From 6910bbe1e3f2e44e5e100b8fec34a6da8b8eb231 Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 3 Mar 2023 14:53:16 +0000 Subject: [PATCH] [POLICY-PPNT] Move policy-clamp-ppnt use case to use strimzi kafka Move acm to use strimzi common templates Enabled kafka by default for acm ppnts Update relevant config params Signed-off-by: efiacor Change-Id: Ia23970e59f4ddaa83a07d224293b0155e28d0ab2 Issue-ID: DMAAP-1857 --- .../policy-clamp-ac-a1pms-ppnt/Chart.yaml | 5 +- .../config/A1pmsParticipantParameters.yaml | 48 ++++++++++--- .../templates/deployment.yaml | 28 +++----- .../templates/kafkauser.yaml | 18 +++++ .../policy-clamp-ac-a1pms-ppnt/values.yaml | 52 +++++++------- .../policy-clamp-ac-http-ppnt/Chart.yaml | 5 +- .../config/HttpParticipantParameters.yaml | 77 ++++++++++----------- .../templates/deployment.yaml | 28 +++----- .../templates/kafkauser.yaml | 18 +++++ .../policy-clamp-ac-http-ppnt/values.yaml | 54 +++++++-------- .../components/policy-clamp-ac-k8s-ppnt/Chart.yaml | 3 + .../config/KubernetesParticipantParameters.yaml | 76 +++++++++------------ .../templates/deployment.yaml | 28 +++----- .../templates/kafkauser.yaml | 18 +++++ .../policy-clamp-ac-k8s-ppnt/values.yaml | 55 +++++++-------- .../components/policy-clamp-ac-pf-ppnt/Chart.yaml | 5 +- .../config/PolicyParticipantParameters.yaml | 78 +++++++++------------ .../templates/deployment.yaml | 28 +++----- .../templates/kafkauser.yaml | 18 +++++ .../components/policy-clamp-ac-pf-ppnt/values.yaml | 56 ++++++++------- .../components/policy-clamp-runtime-acm/Chart.yaml | 3 + .../resources/config/acRuntimeParameters.yaml | 79 +++++++++------------- .../templates/deployment.yaml | 16 +++-- .../templates/kafkatopic.yaml | 18 +++++ .../templates/kafkauser.yaml | 18 +++++ .../policy-clamp-runtime-acm/values.yaml | 63 +++++++++-------- .../policy/templates/policy-kafka-topics.yaml | 14 +--- kubernetes/policy/templates/policy-kafka-user.yaml | 11 +-- kubernetes/policy/values.yaml | 29 +++----- 29 files changed, 488 insertions(+), 461 deletions(-) create mode 100644 kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index 9f9bef2ddf..9a61fe6408 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# Copyright (C) 2022-2023 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,3 +31,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 40c07d4ad1..34d267bc26 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -16,16 +16,17 @@ # ============LICENSE_END========================================================= spring: - security: - user: - name: ${RESTSERVER_USER} - password: ${RESTSERVER_PASSWORD} autoconfigure: exclude: - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + security: enable-csrf: false @@ -36,17 +37,44 @@ participant: participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 clampAutomationCompositionTopics: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - fetchTimeout: 15000 - - topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} + {{ end }} + topicSinks: + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap + servers: + - ${topicServer:message-router} + {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index 4590046a1e..a4810bae57 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,21 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if .Values.config.useStrimziKafka }} - - command: - - /app/ready.py - args: - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- end }} - command: - sh @@ -54,9 +41,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index 6799635776..885f2c9793 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +22,11 @@ global: persistence: {} aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -43,13 +48,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -62,6 +60,8 @@ certStores: image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-ac-a1pms-ppnt + # application configuration restServer: user: participantUser @@ -105,7 +105,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-ac-a1pms-ppnt + name: *componentName ports: - name: a1pms-api port: 8086 @@ -131,32 +131,28 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-a1pms-ppnt + nameOverride: *componentName roles: - create config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index 1e820fe107..65126ca6b6 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -33,4 +33,7 @@ dependencies: repository: '@local' - name: serviceAccount version: ~12.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index 0d879af6fe..bae543e187 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,18 +26,6 @@ spring: user: name: ${RESTSERVER_USER} password: ${RESTSERVER_PASSWORD} -{{- if .Values.config.useStrimziKafka }} - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -49,46 +37,49 @@ participant: participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01 clampAutomationCompositionTopics: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: "false" - topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} + {{ end }} + topicSinks: + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" + servers: + - ${topicServer:message-router} + {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement typeVersion: 1.0.0 -# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below -# clampAutomationCompositionTopics: -# topicSources: -# - topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# fetchTimeout: 15000 -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} -# topicSinks: -# - topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} management: endpoints: diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 23ef33b79b..550957b717 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,21 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if .Values.config.useStrimziKafka }} - - command: - - /app/ready.py - args: - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- end }} - command: - sh @@ -54,9 +41,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index e445c9f562..5c897c23e4 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,12 @@ ################################################################# global: persistence: {} - aafEnabled: true + aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -43,13 +48,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -81,6 +79,8 @@ certInitializer: image: onap/policy-clamp-ac-http-ppnt:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-ac-http-ppnt + # application configuration restServer: user: participantUser @@ -114,7 +114,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-ac-http-ppnt + name: *componentName useNodePortExt: true ports: - name: http-api @@ -141,32 +141,28 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-http-ppnt + nameOverride: *componentName roles: - read config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index 13507f9e37..c979d7de4a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -36,3 +36,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index ee73ed583d..30df5df082 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -26,18 +26,6 @@ spring: user: name: ${RESTSERVER_USER} password: ${RESTSERVER_PASSWORD} - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} -{{- if .Values.config.useStrimziKafka }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -52,50 +40,48 @@ participant: clampAutomationCompositionTopics: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: "false" + servers: + - ${topicServer:message-router} + {{ end }} topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" + servers: + - ${topicServer:message-router} + {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement typeVersion: 1.0.0 -# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below -# clampAutomationCompositionTopics: -# topicSources: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# fetchTimeout: 15000 -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} -# topicSinks: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} - management: endpoints: web: diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index f511723b9c..0baf6c73b3 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,21 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if .Values.config.useStrimziKafka }} - - command: - - /app/ready.py - args: - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- end }} - command: - sh @@ -54,9 +41,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index c76c934441..8682d147b4 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,12 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true + aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -44,13 +49,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -82,6 +80,8 @@ certInitializer: image: onap/policy-clamp-ac-k8s-ppnt:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-ac-k8s-ppnt + # flag to enable debugging - application support required debugEnabled: false @@ -112,7 +112,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-ac-k8s-ppnt + name: *componentName useNodePortExt: true ports: - name: http-api @@ -142,7 +142,7 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-k8s-ppnt + nameOverride: *componentName roles: - create # Update the config here for permitting repositories and protocols @@ -161,26 +161,23 @@ repoList: - https config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index 59e1ab78f5..a7b7ba8cd8 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -33,4 +33,7 @@ dependencies: repository: '@local' - name: serviceAccount version: ~12.x-0 - repository: '@local' \ No newline at end of file + repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 4f7e0047f6..9bfeefaf76 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,18 +26,6 @@ spring: user: name: ${RESTSERVER_USER} password: ${RESTSERVER_PASSWORD} - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} -{{- if .Values.config.useStrimziKafka }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -68,50 +56,48 @@ participant: clampAutomationCompositionTopics: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: "false" + servers: + - ${topicServer:message-router} + {{ end }} topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" + servers: + - ${topicServer:message-router} + {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement typeVersion: 1.0.0 -# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below -# clampAutomationCompositionTopics: -# topicSources: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# fetchTimeout: 15000 -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} -# topicSinks: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} - management: endpoints: web: diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 4cd73b35f9..726daf1180 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,21 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if .Values.config.useStrimziKafka }} - - command: - - /app/ready.py - args: - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- end }} - command: - sh @@ -62,9 +49,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index fd0b2ae730..206d6e37fa 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,12 @@ ################################################################# global: persistence: {} - aafEnabled: true + aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -55,13 +60,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -93,6 +91,8 @@ certInitializer: image: onap/policy-clamp-ac-pf-ppnt:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-ac-pf-ppnt + # flag to enable debugging - application support required debugEnabled: false @@ -114,6 +114,7 @@ restServer: nodeSelector: {} affinity: {} + ingress: enabled: false @@ -133,7 +134,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-ac-pf-ppnt + name: *componentName useNodePortExt: true ports: - name: http-api @@ -159,31 +160,28 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-pf-ppnt + nameOverride: *componentName roles: - read config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 12578aba5c..e08bd4d490 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -36,3 +36,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 4a2bcf3684..e9adad70cb 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,18 +44,6 @@ spring: hibernate: dialect: org.hibernate.dialect.MariaDB103Dialect format_sql: true - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} -{{- if .Values.config.useStrimziKafka }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -69,7 +57,6 @@ server: ssl: enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} - runtime: participantParameters: heartBeatMs: 120000 @@ -81,45 +68,43 @@ runtime: topicParameterGroup: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" - fetchTimeout: 15000 + servers: + - ${topicServer:message-router} + {{ end }} topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" - -# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below -# topicParameterGroup: -# topicSources: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# fetchTimeout: 15000 -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} -# topicSinks: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} + servers: + - ${topicServer:message-router} + {{ end }} management: endpoints: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index bc11e38fe1..5ec20ca7a3 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,6 +28,9 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- end }} - command: - /app/ready.py args: @@ -41,7 +44,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-galera-config-readiness - command: - sh args: @@ -56,9 +59,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml new file mode 100644 index 0000000000..5601154ddd --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkatopic" . }} +{{ end }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index cefe3651f1..e35a6c00a8 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,12 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true + aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -50,13 +55,6 @@ secrets: login: '{{ .Values.config.policyAppUserName }}' password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -88,6 +86,8 @@ certInitializer: image: onap/policy-clamp-runtime-acm:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-runtime-acm + # flag to enable debugging - application support required debugEnabled: false @@ -95,31 +95,26 @@ debugEnabled: false config: policyAppUserName: runtimeUser policyAppUserPassword: none - -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy.policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +kafkaTopic: + - name: *acRuntimeTopic + db: user: policy_user password: policy_user @@ -150,7 +145,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-runtime-acm + name: *componentName useNodePortExt: true ports: - name: http-api @@ -180,6 +175,14 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-clamp-runtime-acm + nameOverride: *componentName roles: - read + +readinessCheck: + wait_for: + - message-router + +wait_for_job_container: + containers: + - '{{ include "common.release" . }}-policy-galera-config' \ No newline at end of file diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml index 1894d62a42..d9d9769230 100644 --- a/kubernetes/policy/templates/policy-kafka-topics.yaml +++ b/kubernetes/policy/templates/policy-kafka-topics.yaml @@ -13,19 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.config.useStrimziKafka }} -apiVersion: kafka.strimzi.io/v1beta2 -kind: KafkaTopic -metadata: - name: {{ .Values.config.acRuntimeTopic.name }} - labels: - strimzi.io/cluster: {{ include "common.release" . }}-strimzi -spec: - partitions: {{ .Values.config.acRuntimeTopic.partitions }} - config: - retention.ms: {{ .Values.config.acRuntimeTopic.retentionMs }} - segment.bytes: {{ .Values.config.acRuntimeTopic.segmentBytes }} ---- +{{- if .Values.global.useStrimziKafka }} apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaTopic metadata: diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml index 43edb64c83..c000af1b82 100644 --- a/kubernetes/policy/templates/policy-kafka-user.yaml +++ b/kubernetes/policy/templates/policy-kafka-user.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2022 Nordix Foundation -# Modifications Copyright © 2022 Nordix Foundation +# Copyright © 2022-2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.config.useStrimziKafka }} +{{- if .Values.global.useStrimziKafka }} apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: @@ -29,11 +28,7 @@ spec: acls: - resource: type: group - name: {{ .Values.config.acRuntimeTopic.consumer.groupId }} - operation: All - - resource: - type: topic - name: {{ .Values.config.acRuntimeTopic.name }} + name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }} operation: All - resource: type: topic diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 2fa3d0cbe6..3ff153ac6a 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -18,7 +18,7 @@ # Global configuration defaults. ################################################################# global: - aafEnabled: true + aafEnabled: false mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -36,8 +36,13 @@ global: name3: tcp-pgset-replica container: name: postgres + #Strimzi Kafka properties + useStrimziKafka: true kafkaBootstrap: strimzi-kafka-bootstrap policyKafkaUser: policy-kafka-user + kafkaTopics: + acRuntimeTopic: + name: policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -129,32 +134,23 @@ policy-distribution: db: *dbSecretsHook policy-clamp-ac-k8s-ppnt: enabled: true - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-clamp-ac-pf-ppnt: enabled: true restServer: apiUserExternalSecret: *policyApiCredsSecret papUserExternalSecret: *policyPapCredsSecret - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-clamp-ac-http-ppnt: enabled: true - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-clamp-ac-a1pms-ppnt: enabled: true - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -policy-nexus: - enabled: false - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-clamp-runtime-acm: enabled: true db: *dbSecretsHook config: appUserExternalSecret: *policyAppCredsSecret +policy-nexus: + enabled: false + config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-gui: enabled: false @@ -199,13 +195,6 @@ readiness: config: policyAppUserName: runtimeUser useStrimziKafka: true - acRuntimeTopic: - name: policy-acruntime-participant - partitions: 10 - retentionMs: 7200000 - segmentBytes: 1073741824 - consumer: - groupId: policy-group policyPdpPapTopic: name: policy-pdp-pap partitions: 10 -- 2.16.6