# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021, 2022 Nordix Foundation
+# Modifications Copyright © 2021, 2022, 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mariadb-galera
version: ~12.x-0
repository: '@local'
+ condition: global.mariadb.localCluster
- name: policy-nexus
version: ~12.x-0
repository: 'file://components/policy-nexus'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
"https": "false",
"prometheus": true
},
- "pdpStatusParameters":{
+ "pdpStatusParameters": {
"pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
]
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
}],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topicSinks" : [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
+ }]
}
}
*/}}
apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
- serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - sh
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
+ - command: ["/bin/sh", "-cx"]
+{{- if .Values.global.useStrimziKafkaPf }}
+ args:
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
+ cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ else }}
args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
+{{ else }}
+ - name: KAFKA_URL
+ value: message-router
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
{{- end }}
volumeMounts:
- mountPath: /config-input
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["sh","-c"]
- args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - id apexuser;
+ cat /home/apexuser/config/OnapPfConfig.json;
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- mountPath: /home/apexuser/config
name: apexconfig
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
- affinity:
+ {{- if .Values.affinity }}
+ affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
global:
nodePortPrefix: 302
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.9.1
+image: onap/policy-apex-pdp:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: policy-group
+ groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-apex
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+{{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
policy-api:
name: ApiGroup
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
emptyDir:
medium: Memory
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
global:
nodePortPrefix: 304
persistence: {}
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.8.1
+image: onap/policy-api:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
+ cpu: 150m
memory: 1Gi
large:
limits:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
+image: onap/policy-clamp-ac-a1pms-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-a1pms-ppnt
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.4.1
+image: onap/policy-clamp-ac-http-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-http-ppnt
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-k8s-ppnt
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
+image: onap/policy-clamp-ac-kserve-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-kserve-ppnt
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.4.1
+image: onap/policy-clamp-ac-pf-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-pf-ppnt
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.4.1
+image: onap/policy-clamp-runtime-acm:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-runtime-acm
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config'
\ No newline at end of file
+ - '{{ include "common.release" . }}-policy-galera-config'
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.9.1
+image: onap/policy-distribution:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.12.1
+image: onap/policy-pdpd-cl:1.12.2
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-gui:2.4.1
+image: onap/policy-gui:2.4.2
pullPolicy: Always
# flag to enable debugging - application support required
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
server:
port: 6969
name: PapGroup
aaf: false
topic:
- pdp-pap.name: POLICY-PDP-PAP
- notification.name: POLICY-NOTIFICATION
- heartbeat.name: POLICY-HEARTBEAT
+ {{ if .Values.global.useStrimziKafkaPf }}
+ pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
+ notification.name: {{ .Values.config.kafka.topics.policyNotification }}
+ heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ {{ else }}
+ pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
+ notification.name: {{ .Values.dmaap.topics.policyNotification }}
+ heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
+ {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
stateChangeParameters:
maxRetryCount: 1
maxWaitMs: 30000
- savePdpStatisticsInDb: false
+ savePdpStatisticsInDb: true
topicParameterGroup:
topicSources:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
- - topic: POLICY-HEARTBEAT
- effectiveTopic: POLICY-PDP-PAP
- consumerGroup: policy-pap
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
topicSinks:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
- - topic: POLICY-NOTIFICATION
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyNotification }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyNotification }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
password: "${DISTRIBUTION_PASSWORD}"
useHttps: false
basePath: healthcheck
- - clientName: dmaap
- hostname: message-router
- port: 3904
- useHttps: false
- basePath: topics
management:
endpoints:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
- command:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
- env:
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }} env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-db-readiness
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
+
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml;
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
global:
nodePortPrefixExt: 304
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.8.1
+image: onap/policy-pap:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
ports:
- name: http-api
port: 6969
+ - name: debug-port
+ port: 5005
+ protocol: TCP
ingress:
enabled: false
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 2
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
- cpu: 2
+ cpu: 4
memory: 8Gi
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
+ topics:
+ policyHeartbeat: policy-heartbeat
+ policyNotification: policy-notification
+ policyPdpPap: policy-pdp-pap
consumer:
- groupId: policy-group
+ groupId: policy-pap
app:
listener:
policyPdpPapTopic: policy-pdp-pap
+
+dmaap:
+ topics:
+ policyHeartbeat: POLICY-HEARTBEAT
+ policyNotification: POLICY-NOTIFICATION
+ policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-pap
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-notification
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.8.1
+image: onap/policy-xacml-pdp:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 2
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 200m
- memory: 2Gi
+ memory: 4Gi
unlimited: {}
#Pods Service Account
# limitations under the License.
*/}}
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
items:
- key: db.sh
path: db.sh
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: PG_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: PG_USER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
{{ end }}
---
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
-
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
apiVersion: batch/v1
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: SQL_DB
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
- name: SCRIPT_DIRECTORY
value: "postgres"
- name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
#################################################################
global:
mariadb:
+ localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
name: postgres
#Strimzi Kafka properties
useStrimziKafka: true
+ # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
+ useStrimziKafkaPf: false
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
kafkaTopics:
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
#################################################################
dbmigrator:
- image: onap/policy-db-migrator:2.6.1
+ image: onap/policy-db-migrator:2.6.2
schema: policyadmin
policy_home: "/opt/app/policy"
config:
pgUserName: policy_user
pgDatabase: policyadmin
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
wait_for:
Code Review / oom.git / commitdiff