1 .. This work is licensed under a
2 .. Creative Commons Attribution 4.0 International License.
3 .. http://creativecommons.org/licenses/by/4.0
6 Policy OOM Installation
7 -----------------------
14 The policy K8S charts are located in the `OOM repository <https://gerrit.onap.org/r/gitweb?p=oom.git;a=tree;f=kubernetes/policy;h=78576c7a0d30cb87054e9776326cdde20986e6e3;hb=refs/heads/master>`_.
16 Please refer to the OOM documentation on how to install and deploy ONAP.
20 To get a listing of the Policy Pods, run the following command:
24 kubectl get pods | grep policy
26 brmsgw ClusterIP 10.43.77.177 <none> 9989/TCP 5d15h app=brmsgw,release=dev-policy
27 drools ClusterIP 10.43.167.154 <none> 6969/TCP,9696/TCP 5d15h app=drools,release=dev-policy
28 nexus ClusterIP 10.43.239.92 <none> 8081/TCP 5d15h app=nexus,release=dev-policy
29 pap NodePort 10.43.207.229 <none> 8443:30219/TCP,9091:30218/TCP 5d15h app=pap,release=dev-policy
30 pdp ClusterIP None <none> 8081/TCP 5d15h app=pdp,release=dev-policy
31 policy-apex-pdp ClusterIP 10.43.226.0 <none> 6969/TCP 5d15h app=policy-apex-pdp,release=dev-policy
32 policy-api ClusterIP 10.43.102.56 <none> 6969/TCP 5d15h app=policy-api,release=dev-policy
33 policy-distribution ClusterIP 10.43.4.211 <none> 6969/TCP 5d15h app=policy-distribution,release=dev-policy
34 policy-pap ClusterIP 10.43.175.164 <none> 6969/TCP 5d15h app=policy-pap,release=dev-policy
35 policy-xacml-pdp ClusterIP 10.43.181.208 <none> 6969/TCP 5d15h app=policy-xacml-pdp,release=dev-policy
36 policydb ClusterIP 10.43.93.233 <none> 3306/TCP 5d15h app=policydb,release=dev-policy
38 Some of these pods are shared between the legacy components and the latest framework components, while others are not.
41 :header: "Policy Pod", "Latest Framework", "Legacy"
45 "drools", "yes", "yes"
49 "policy-apex-pdp", "yes", ""
50 "policy-api", "yes", ""
51 "policy-distribution", "yes", "yes"
52 "policy-pap", "yes", ""
53 "policy-xacml-pdp", "yes", ""
54 "policydb", "yes", "yes"
56 Accessing Policy Containers
57 ***************************
58 Accessing the policy docker containers is the same as for any kubernetes container. Here is an example:
62 kubectl -n onap exec -it dev-policy-policy-xacml-pdp-584844b8cf-9zptx bash
64 Rebuilding and/or modifying the Policy Charts
65 *********************************************
66 The assumption is you have cloned the charts from the OOM repository into a local directory.
68 **Step 1** Go into local copy of OOM charts
70 From your local copy, edit any of the values.yaml files in the policy tree to make desired changes.
72 **Step 2** Build the charts
79 **Step 3** Undeploy Policy
80 After undeploying policy, loop on monitoring the policy pods until they go away.
84 helm del --purge dev-policy
85 kubectl get pods -n onap
87 **Step 4** Delete NFS persisted data for Policy
88 Sudo to root if you logged in using another account such as ubuntu.
92 rm -fr /dockerdata-nfs/dev-policy
94 **Step 5** Re-Deploy Policy pods
95 After deploying policy, loop on monitoring the policy pods until they come up.
99 helm deploy dev-policy local/onap --namespace onap
100 kubectl get pods -n onap
104 For security reasons, the ports for the policy containers are configured as ClusterIP and thus not exposed. If you find you need those ports in a development environment, then the following will expose them.
108 kubectl -n onap expose service policy-api --port=7171 --target-port=6969 --name=api-public --type=NodePort
110 Customizing PDP-D Installations
111 *******************************
113 Credentials and other configuration parameters can be set as values
114 when deploying the policy (drools) subchart. Please refer to
115 `PDP-D Default Values <https://git.onap.org/oom/tree/kubernetes/policy/charts/drools/values.yaml>`_
116 for the current default values. It is strongly recommended that sensitive
117 information is secured appropriately before using in production.
119 Additional customization can be applied to the PDP-D. Custom configuration goes under the
120 "resources" directory of the drools subchart (oom/kubernetes/policy/charts/drools/resources).
121 This requires rebuilding the policy subchart
122 (see section :ref:`Rebuilding and/or modifying the Policy Charts`).
124 Configuration is done by adding or modifying configmaps and/or secrets.
125 Configmaps are placed under "drools/resources/configmaps", and
126 secrets under "drools/resources/secrets".
128 Custom configuration supportes these types of files:
130 * **\*.conf** files to support additional environment configuration.
131 * **features\*.zip** to add additional custom features.
132 * **\*.pre.sh** scripts to be executed before starting the PDP-D process.
133 * **\*.post.sh** scripts to be executed after starting the PDP-D process.
134 * **policy-keystore** to override the PDP-D policy-keystore.
135 * **policy-truststore** to override the PDP-D policy-truststore.
136 * **aaf-cadi.keyfile** to override the PDP-D AAF key.
137 * **\*.properties** to override or add properties files.
142 To *disable AAF*, simply override the "aaf.enabled" value when deploying the helm chart
143 (see the OOM installation instructions mentioned above).
145 To *override the PDP-D keystore or trustore*, add a suitable replacement(s) under
146 "drools/resources/secrets". Modify the drools chart values.yaml with
147 new credentials, and follow the procedures described at
148 :ref:`Rebuilding and/or modifying the Policy Charts` to redeploy the chart.
150 To *disable https* for the DMaaP configuration topic, add a copy of
151 `engine.properties <https://git.onap.org/policy/drools-pdp/tree/policy-management/src/main/server/config/engine.properties>`_
152 with "dmaap.source.topics.PDPD-CONFIGURATION.https" set to "false", or alternatively
153 create a ".pre.sh" script (see above) that edits this file before the PDP-D is