2.3.1 + clampAutomationCompositionTopics: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: false + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false + +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: false +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: false +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + +server: + port: 8085 + servlet: + context-path: /onap/policyparticipant + ssl: + enabled: false + diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml new file mode 100644 index 00000000..3d24eefe --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pf-participant/error.log + + /var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/debug.log + + /var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/network.log + + /var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml new file mode 100644 index 00000000..1319768a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml new file mode 100644 index 00000000..e9288ad8 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -0,0 +1,150 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: API_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-secret + key: login + - name: API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-secret + key: password + - name: PAP_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-pap-secret + key: login + - name: PAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-pap-secret + key: login + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-pf-ppnt-config + - mountPath: /config + name: ac-pf-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] + ports: + - containerPort: 8085 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-pf-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-pf-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-pf-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml new file mode 100644 index 00000000..54e8e901 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/role-binding.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-read + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read + namespace: default + diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml new file mode 100644 index 00000000..36cd762b --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-api-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.api.user }} + password: {{ .Values.restServer.api.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-pap-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.pap.user }} + password: {{ .Values.restServer.pap.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: "HuveRotkMosl5!" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.participantppnt.user }} + password: {{ .Values.restServer.participantppnt.password }} \ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml new file mode 100644 index 00000000..7e07faf8 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml new file mode 100644 index 00000000..60456ecd --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + protocol: TCP + name: {{ .Values.service.ports.name }} + ipFamilyPolicy: PreferDualStack + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + sessionAffinity: None + diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml new file mode 100644 index 00000000..f1f0919d --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -0,0 +1,119 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.3.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +# application configuration +restServer: + api: + user: policyadmin + password: zb!XztG34 + pap: + user: policyadmin + password: zb!XztG34 + participantppnt: + user: participantUser + password: zb!XztG34 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-pf-ppnt + useNodePortExt: true + ports: + name: http-api + port: 8085 + nodePort: 42 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-pf-ppnt + roles: + - read + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 diff --git a/helm/policy/components/policy-pap/Chart.yaml b/helm/policy/components/policy-pap/Chart.yaml new file mode 100755 index 00000000..d0b9aaa4 --- /dev/null +++ b/helm/policy/components/policy-pap/Chart.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Administration (PAP) +name: policy-pap +version: 11.0.0 + diff --git a/helm/policy/components/policy-pap/resources/config/logback.xml b/helm/policy/components/policy-pap/resources/config/logback.xml new file mode 100755 index 00000000..b544c272 --- /dev/null +++ b/helm/policy/components/policy-pap/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pap/error.log + + /var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pap/debug.log + + /var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pap/network.log + + /var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-pap/resources/config/papParameters.yaml b/helm/policy/components/policy-pap/resources/config/papParameters.yaml new file mode 100644 index 00000000..8dd624a8 --- /dev/null +++ b/helm/policy/components/policy-pap/resources/config/papParameters.yaml @@ -0,0 +1,136 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: "${RESTSERVER_USER}" + password: "${RESTSERVER_PASSWORD}" + http: + converters: + preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + driverClassName: org.mariadb.jdbc.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + hikari: + maximumPoolSize: 20 + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} + bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +server: + port: 6969 + ssl: + enabled: false + +pap: + name: PapGroup + aaf: false + pdpParameters: + heartBeatMs: 120000 + updateParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + stateChangeParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + savePdpStatisticsInDb: false + topicParameterGroup: + topicSources: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: false + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + - topic: POLICY-HEARTBEAT + effectiveTopic: POLICY-PDP-PAP + consumerGroup: policy-pap + servers: + - message-router + useHttps: false + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + topicSinks: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: false + topicCommInfrastructure: dmaap + - topic: POLICY-NOTIFICATION + servers: + - message-router + useHttps: false + topicCommInfrastructure: dmaap +# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + + healthCheckRestClientParameters: + - clientName: api + hostname: policy-api + port: 6969 + userName: "${API_USER}" + password: "${API_PASSWORD}" + useHttps: false + basePath: policy/api/v1/healthcheck + - clientName: distribution + hostname: policy-distribution + port: 6969 + userName: "${DISTRIBUTION_USER}" + password: "${DISTRIBUTION_PASSWORD}" + useHttps: false + basePath: healthcheck + - clientName: dmaap + hostname: message-router + port: 3904 + useHttps: false + basePath: topics + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + path-mapping.prometheus: metrics diff --git a/helm/policy/components/policy-pap/templates/configmap.yaml b/helm/policy/components/policy-pap/templates/configmap.yaml new file mode 100755 index 00000000..6d77c146 --- /dev/null +++ b/helm/policy/components/policy-pap/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-pap/templates/deployment.yaml b/helm/policy/components/policy-pap/templates/deployment.yaml new file mode 100755 index 00000000..6c82fb8b --- /dev/null +++ b/helm/policy/components/policy-pap/templates/deployment.yaml @@ -0,0 +1,182 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: login + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: password + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password + - name: API_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-secret + key: login + - name: API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-secret + key: password + - name: DISTRIBUTION_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-distribution-secret + key: login + - name: DISTRIBUTION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-distribution-secret + key: password +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: papconfig + - mountPath: /config + name: papconfig-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/pap/bin/policy-pap.sh"] + args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] + ports: + - containerPort: 6969 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: {{ .Values.readiness.api }} + port: {{ .Values.readiness.port }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: HTTP + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/pap/etc/mounted + name: papconfig-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: papconfig + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: papconfig-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-pap/templates/role-binding.yaml b/helm/policy/components/policy-pap/templates/role-binding.yaml new file mode 100644 index 00000000..38fb4a6b --- /dev/null +++ b/helm/policy/components/policy-pap/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io + diff --git a/helm/policy/components/policy-pap/templates/secrets.yaml b/helm/policy/components/policy-pap/templates/secrets.yaml new file mode 100755 index 00000000..7958a112 --- /dev/null +++ b/helm/policy/components/policy-pap/templates/secrets.yaml @@ -0,0 +1,97 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-api-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.healthCheckRestClient.api.user }} + password: {{ .Values.healthCheckRestClient.api.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-db-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-distribution-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.healthCheckRestClient.distribution.user }} + password: {{ .Values.healthCheckRestClient.distribution.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: "Zule4]TateGila" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} \ No newline at end of file diff --git a/helm/policy/components/policy-pap/templates/service-account.yaml b/helm/policy/components/policy-pap/templates/service-account.yaml new file mode 100644 index 00000000..2a46e911 --- /dev/null +++ b/helm/policy/components/policy-pap/templates/service-account.yaml @@ -0,0 +1,20 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/policy-pap/templates/service.yaml b/helm/policy/components/policy-pap/templates/service.yaml new file mode 100755 index 00000000..1bee30f1 --- /dev/null +++ b/helm/policy/components/policy-pap/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + name: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: RELEASE + heritage: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.name }} + protocol: TCP + name: {{ .Values.service.ports.name }} + ipFamilyPolicy: PreferDualStack + type: {{ .Values.service.type }} + selector: + app: {{ .Chart.Name }} + release: RELEASE + sessionAffinity: None diff --git a/helm/policy/components/policy-pap/values.yaml b/helm/policy/components/policy-pap/values.yaml new file mode 100755 index 00000000..ae0defb9 --- /dev/null +++ b/helm/policy/components/policy-pap/values.yaml @@ -0,0 +1,132 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + persistence: {} + aafEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-pap:2.7.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +db: + user: policy-user + password: policy-user + service: + name: mariadb-galera + internalPort: 3306 + +restServer: + user: policyadmin + password: zb!XztG34 + +healthCheckRestClient: + api: + user: policyadmin + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 10 + periodSeconds: 120 + port: http-api + api: /policy/pap/v1/healthcheck + successThreshold: 1 + failureThreshold: 3 + timeout: 60 + +service: + type: ClusterIP + name: policy-pap + useNodePortExt: true + ports: + name: http-api + port: 6969 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + +#Pods Service Account +serviceAccount: + nameOverride: policy-pap + roles: + - read + +# application configuration +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + policyPdpPapTopic: policy-pdp-pap +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index 8dcdae89..25e4dbfe 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -17,7 +17,7 @@ ################################################################# global: - aafEnabled: true + aafEnabled: false mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -30,33 +30,6 @@ global: kafkaBootstrap: strimzi-kafka-bootstrap policyKafkaUser: policy-kafka-user -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-password - name: &dbRootPassSecretName 'policy-db-root-password' - type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' - policy: generate - - uid: db-secret - name: &dbSecretName 'policy-db-secret' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "db" "user" }}' - password: '{{ index .Values "mariadb-galera" "db" "password" }}' - passwordPolicy: generate - - uid: policy-app-user-creds - name: &policyAppCredsSecret 'policy-app-user-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' - login: '{{ .Values.config.policyAppUserName }}' - password: '{{ .Values.config.policyAppUserPassword }}' - passwordPolicy: generate - -db: &dbSecretsHook - credsExternalSecret: *dbSecretName policy-models-simulator: enabled: true @@ -64,9 +37,15 @@ policy-clamp-ac-k8s-ppnt: enabled: true policy-clamp-runtime-acm: enabled: true - db: *dbSecretsHook - config: - appUserExternalSecret: *policyAppCredsSecret +policy-api: + enabled: true +policy-pap: + enabled: true +policy-apex-pdp: + enabled: true +policy-clamp-ac-pf-ppnt: + enabled: true + ################################################################# # DB configuration defaults. @@ -143,10 +122,7 @@ mariadb-galera: db: user: policy-user # password: - externalSecret: *dbSecretName name: &mysqlDbName policyadmin - rootUser: - externalSecret: *dbRootPassSecretName nameOverride: *mariadb-galera # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService @@ -157,6 +133,12 @@ mariadb-galera: serviceAccount: nameOverride: *mariadb-galera +restServer: + policyPapUserName: policyadmin + policyPapUserPassword: zb!XztG34 + policyApiUserName: policyadmin + policyApiUserPassword: zb!XztG34 + # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) flavor: small -- 2.16.6