diff options
author | Lukasz Rajewski <lukasz.rajewski@t-mobile.pl> | 2024-04-10 12:21:47 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2024-04-10 12:21:47 +0000 |
commit | bd892a7d0709d0807a009f648eb8fcf283f79ba9 (patch) | |
tree | 85a20b3bd015ace54271c8dbc4b8482b45535702 | |
parent | 1eeb37b34517aecb0fdcef2e486188768b5ee513 (diff) | |
parent | bc8a6a4ce7eb26b1720cd281486ce6a67ee40ac4 (diff) |
Merge "[POLICY] Add kafka support in policy charts"
44 files changed, 169 insertions, 305 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 3a38b88d56..441955f1ed 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -30,23 +30,17 @@ "useHttps": false, "fetchTimeout": 15000, "servers": [ "${KAFKA_URL}" ], -{{ if .Values.global.useStrimziKafkaPf }} "topicCommInfrastructure": "kafka", "additionalProps": { "group.id" : "${GROUP_ID}", "security.protocol": "SASL_PLAINTEXT", "sasl.mechanism": "${SASL}", "sasl.jaas.config": "${JAASLOGIN}" - } -{{ else }} - "topicCommInfrastructure": "dmaap" -{{ end }} - }], + }}], "topicSinks" : [{ "topic": "${PAP_TOPIC}", "useHttps": false, "servers": [ "${KAFKA_URL}" ], -{{ if .Values.global.useStrimziKafkaPf }} "topicCommInfrastructure": "kafka", "additionalProps": { "group.id" : "${GROUP_ID}", @@ -54,9 +48,6 @@ "sasl.mechanism": "${SASL}", "sasl.jaas.config": "${JAASLOGIN}" } -{{ else }} - "topicCommInfrastructure": "dmaap" -{{ end }} }] } } diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml index daed724cbd..5ba0d823f4 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml @@ -31,45 +31,29 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafkaPf }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: ["/bin/sh", "-cx"] -{{- if .Values.global.useStrimziKafkaPf }} args: - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done -{{ else }} - args: - - cd /config-input && for PFILE in `ls -1`; - do envsubst <${PFILE} >/config/${PFILE}; done -{{ end }} env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafkaPf }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config - name: KAFKA_URL - value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} - name: SASL value: {{ .Values.kafkaUser.authenticationType | upper }} - name: GROUP_ID value: {{ .Values.config.kafka.consumer.groupId }} - name: PAP_TOPIC value: {{ .Values.config.app.listener.policyPdpPapTopic }} -{{ else }} - - name: KAFKA_URL - value: message-router - - name: PAP_TOPIC - value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }} -{{- end }} volumeMounts: - mountPath: /config-input name: apexconfig-input diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml index d2fab9f535..4259381afe 100644 --- a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml @@ -13,6 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafkaPf }} {{ include "common.kafkauser" . }} -{{ end }} + diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index e01cb61176..3cea773d0f 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -25,7 +25,6 @@ global: nodePortPrefix: 302 persistence: {} - useStrimziKafkaPf: set-via-parent-chart-global-value ################################################################# # Secrets metaconfig @@ -93,7 +92,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) @@ -145,25 +144,13 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafkaPf: true - kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: groupId: policy-apex app: listener: policyPdpPapTopic: policy-pdp-pap -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# -# Any new property can be added in the env by setting in overrides in the format mentioned below -# All the added properties must be in "key: value" format instead of yaml. + kafkaUser: authenticationType: scram-sha-512 acls: @@ -178,7 +165,3 @@ kafkaUser: type: topic patternType: prefix operations: [Create, Describe, Read, Write] - -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 34d267bc26..31aa1b746a 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -41,40 +41,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index 4ed282ade4..3155cae9a3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-a1pms-ppnt-config diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index ac74011463..5954d657f1 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -21,8 +21,6 @@ ################################################################# global: persistence: {} - #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -77,7 +75,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -140,7 +138,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index 6cc45cc5c6..a04c37fe3d 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -41,40 +41,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 8d0d22901b..dfa6e8d451 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-http-ppnt-config diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 419c2c02aa..17e4d31968 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -67,7 +66,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -130,7 +129,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 761f19c5e3..14deab557b 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -43,40 +43,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index d69a85824e..d3a280a4d4 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-k8s-ppnt-config diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 5d82c83cc5..407f5dd724 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -23,7 +23,6 @@ global: nodePortPrefixExt: 304 persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -89,7 +88,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read flavor: small resources: @@ -147,6 +146,3 @@ kafkaUser: type: topic operations: [Read, Write] -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml index af9d46a807..89cf9494a3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -48,40 +48,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml index f5ecd27ee1..0602a8225d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-kserve-ppnt-config diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml index 16a3f72049..b7e7364eab 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index a432fff142..6f737a0c23 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -67,7 +66,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -129,7 +128,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index f4c26e430a..1cd4ba318c 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -59,40 +59,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 5786fcfabd..038b137dd5 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -49,13 +46,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-pf-ppnt-config diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index c867891b78..b763699019 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -87,7 +86,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -151,7 +150,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 96cb265567..35e42c589d 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -75,40 +75,28 @@ runtime: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} acmParameters: toscaElementName: {{ .Values.customNaming.toscaElementName }} toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index be8c35aaea..b732fad508 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - /app/ready.py args: @@ -66,13 +63,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-runtime-config diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 34cceeded2..cc399d38da 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -23,7 +23,6 @@ global: nodePortPrefixExt: 304 persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -122,7 +121,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: policy-gui-read flavor: small @@ -149,10 +148,6 @@ serviceAccount: roles: - read -readinessCheck: - wait_for: - - message-router - wait_for_job_container: containers: - '{{ include "common.release" . }}-policy-galera-config' diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index cf3c54aab4..2e6efae345 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -56,15 +56,15 @@ PROMETHEUS=true # PDP-D DMaaP configuration channel -PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION -PDPD_CONFIGURATION_SERVERS=message-router +PDPD_CONFIGURATION_TOPIC=pdpd_configuration +PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} PDPD_CONFIGURATION_CONSUMER_GROUP= PDPD_CONFIGURATION_CONSUMER_INSTANCE= PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel -POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_TOPIC=policy-pdp-pap POLICY_PDP_PAP_GROUP=defaultGroup POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools @@ -85,13 +85,13 @@ GUARD_DISABLED=false # DCAE DMaaP -DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT -DCAE_SERVERS=message-router +DCAE_TOPIC=unauthenticated.dcae_cl_output +DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP -DMAAP_SERVERS=message-router +KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} DMAAP_HTTPS="false" # AAI diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf index 761e8afef8..006388af61 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf @@ -15,4 +15,4 @@ # limitations under the License. */}} -POOLING_TOPIC=POOLING +POOLING_TOPIC=pooling diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml new file mode 100644 index 0000000000..1d571df8b7 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2024 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index 013732e2d2..e0e9068a4e 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -59,6 +59,14 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 6e86b3e64a..710acd2c4f 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -41,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:2.1.0 +image: onap/policy-pdpd-cl:2.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -83,7 +83,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read server: jvmOpts: -server -XshowSettings:vm @@ -197,3 +197,24 @@ metrics: chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-drools-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-drools-pdp + type: group + operations: [ Create, Describe, Read, Write ] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 5496d93174..614116ae23 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -75,15 +75,9 @@ pap: name: PapGroup aaf: false topic: - {{ if .Values.global.useStrimziKafkaPf }} pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }} notification.name: {{ .Values.config.kafka.topics.policyNotification }} heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }} - {{ else }} - pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }} - notification.name: {{ .Values.dmaap.topics.policyNotification }} - heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }} - {{ end }} pdpParameters: heartBeatMs: 120000 updateParameters: @@ -97,77 +91,49 @@ pap: topicSources: - useHttps: false fetchTimeout: 15000 - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} - useHttps: false fetchTimeout: 15000 - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyHeartbeat }} effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyHeartbeat }} - effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} topicSinks: - useHttps: false - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} - useHttps: false - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyNotification }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyNotification }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} + # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: # - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 67a2270fb8..cfcbf6384a 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -29,9 +29,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafkaPf }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - /app/ready.py args: @@ -78,13 +75,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafkaPf }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml index d2fab9f535..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafkaPf }} {{ include "common.kafkauser" . }} -{{ end }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 365028c229..484ff64a6c 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,7 +25,6 @@ global: nodePortPrefixExt: 304 persistence: {} - useStrimziKafkaPf: set-via-parent-chart-global-value postgres: localCluster: false @@ -139,7 +138,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: portal-app-read flavor: small @@ -185,8 +184,6 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafkaPf: true - kafkaBootstrap: strimzi-kafka-bootstrap kafka: topics: policyHeartbeat: policy-heartbeat @@ -198,11 +195,6 @@ config: listener: policyPdpPapTopic: policy-pdp-pap -dmaap: - topics: - policyHeartbeat: POLICY-HEARTBEAT - policyNotification: POLICY-NOTIFICATION - policyPdpPap: POLICY-PDP-PAP # If targeting a custom kafka cluster, ie useStrimziKakfa: false # uncomment below config and target your kafka bootstrap servers, # along with any other security config. @@ -233,6 +225,3 @@ kafkaUser: patternType: prefix operations: [Create, Describe, Read, Write] -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 08dcb67182..7bf6707136 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -42,18 +42,30 @@ "applicationPath": "/opt/app/policy/pdpx/apps" }, "topicParameterGroup": { - "topicSources" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "fetchTimeout" : 15000, - "topicCommInfrastructure" : "dmaap" + "topicSources": [{ + "topic": "${PAP_TOPIC}", + "useHttps": false, + "fetchTimeout": 15000, + "servers": [ "${KAFKA_URL}" ], + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id": "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } }], "topicSinks" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "topicCommInfrastructure" : "dmaap" - }] + "topic": "${PAP_TOPIC}", + "useHttps": false, + "servers": [ "${KAFKA_URL}" ], + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id": "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } + }] } } diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index b475d2ce2d..403f6988f9 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -53,7 +53,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -67,6 +67,19 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} volumeMounts: - mountPath: /config-input name: pdpxconfig diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml new file mode 100644 index 0000000000..1d571df8b7 --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2024 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index b9d877fe7b..15ef5e3de1 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -49,9 +49,11 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:3.1.0 +image: onap/policy-xacml-pdp:3.1.1 pullPolicy: Always +componentName: &componentName policy-xacml-pdp + # flag to enable debugging - application support required debugEnabled: false @@ -93,7 +95,7 @@ readiness: service: type: ClusterIP - name: policy-xacml-pdp + name: *componentName internalPort: 6969 ports: - name: http @@ -123,7 +125,7 @@ serviceMesh: - serviceAccount: dcae-ves-collector-read - serviceAccount: dcae-ves-mapper-read - serviceAccount: dcae-ves-openapi-manager-read - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: oof-read - serviceAccount: sdnc-read @@ -147,7 +149,7 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-xacml-pdp + nameOverride: *componentName roles: - read @@ -171,3 +173,26 @@ metrics: chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-xacml-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-xacml-pdp + type: group + operations: [ Create, Describe, Read, Write ] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + + diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml index a787b8b626..feb29f3b0c 100644 --- a/kubernetes/policy/templates/policy-kafka-topics.yaml +++ b/kubernetes/policy/templates/policy-kafka-topics.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.global.useStrimziKafkaPf }} + apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaTopic metadata: @@ -49,4 +49,3 @@ spec: config: retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }} segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }} -{{- end }} diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml index c000af1b82..ed399ed9c7 100644 --- a/kubernetes/policy/templates/policy-kafka-user.yaml +++ b/kubernetes/policy/templates/policy-kafka-user.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.global.useStrimziKafka }} + apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: @@ -42,4 +42,3 @@ spec: type: topic name: {{ .Values.config.policyNotificationTopic.name }} operation: All -{{- end }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 9d08080cf7..370b193da3 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -44,16 +44,11 @@ global: name3: tcp-pgset-replica container: name: postgres - #Strimzi Kafka properties - useStrimziKafka: true - # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml - useStrimziKafkaPf: false - kafkaBootstrap: strimzi-kafka-bootstrap + kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user kafkaTopics: acRuntimeTopic: name: policy.clamp-runtime-acm - ################################################################# # Secrets metaconfig ################################################################# @@ -134,7 +129,7 @@ policy-apex-pdp: config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-drools-pdp: - enabled: true + enabled: false db: *dbSecretsHook config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' @@ -205,7 +200,6 @@ readiness: config: policyAppUserName: runtimeUser - useStrimziKafka: true policyPdpPapTopic: name: policy-pdp-pap partitions: 10 |