# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"pdpStatusParameters":{
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
+{{ include "common.service" . }}
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- . {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
+ args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
-{{- if not .Values.global.aafEnabled }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
-{{- end }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
#################################################################
externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
- - uid: truststore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: keystore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
restServer:
user: healthcheck
password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-apex-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 101
- gid: 102
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: policy-apex-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 37
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
enabled: true
port: policy-apex-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-apex-pdp-restserver-creds
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server:
port: {{ .Values.service.internalPort }}
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
servlet:
context-path: /policy/api/v1
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 304
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-api-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: policy-api
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 40
+ ports:
+ - name: http
+ port: 6969
+
ingress:
enabled: false
enabled: true
port: policy-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-api-user-creds
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
#################################################################
# Application configuration defaults.
ports:
- name: a1pms-api
port: 8086
- nodePort: 42
-
flavor: small
resources:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
servlet:
context-path: /onap/httpparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-http-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 8084
- nodePort: 42
-
flavor: small
resources:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
logging:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 8083
- nodePort: 42
ingress:
enabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
#################################################################
# Application configuration defaults.
image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
pullPolicy: Always
-
componentName: &componentName policy-clamp-ac-kserve-ppnt
# application configuration
ports:
- name: kserve-api
port: 8087
- nodePort: 42
-
flavor: small
resources:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
servlet:
context-path: /onap/policyparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.restServer.pap.user }}'
password: '{{ .Values.restServer.pap.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
+ internalPort: 8085
ports:
- name: http-api
port: 8085
- nodePort: 42
flavor: small
resources:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
error:
path: /error
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
runtime:
participantParameters:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: runtime-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-runtime-acm-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
#################################################################
# Application configuration defaults.
#################################################################
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 6969
- nodePort: 42
ingress:
enabled: false
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"receptionHandlerParameters":{
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"papParameters": {
"clientName": "policy-pap",
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"deployPolicies": true
}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
-{{- else }}
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
#################################################################
# Global configuration defaults.
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-distribution-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: policy-distribution
- portName: http
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
enabled: true
port: policy-distribution
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-distribution-restserver-creds
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
# Liveness
LIVENESS_CONTROLLERS=*
-# AAF
-
-AAF={{.Values.aaf.enabled}}
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
# HTTP Servers
-HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+HTTP_SERVER_HTTPS="false"
PROMETHEUS=true
# PDP-D DMaaP configuration channel
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
+AAI_PORT=8080
AAI_CONTEXT_URI=
# MSO
# ============LICENSE_END=========================================================
*/}}
-{{- if not .Values.global.aafEnabled }}
-KEYSTORE_PASSWD={{.Values.keystore.password}}
-{{- end }}
-
-TRUSTSTORE_PASSWD={{.Values.truststore.password}}
-
TELEMETRY_USER={{.Values.telemetry.user}}
TELEMETRY_PASSWORD={{.Values.telemetry.password}}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
+
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
- /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
service:
type: ClusterIP
name: policy-drools-pdp
- portName: http
internalPort: 6969
- externalPort: 6969
- nodePort: 17
- internalPort2: 9696
- externalPort2: 9696
- nodePort2: 21
+ ports:
+ - name: http
+ port: 6969
+ - name: http-2
+ port: 9696
ingress:
enabled: false
-# Default installation values to be overridden
-
-certInitializer:
- nameOverride: policy-drools-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export CADI_KEYFILE='{{ .Values.credsPath }}/org.onap.policy.keyfile'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
server:
jvmOpts: -server -XshowSettings:vm
-aaf:
- enabled: "false"
-
-keystore:
- password: Pol1cy_0nap
-
-truststore:
- password: Pol1cy_0nap
-
telemetry:
user: demo@people.osaaf.org
password: demo123456!
enabled: true
port: policy-drools-pdp-9696
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
server:
port: 2443
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-# enabled-protocols: TLSv1.2
-# client-auth: want
-# key-store: file:${KEYSTORE}
-# key-store-password: ${KEYSTORE_PASSWD}
-# trust-store: file:${TRUSTSTORE}
-# trust-store-password: ${TRUSTSTORE_PASSWD}
+ enabled: false
clamp:
url:
- disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
- disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-validation: true
+ disable-ssl-hostname-check: true
apex-editor:
upload-url:
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE
- value: {{ .Values.certStores.keystoreLocation }}
- - name: KEYSTORE_PASSWD
- value: {{ .Values.certStores.keyStorePassword }}
- - name: TRUSTSTORE
- value: {{ .Values.certStores.truststoreLocation }}
- - name: TRUSTSTORE_PASSWD
- value: {{ .Values.certStores.trustStorePassword }}
- name: POLICY_LOGS
value: {{ .Values.log.path }}
volumeMounts:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if not (include "common.onServiceMesh" .) }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
- env:
-{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{ end }}
- name: CLAMP_URL
value: http://policy-clamp-runtime-acm:6969
ports:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /opt/app/policy/gui/etc/application.yml
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
+{{ include "common.service" . }}
global: # global defaults
nodePortPrefix: 304
centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
- truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
- trustStorePassword: Pol1cy_0nap
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: policy-gui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
service:
type: NodePort
name: policy-gui
- portName: http
internalPort: 2443
- nodePort: 43
+ ports:
+ - name: http
+ port: 2443
+ nodePort: 43
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command: ["sh", "-c", "chown -R 200:200 /share"]
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: ClusterIP
name: policy-nexus
- portName: http
- externalPort: 8081
internalPort: 8081
- nodePort: 36
+ ports:
+ - name: http
+ port: 8081
ingress:
enabled: false
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
server:
port: 6969
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
servlet:
context-path: /policy/pap/v1
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: healthcheck
- clientName: dmaap
hostname: message-router
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
+ scheme: "HTTP"
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
value: '{{ .Values.config.someConfig }}'
policy: generate
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-pap-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
#################################################################
# Application configuration defaults.
#################################################################
service:
type: ClusterIP
name: policy-pap
- useNodePortExt: true
ports:
- name: http-api
port: 6969
- nodePort: 42
ingress:
enabled: false
enabled: true
port: http-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-pap-user-creds
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"aaf": false,
"prometheus": true
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps": "false",
"aaf": false
},
"applicationParameters": {
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
-{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#################################################################
global:
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-xacml-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
enabled: true
port: policy-xacml-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
app: {{ include "common.name" . }}-pg-init
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
app: {{ include "common.name" . }}-galera-config
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-config
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_policy_init.sh
env:
- name: SQL_HOST
- name: SCRIPT_DIRECTORY
value: "sql"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
app: {{ include "common.name" . }}-pg-config
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-config
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_pg_policy_init.sh
env:
- name: SQL_HOST
- name: PGPASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
# Global configuration defaults.
#################################################################
global:
- aafEnabled: false
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.