aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2024-09-10 06:32:53 +0000
committerGerrit Code Review <gerrit@onap.org>2024-09-10 06:32:53 +0000
commit01f83d9602683b6b96c0e76fcb6b437b8bc87c16 (patch)
treed428aefe842a97a3df7f6a18e563cbecd2d19d6c
parentbea8f3a6f3db1060ade64faa219cce6bf453cdb2 (diff)
parentf7ae955675b9b3a2710ddefd00fc5b223a9ec83c (diff)
Merge "[POLICY] Fix postgres support and SASL"
-rwxr-xr-xkubernetes/policy/Chart.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-api/Chart.yaml2
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml26
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml6
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml52
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml12
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/Chart.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf29
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties37
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties41
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf (renamed from kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf)3
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml88
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/values.yaml59
-rwxr-xr-xkubernetes/policy/components/policy-nexus/Chart.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-pap/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml19
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-pap/templates/deployment.yaml60
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/Chart.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties32
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml21
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/values.yaml12
-rw-r--r--kubernetes/policy/resources/config/db-pg.sh8
-rw-r--r--kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh23
-rw-r--r--kubernetes/policy/resources/config/db_migrator_policy_init.sh25
-rwxr-xr-xkubernetes/policy/templates/job.yaml333
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/values.yaml14
31 files changed, 634 insertions, 320 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index ee6dabc015..9b631c7af5 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -19,7 +19,7 @@
apiVersion: v2
description: ONAP Policy
name: policy
-version: 14.0.4
+version: 14.0.5
dependencies:
- name: common
@@ -28,7 +28,7 @@ dependencies:
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
- condition: global.mariadbGalera.localCluster
+ condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster
- name: policy-nexus
version: ~14.x-0
repository: 'file://components/policy-nexus'
@@ -93,4 +93,4 @@ dependencies:
- name: postgres
version: ~13.x-0
repository: '@local'
- condition: global.postgres.localCluster
+ condition: global.postgres.useInPolicy,global.postgres.localCluster
diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index ef0b5eae94..f5c876646b 100755
--- a/kubernetes/policy/components/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Design API
name: policy-api
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 4e73dc0b5b..c39a27bdeb 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,7 +32,7 @@ spring:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 2f135fac5e..f89945f90e 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -13,10 +33,10 @@ spec:
- /app/ready.py
args:
- --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
+ - {{ include "common.release" . }}-policy-pg-migrator-config
{{ end }}
env:
- name: NAMESPACE
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 9193366422..902268f41a 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,9 @@ global:
nodePortPrefix: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
index 0dd1f34fcf..ef9a7494ec 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
@@ -1,7 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2021-2024 Nordix Foundation
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
name: policy-clamp-runtime-acm
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
@@ -33,4 +33,4 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 35e42c589d..2e09397806 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,8 +25,13 @@ spring:
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ url: jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/clampacm
driverClassName: org.mariadb.jdbc.Driver
+ {{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm
+ driverClassName: org.postgresql.Driver
+ {{ end }}
username: ${SQL_USER}
password: ${SQL_PASSWORD}
hikari:
@@ -42,7 +47,11 @@ spring:
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
properties:
hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ dialect: org.hibernate.dialect.MariaDBDialect
+ {{ else }}
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ {{ end }}
format_sql: true
metrics:
@@ -105,4 +114,4 @@ management:
endpoints:
web:
exposure:
- include: health, metrics, prometheus
+ include: health, metrics, prometheus \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
index 462f2e517b..5a206b996e 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -31,10 +31,14 @@ spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -44,7 +48,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{ include "common.containerSecurityContext" . | indent 8 | trim }}
- name: {{ include "common.name" . }}-galera-config-readiness
+ name: {{ include "common.name" . }}-db-config-readiness
resources:
limits:
cpu: "100m"
@@ -63,14 +67,16 @@ spec:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
@@ -103,27 +109,33 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - name: logs
- mountPath: /var/log/onap
- - name: empty-dir
- mountPath: /tmp
- subPath: tmp-dir
- - mountPath: /opt/app/policy/clamp/etc/logback.xml
- subPath: logback.xml
- name: ac-runtime-config-processed
- - mountPath: /opt/app/policy/clamp/etc/mounted
- name: ac-runtime-config-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-runtime-config-processed
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-runtime-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index b030f940de..eb974d6ed2 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -23,6 +23,10 @@
global:
nodePortPrefixExt: 304
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#Strimzi Kafka properties
kafkaTopics:
acRuntimeTopic:
@@ -85,8 +89,10 @@ db:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
# default number of instances
replicaCount: 1
@@ -160,7 +166,7 @@ serviceAccount:
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config'
+ - '{{ include "common.release" . }}-galera-migrator-config'
customNaming:
toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
index 710a04f111..25060ae593 100755
--- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
@@ -19,7 +19,7 @@
apiVersion: v2
description: ONAP Drools Policy Engine (PDP-D)
name: policy-drools-pdp
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index 2e6efae345..dc7f788405 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -2,6 +2,7 @@
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
# JVM options
-JVM_OPTIONS={{.Values.server.jvmOpts}}
+JVM_OPTIONS={{ .Values.server.jvmOpts | quote }}
# SYSTEM software configuration
@@ -40,11 +41,21 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
-SQL_HOST={{ .Values.db.name }}
-SQL_PORT=3306
-JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+SQL_HOST={{ .Values.db.mariadbName }}
+SQL_PORT={{ .Values.db.mariadbPort }}
+JDBC_URL=jdbc:mariadb://{{ .Values.db.mariadbName }}:{{ .Values.db.mariadbPort }}/
JDBC_OPTS=
+JDBC_DRIVER=org.mariadb.jdbc.Driver
MYSQL_CMD=
+{{ else }}
+SQL_HOST={{ .Values.db.pgName }}
+SQL_PORT={{ .Values.db.pgPort }}
+JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/
+JDBC_OPTS=
+JDBC_DRIVER=org.postgresql.Driver
+MYSQL_CMD=
+{{ end }}
# Liveness
LIVENESS_CONTROLLERS=*
@@ -92,7 +103,15 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+KAFKA_ADDITIONAL_PROPS="{
+ \"group.id\": \"${GROUP_ID}\",
+ \"security.protocol\": \"SASL_PLAINTEXT\",
+ \"sasl.mechanism\": \"${SASL}\",
+ \"sasl.jaas.config\": \"${JAASLOGIN}\"
+ }"
+
DMAAP_HTTPS="false"
+KAFKA_HTTPS="false"
# AAI
@@ -122,4 +141,4 @@ SDNC_CONTEXT_URI=restconf/operations/
# CDS
CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
-CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties
new file mode 100644
index 0000000000..d4577b577a
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties
@@ -0,0 +1,37 @@
+###
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#Database properties
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ else }}
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ end }}
+
+# default property values are commented out
+#distributed.locking.expire.check.seconds=900
+#distributed.locking.retry.seconds=60
+#distributed.locking.max.retries=2 \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties
new file mode 100644
index 0000000000..26e10122da
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties
@@ -0,0 +1,41 @@
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup}
+lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools}
+
+# Mandatory policy types that this PDP-D must support at a minimum
+lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES}
+
+kafka.source.topics=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics=${envd:POLICY_PDP_PAP_TOPIC}
+
+kafka.source.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.source.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.source.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.source.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.source.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.source.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
+
+kafka.sink.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.sink.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.sink.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.sink.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.sink.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf
index 006388af61..c9277b69d3 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf
@@ -1,6 +1,7 @@
{{/*
# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada.
+# Modifications Copyright © 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,4 +16,4 @@
# limitations under the License.
*/}}
-POOLING_TOPIC=pooling
+POOLING_TOPIC=policy-pdp-pooling
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index 3f25d964e4..a24476cc74 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,7 +33,11 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -82,13 +87,43 @@ spec:
cpu: "3m"
memory: "20Mi"
{{- end }}
+ - command:
+ - sh
+ args:
+ - -c
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ {{- if .Values.global.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: drools-config
+ - mountPath: /config
+ name: drools-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ args:
+ - ls /tmp/policy-install;
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -112,6 +147,9 @@ spec:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
- name: logs
mountPath: /var/log/onap
- name: empty-dir
@@ -119,28 +157,42 @@ spec:
subPath: tmp-dir
- mountPath: /opt/app/policy/etc/profile.d/base.conf
subPath: base.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/credentials.conf
+ subPath: credentials.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf
+ subPath: feature-pooling-messages.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-lifecycle.properties
+ subPath: feature-lifecycle.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/engine-system.properties
+ subPath: engine-system.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-distributed-locking.properties
+ subPath: feature-distributed-locking.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/logback.xml
+ subPath: logback.xml
name: drools-config
- {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-secret
- subPath: {{ base $path }}
- {{- end }}
- {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-config
- subPath: {{ base $path }}
- {{- end }}
+ - mountPath: /opt/app/policy/config/settings.xml
+ subPath: settings.xml
+ name: drools-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
@@ -156,6 +208,10 @@ spec:
path: {{ base $path }}
mode: 0755
{{- end }}
+ - name: drools-config-processed
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
- name: drools-secret
secret:
secretName: {{ include "common.fullname" . }}-secret
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index b1a26fb669..f22d642e95 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,7 +21,10 @@
#################################################################
global:
nodePortPrefix: 302
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -42,7 +46,9 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
+# The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes
image: onap/policy-pdpd-cl:2.1.3
+
pullPolicy: Always
# flag to enable debugging - application support required
@@ -87,7 +93,7 @@ serviceMesh:
- serviceAccount: strimzi-kafka-read
server:
- jvmOpts: -server -XshowSettings:vm
+ jvmOpts: "-server -XshowSettings:vm"
telemetry:
user: demo@people.osaaf.org
@@ -101,7 +107,10 @@ nexus:
offline: true
db:
- name: policy-mariadb
+ mariadbName: policy-mariadb
+ pgName: policy-pg-primary
+ mariadbPort: 3306
+ pgPort: 5432
user: policy-user
password: policy_user
@@ -229,3 +238,47 @@ kafkaUser:
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
+ - name: a1-p-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: a1-p
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-read
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-write
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_cl_rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: unauthenticated.dcae_cl_output
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_topic
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-cl-mgt
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml
index ae8eebe50b..dcb3c3ac72 100755
--- a/kubernetes/policy/components/policy-nexus/Chart.yaml
+++ b/kubernetes/policy/components/policy-nexus/Chart.yaml
@@ -19,7 +19,7 @@
apiVersion: v2
description: ONAP Policy Nexus
name: policy-nexus
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index b82785f2b8..cc75a9fe15 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
# Modifications Copyright © 2024 Deutsche Telekom
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,6 +21,10 @@
global:
nodePortPrefix: 302
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index 1fd621beb0..2122e6fb3f 100755
--- a/kubernetes/policy/components/policy-pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -23,7 +23,7 @@
apiVersion: v2
description: ONAP Policy Administration (PAP)
name: policy-pap
-version: 14.0.1
+version: 14.0.2
dependencies:
- name: common
@@ -34,4 +34,4 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 614116ae23..58dfc9f497 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -1,6 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,7 +26,7 @@ spring:
converters:
preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
@@ -34,9 +34,6 @@ spring:
hikari:
maximumPoolSize: 20
jpa:
- properties:
- hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
hibernate:
ddl-auto: none
naming:
@@ -58,10 +55,6 @@ spring:
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- properties:
- hibernate:
- dialect: org.hibernate.dialect.PostgreSQLDialect
- format_sql: true
{{ end }}
server:
@@ -73,7 +66,6 @@ server:
pap:
name: PapGroup
- aaf: false
topic:
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
@@ -151,13 +143,6 @@ pap:
password: "${API_PASSWORD}"
useHttps: false
basePath: policy/api/v1/healthcheck
- - clientName: distribution
- hostname: policy-distribution
- port: 6969
- userName: "${DISTRIBUTION_USER}"
- password: "${DISTRIBUTION_PASSWORD}"
- useHttps: false
- basePath: healthcheck
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 8f00eb049f..f7c400865f 100755..100644
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -2,6 +2,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,19 +33,20 @@ spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
-{{ end }} env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{ include "common.containerSecurityContext" . | indent 8 | trim }}
@@ -78,11 +80,13 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
@@ -126,27 +130,33 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - name: logs
- mountPath: /var/log/onap
- - name: empty-dir
- mountPath: /tmp
- subPath: tmp-dir
- - mountPath: /opt/app/policy/pap/etc/logback.xml
- subPath: logback.xml
- name: papconfig-processed
- - name: papconfig-processed
- mountPath: /opt/app/policy/pap/etc/mounted
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pap/etc/logback.xml
+ subPath: logback.xml
+ name: papconfig-processed
+ - name: papconfig-processed
+ mountPath: /opt/app/policy/pap/etc/mounted
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: empty-dir
emptyDir:
sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index d7384a5e65..4c6f5355e0 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -2,7 +2,7 @@
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,7 +27,9 @@ global:
nodePortPrefixExt: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
index 8bb17a53de..a02171ef31 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 14.0.2
+version: 14.0.3
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index d2e9c62edf..3df3578fd2 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -1,4 +1,22 @@
{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
#
# Properties that the embedded PDP engine uses to configure and load
#
@@ -49,8 +67,14 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
#
# JPA Properties
#
+{{ if .Values.global.mariadbGalera.useInPolicy }}
eclipselink.target-database=MySQL
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory
+{{ else }}
+eclipselink.target-database=PostgreSQL
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory
+{{ end }}
+jakarta.persistence.jdbc.user=${SQL_USER}
+jakarta.persistence.jdbc.password=${SQL_PASSWORD} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index ce11fe71e5..828f6ec2c7 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,7 +35,11 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -155,14 +160,17 @@ spec:
name: pdpxconfig-processed
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -190,6 +198,9 @@ spec:
- name: logs
emptyDir:
sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 18ddfdfeba..b20ab89370 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -22,7 +23,10 @@
#################################################################
global:
persistence: {}
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -64,8 +68,10 @@ db:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
restServer:
user: healthcheck
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
index f26a80fad7..913ccc7728 100644
--- a/kubernetes/policy/resources/config/db-pg.sh
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,10 +20,10 @@
export PGPASSWORD=${PG_ADMIN_PASSWORD};
-psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'"
for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
- psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
-done
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";"
+done \ No newline at end of file
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
index 53921ab751..15a6e3224f 100644
--- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -1,6 +1,6 @@
#!/bin/sh
{{/*
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,8 +14,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
index d1cc108fec..a1d8fd89ea 100644
--- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh
+++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
@@ -1,6 +1,6 @@
#!/bin/sh
{{/*
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,8 +14,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
+
+exit $rc \ No newline at end of file
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 2c0ee783d5..3886a85d11 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2024 Nordix Foundation.
# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,7 +17,7 @@
# limitations under the License.
*/}}
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -68,6 +68,7 @@ spec:
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- "-c"
@@ -101,7 +102,7 @@ spec:
path: db.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
@@ -153,6 +154,7 @@ spec:
resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
@@ -187,110 +189,104 @@ spec:
- key: db-pg.sh
path: db-pg.sh
{{ end }}
-
---
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-galera-config
+ name: {{ include "common.fullname" . }}-galera-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-galera-config
+ name: {{ include "common.name" . }}-galera-migrator-config
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-galera-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-galera-db-migrator
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_policy_init.sh
- - mountPath: /opt/app/policy/etc/db
- name: db-conf
- command:
- - /bin/sh
- - -cx
- - |
+ - name: {{ include "common.name" . }}-galera-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
{{- if include "common.requireSidecarKiller" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "sql"
- resources: {{ include "common.resources" . | nindent 10 }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if (include "common.requireSidecarKiller" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- resources:
- limits:
- cpu: 100m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 10Mi
+ - name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -298,116 +294,107 @@ spec:
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
- - name: db-conf
- emptyDir:
- medium: Memory
- sizeLimit: 64Mi
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-pg-config
+ name: {{ include "common.fullname" . }}-pg-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-pg-config
+ name: {{ include "common.name" . }}-pg-migrator-config
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-pg-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-pg-db-migrator
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_pg_policy_init.sh
- - mountPath: /opt/app/policy/etc/db
- name: db-conf
- command:
- - /bin/sh
- - -cx
- - |
+ - name: {{ include "common.name" . }}-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ command:
+ - /bin/sh
+ - -cx
+ - |
{{- if include "common.requireSidecarKiller" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_pg_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ .Values.postgres.service.name2 }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "postgres"
- - name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources: {{ include "common.resources" . | nindent 10 }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if (include "common.requireSidecarKiller" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ include "common.containerSecurityContext" . | indent 8 | trim }}
- resources:
- limits:
- cpu: 100m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 10Mi
+ - name: policy-service-mesh-wait-for-job-container
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -415,8 +402,4 @@ spec:
items:
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
- - name: db-conf
- emptyDir:
- medium: Memory
- sizeLimit: 64Mi
-{{ end }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index ccd8223284..67f4dbd1e5 100755..100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -35,6 +35,7 @@ global:
nameOverride: *mariadbService
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
+ useInPolicy: true
prometheusEnabled: false
postgres:
localCluster: false
@@ -44,8 +45,10 @@ global:
name3: tcp-pgset-replica
container:
name: postgres
+ useInPolicy: false
kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
@@ -56,8 +59,8 @@ secrets:
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary (
+ ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
@@ -164,8 +167,11 @@ policy-nexus:
#################################################################
dbmigrator:
+ # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later.
image: onap/policy-db-migrator:3.1.3
- schema: policyadmin
+ # These schemas will be required with the new version of db-migrator
+ # schemas: "policyadmin clampacm pooling operationshistory"
+ schemas: "policyadmin"
policy_home: "/opt/app/policy"
subChartsOnly:
@@ -305,4 +311,4 @@ securityContext:
serviceAccount:
nameOverride: policy
roles:
- - read
+ - read \ No newline at end of file