# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# Copyright (C) 2022-2023 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
# ============LICENSE_END=========================================================
spring:
- security:
- user:
- name: ${RESTSERVER_USER}
- password: ${RESTSERVER_PASSWORD}
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
- org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+
security:
enable-csrf: false
participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
-
- topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-a1pms-ppnt
+
# application configuration
restServer:
user: participantUser
service:
type: ClusterIP
- name: policy-clamp-ac-a1pms-ppnt
+ name: *componentName
ports:
- name: a1pms-api
port: 8086
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-a1pms-ppnt
+ nameOverride: *componentName
roles:
- create
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
\ No newline at end of file
repository: '@local'
- name: serviceAccount
version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
- topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
image: onap/policy-clamp-ac-http-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-http-ppnt
+
# application configuration
restServer:
user: participantUser
service:
type: ClusterIP
- name: policy-clamp-ac-http-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-http-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
\ No newline at end of file
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-
management:
endpoints:
web:
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-k8s-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
service:
type: ClusterIP
- name: policy-clamp-ac-k8s-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-k8s-ppnt
+ nameOverride: *componentName
roles:
- create
# Update the config here for permitting repositories and protocols
- https
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
repository: '@local'
- name: serviceAccount
version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-
management:
endpoints:
web:
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
image: onap/policy-clamp-ac-pf-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-pf-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
nodeSelector: {}
affinity: {}
+
ingress:
enabled: false
service:
type: ClusterIP
- name: policy-clamp-ac-pf-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-pf-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
hibernate:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
ssl:
enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-
runtime:
participantParameters:
heartBeatMs: 120000
topicParameterGroup:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
- fetchTimeout: 15000
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
-
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# topicParameterGroup:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# fetchTimeout: 15000
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
management:
endpoints:
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
- command:
- /app/ready.py
args:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-galera-config-readiness
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkatopic" . }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.config.policyAppUserName }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
image: onap/policy-clamp-runtime-acm:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-runtime-acm
+
# flag to enable debugging - application support required
debugEnabled: false
config:
policyAppUserName: runtimeUser
policyAppUserPassword: none
-
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy.policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+kafkaTopic:
+ - name: *acRuntimeTopic
+
db:
user: policy_user
password: policy_user
service:
type: ClusterIP
- name: policy-clamp-runtime-acm
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-runtime-acm
+ nameOverride: *componentName
roles:
- read
+
+readinessCheck:
+ wait_for:
+ - message-router
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.release" . }}-policy-galera-config'
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.acRuntimeTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: {{ .Values.config.acRuntimeTopic.partitions }}
- config:
- retention.ms: {{ .Values.config.acRuntimeTopic.retentionMs }}
- segment.bytes: {{ .Values.config.acRuntimeTopic.segmentBytes }}
----
+{{- if .Values.global.useStrimziKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
{{/*
-# Copyright © 2022 Nordix Foundation
-# Modifications Copyright © 2022 Nordix Foundation
+# Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
acls:
- resource:
type: group
- name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.config.acRuntimeTopic.name }}
+ name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }}
operation: All
- resource:
type: topic
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
+ aafEnabled: false
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
name3: tcp-pgset-replica
container:
name: postgres
+ #Strimzi Kafka properties
+ useStrimziKafka: true
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
+ kafkaTopics:
+ acRuntimeTopic:
+ name: policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
db: *dbSecretsHook
policy-clamp-ac-k8s-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-http-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-a1pms-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-nexus:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
+policy-nexus:
+ enabled: false
+ config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
enabled: false
config:
policyAppUserName: runtimeUser
useStrimziKafka: true
- acRuntimeTopic:
- name: policy-acruntime-participant
- partitions: 10
- retentionMs: 7200000
- segmentBytes: 1073741824
- consumer:
- groupId: policy-group
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10