"useHttps": false,
"fetchTimeout": 15000,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
"security.protocol": "SASL_PLAINTEXT",
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
- }
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
- }],
+ }}],
"topicSinks" : [{
"topic": "${PAP_TOPIC}",
"useHttps": false,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
}
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
}]
}
}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command: ["/bin/sh", "-cx"]
-{{- if .Values.global.useStrimziKafkaPf }}
args:
- JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
cd /config-input && for PFILE in `ls -1`;
do envsubst <${PFILE} >/config/${PFILE}; done
-{{ else }}
- args:
- - cd /config-input && for PFILE in `ls -1`;
- do envsubst <${PFILE} >/config/${PFILE}; done
-{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
- name: KAFKA_URL
- value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
- name: SASL
value: {{ .Values.kafkaUser.authenticationType | upper }}
- name: GROUP_ID
value: {{ .Values.config.kafka.consumer.groupId }}
- name: PAP_TOPIC
value: {{ .Values.config.app.listener.policyPdpPapTopic }}
-{{ else }}
- - name: KAFKA_URL
- value: message-router
- - name: PAP_TOPIC
- value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: apexconfig-input
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
+
global:
nodePortPrefix: 302
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
-# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format instead of yaml.
+
kafkaUser:
authenticationType: scram-sha-512
acls:
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-a1pms-ppnt-config
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
#################################################################
global:
persistence: {}
- #Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-http-ppnt-config
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-k8s-ppnt-config
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
flavor: small
resources:
type: topic
operations: [Read, Write]
-readinessCheck:
- wait_for:
- - message-router
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-kserve-ppnt-config
# See the License for the specific language governing permissions and\r
# limitations under the License.\r
*/}}\r
-{{ if .Values.global.useStrimziKafka }}\r
{{ include "common.kafkauser" . }}\r
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-pf-ppnt-config
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
acmParameters:
toscaElementName: {{ .Values.customNaming.toscaElementName }}
toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: policy-gui-read
flavor: small
roles:
- read
-readinessCheck:
- wait_for:
- - message-router
-
wait_for_job_container:
containers:
- '{{ include "common.release" . }}-policy-galera-config'
# PDP-D DMaaP configuration channel
-PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
-PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_TOPIC=pdpd_configuration
+PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
-POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_TOPIC=policy-pdp-pap
POLICY_PDP_PAP_GROUP=defaultGroup
POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
# DCAE DMaaP
-DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
-DCAE_SERVERS=message-router
+DCAE_TOPIC=unauthenticated.dcae_cl_output
+DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
-DMAAP_SERVERS=message-router
+KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DMAAP_HTTPS="false"
# AAI
# limitations under the License.
*/}}
-POOLING_TOPIC=POOLING
+POOLING_TOPIC=pooling
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:2.1.0
+image: onap/policy-pdpd-cl:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
server:
jvmOpts: -server -XshowSettings:vm
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-drools-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-drools-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
name: PapGroup
aaf: false
topic:
- {{ if .Values.global.useStrimziKafkaPf }}
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
- {{ else }}
- pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
- notification.name: {{ .Values.dmaap.topics.policyNotification }}
- heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
- {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
topicSources:
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyHeartbeat }}
- effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
topicSinks:
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyNotification }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyNotification }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
+
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
global:
nodePortPrefixExt: 304
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
postgres:
localCluster: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: portal-app-read
flavor: small
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
topics:
policyHeartbeat: policy-heartbeat
listener:
policyPdpPapTopic: policy-pdp-pap
-dmaap:
- topics:
- policyHeartbeat: POLICY-HEARTBEAT
- policyNotification: POLICY-NOTIFICATION
- policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
patternType: prefix
operations: [Create, Describe, Read, Write]
-readinessCheck:
- wait_for:
- - message-router
"applicationPath": "/opt/app/policy/pdpx/apps"
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout" : 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
}],
"topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+ }]
}
}
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:3.1.0
+image: onap/policy-xacml-pdp:3.1.1
pullPolicy: Always
+componentName: &componentName policy-xacml-pdp
+
# flag to enable debugging - application support required
debugEnabled: false
service:
type: ClusterIP
- name: policy-xacml-pdp
+ name: *componentName
internalPort: 6969
ports:
- name: http
- serviceAccount: dcae-ves-collector-read
- serviceAccount: dcae-ves-mapper-read
- serviceAccount: dcae-ves-openapi-manager-read
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: oof-read
- serviceAccount: sdnc-read
#Pods Service Account
serviceAccount:
- nameOverride: policy-xacml-pdp
+ nameOverride: *componentName
roles:
- read
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-xacml-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-xacml-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+
+
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafkaPf }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
config:
retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
-{{- end }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
operation: All
-{{- end }}
name3: tcp-pgset-replica
container:
name: postgres
- #Strimzi Kafka properties
- useStrimziKafka: true
- # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
- useStrimziKafkaPf: false
- kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
-
#################################################################
# Secrets metaconfig
#################################################################
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: true
+ enabled: false
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
Code Review / oom.git / commitdiff