diff options
| author |   saul.gill <saul.gill@est.tech> | 2024-03-07 12:43:01 +0000 |
|---|---|---|
| committer | saul.gill <saul.gill@est.tech> | 2024-09-02 11:17:11 +0100 |
| commit | f7ae955675b9b3a2710ddefd00fc5b223a9ec83c (patch) | |
| tree | 6f557db92abd54d037528420ef3a384e7b64827c | |
| parent | 4c0b307d0dcd4220ccf84f7d002c4cf436e4984d (diff) | |
[POLICY] Fix postgres support and SASL
Charts will allow mariadb or postgres
Allow configuration of db choice globally
Deleted jobs that aren't needed
Altered db migrator script
Allow SASL config in drools
Drools chart fixed
Removed readiness jobs for kafka
Exposed more config for drools
Issue-ID: POLICY-4943
Change-Id: I26c4a7c1adc2d615602e3e6495ecedfb017ef39e
Signed-off-by: saul.gill <saul.gill@est.tech>
31 files changed, 634 insertions, 320 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index ee6dabc015..9b631c7af5 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 14.0.4 +version: 14.0.5 dependencies: - name: common @@ -28,7 +28,7 @@ dependencies: - name: mariadb-galera version: ~13.x-0 repository: '@local' - condition: global.mariadbGalera.localCluster + condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster - name: policy-nexus version: ~14.x-0 repository: 'file://components/policy-nexus' @@ -93,4 +93,4 @@ dependencies: - name: postgres version: ~13.x-0 repository: '@local' - condition: global.postgres.localCluster + condition: global.postgres.useInPolicy,global.postgres.localCluster diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index ef0b5eae94..f5c876646b 100755 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Design API name: policy-api -version: 14.0.1 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 4e73dc0b5b..c39a27bdeb 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2022 AT&T Intellectual Property. # Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modifications Copyright © 2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +32,7 @@ spring: password: "${RESTSERVER_PASSWORD}" mvc.converters.preferred-json-mapper: gson datasource: -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 2f135fac5e..f89945f90e 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -13,10 +33,10 @@ spec: - /app/ready.py args: - --job-name -{{ if not .Values.global.postgres.localCluster }} - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config {{ else }} - - {{ include "common.release" . }}-policy-pg-config + - {{ include "common.release" . }}-policy-pg-migrator-config {{ end }} env: - name: NAMESPACE diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 9193366422..902268f41a 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. +# Modifications Copyright © 2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,9 @@ global: nodePortPrefix: 304 persistence: {} postgres: - localCluster: false + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 0dd1f34fcf..ef9a7494ec 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021-2022 Nordix Foundation +# Modifications Copyright © 2021-2024 Nordix Foundation # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime name: policy-clamp-runtime-acm -version: 14.0.1 +version: 14.0.2 dependencies: - name: common @@ -33,4 +33,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 35e42c589d..2e09397806 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,8 +25,13 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm + {{ if .Values.global.mariadbGalera.useInPolicy }} + url: jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/clampacm driverClassName: org.mariadb.jdbc.Driver + {{ else }} + url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm + driverClassName: org.postgresql.Driver + {{ end }} username: ${SQL_USER} password: ${SQL_PASSWORD} hikari: @@ -42,7 +47,11 @@ spring: implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy properties: hibernate: - dialect: org.hibernate.dialect.MariaDB103Dialect + {{ if .Values.global.mariadbGalera.useInPolicy }} + dialect: org.hibernate.dialect.MariaDBDialect + {{ else }} + dialect: org.hibernate.dialect.PostgreSQLDialect + {{ end }} format_sql: true metrics: @@ -105,4 +114,4 @@ management: endpoints: web: exposure: - include: health, metrics, prometheus + include: health, metrics, prometheus
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index 462f2e517b..5a206b996e 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -31,10 +31,14 @@ spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - - /app/ready.py + - /app/ready.py args: - - --job-name - - {{ include "common.release" . }}-policy-galera-config + - --job-name +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -44,7 +48,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-galera-config-readiness + name: {{ include "common.name" . }}-db-config-readiness resources: limits: cpu: "100m" @@ -63,14 +67,16 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: RUNTIME_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config +{{- end }} volumeMounts: - mountPath: /config-input name: ac-runtime-config @@ -103,27 +109,33 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: logs - mountPath: /var/log/onap - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - mountPath: /opt/app/policy/clamp/etc/logback.xml - subPath: logback.xml - name: ac-runtime-config-processed - - mountPath: /opt/app/policy/clamp/etc/mounted - name: ac-runtime-config-processed + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-runtime-config-processed + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-runtime-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index b030f940de..eb974d6ed2 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -23,6 +23,10 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true #Strimzi Kafka properties kafkaTopics: acRuntimeTopic: @@ -85,8 +89,10 @@ db: user: policy-user password: policy_user service: - name: policy-mariadb - internalPort: 3306 + mariadbName: policy-mariadb + mariadbPort: 3306 + pgName: policy-pg-primary + pgPort: 5432 # default number of instances replicaCount: 1 @@ -160,7 +166,7 @@ serviceAccount: wait_for_job_container: containers: - - '{{ include "common.release" . }}-policy-galera-config' + - '{{ include "common.release" . }}-galera-migrator-config' customNaming: toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 710a04f111..25060ae593 100755 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Drools Policy Engine (PDP-D) name: policy-drools-pdp -version: 14.0.1 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 2e6efae345..dc7f788405 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -2,6 +2,7 @@ # Copyright © 2017-2018 Amdocs, Bell Canada. # Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property. # Modifications Copyright (C) 2021 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ # JVM options -JVM_OPTIONS={{.Values.server.jvmOpts}} +JVM_OPTIONS={{ .Values.server.jvmOpts | quote }} # SYSTEM software configuration @@ -40,11 +41,21 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.db.name }} -SQL_PORT=3306 -JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/ +{{ if .Values.global.mariadbGalera.useInPolicy }} +SQL_HOST={{ .Values.db.mariadbName }} +SQL_PORT={{ .Values.db.mariadbPort }} +JDBC_URL=jdbc:mariadb://{{ .Values.db.mariadbName }}:{{ .Values.db.mariadbPort }}/ JDBC_OPTS= +JDBC_DRIVER=org.mariadb.jdbc.Driver MYSQL_CMD= +{{ else }} +SQL_HOST={{ .Values.db.pgName }} +SQL_PORT={{ .Values.db.pgPort }} +JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/ +JDBC_OPTS= +JDBC_DRIVER=org.postgresql.Driver +MYSQL_CMD= +{{ end }} # Liveness LIVENESS_CONTROLLERS=* @@ -92,7 +103,15 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} +KAFKA_ADDITIONAL_PROPS="{ + \"group.id\": \"${GROUP_ID}\", + \"security.protocol\": \"SASL_PLAINTEXT\", + \"sasl.mechanism\": \"${SASL}\", + \"sasl.jaas.config\": \"${JAASLOGIN}\" + }" + DMAAP_HTTPS="false" +KAFKA_HTTPS="false" # AAI @@ -122,4 +141,4 @@ SDNC_CONTEXT_URI=restconf/operations/ # CDS CDS_GRPC_HOST={{.Values.cds.grpc.svcName}} -CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} +CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties new file mode 100644 index 0000000000..d4577b577a --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties @@ -0,0 +1,37 @@ +### +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +#Database properties +{{ if .Values.global.mariadbGalera.useInPolicy }} +jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver +jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS} +jakarta.persistence.jdbc.user=${envd:SQL_USER} +jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD} +{{ else }} +jakarta.persistence.jdbc.driver=org.postgresql.Driver +jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS} +jakarta.persistence.jdbc.user=${envd:SQL_USER} +jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD} +{{ end }} + +# default property values are commented out +#distributed.locking.expire.check.seconds=900 +#distributed.locking.retry.seconds=60 +#distributed.locking.max.retries=2
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties new file mode 100644 index 0000000000..26e10122da --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties @@ -0,0 +1,41 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup} +lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools} + +# Mandatory policy types that this PDP-D must support at a minimum +lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES} + +kafka.source.topics=${envd:POLICY_PDP_PAP_TOPIC} +kafka.sink.topics=${envd:POLICY_PDP_PAP_TOPIC} + +kafka.source.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS} +kafka.source.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +kafka.source.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +kafka.source.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +kafka.source.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false} +kafka.source.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS} + +kafka.sink.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS} +kafka.sink.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +kafka.sink.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +kafka.sink.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +kafka.sink.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false} +kafka.sink.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS} diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf index 006388af61..c9277b69d3 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf @@ -1,6 +1,7 @@ {{/* # Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada. +# Modifications Copyright © 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +16,4 @@ # limitations under the License. */}} -POOLING_TOPIC=pooling +POOLING_TOPIC=policy-pdp-pooling diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index 3f25d964e4..a24476cc74 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property +# Modifications Copyright (C) 2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +33,11 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -82,13 +87,43 @@ spec: cpu: "3m" memory: "20Mi" {{- end }} + - command: + - sh + args: + - -c + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + {{- if .Values.global.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + {{- end }} + volumeMounts: + - mountPath: /config-input + name: drools-config + - mountPath: /config + name: drools-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] - args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] + args: + - ls /tmp/policy-install; + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: @@ -112,6 +147,9 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true - name: logs mountPath: /var/log/onap - name: empty-dir @@ -119,28 +157,42 @@ spec: subPath: tmp-dir - mountPath: /opt/app/policy/etc/profile.d/base.conf subPath: base.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/credentials.conf + subPath: credentials.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf + subPath: feature-pooling-messages.conf + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-lifecycle.properties + subPath: feature-lifecycle.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/engine-system.properties + subPath: engine-system.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-distributed-locking.properties + subPath: feature-distributed-locking.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/logback.xml + subPath: logback.xml name: drools-config - {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} - name: drools-secret - subPath: {{ base $path }} - {{- end }} - {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} - name: drools-config - subPath: {{ base $path }} - {{- end }} + - mountPath: /opt/app/policy/config/settings.xml + subPath: settings.xml + name: drools-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} @@ -156,6 +208,10 @@ spec: path: {{ base $path }} mode: 0755 {{- end }} + - name: drools-config-processed + emptyDir: + medium: Memory + sizeLimit: 64Mi - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index b1a26fb669..f22d642e95 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs # Copyright © 2017, 2021 Bell Canada # Modifications Copyright © 2018-2022 AT&T Intellectual Property +# Modifications Copyright (C) 2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +21,10 @@ ################################################################# global: nodePortPrefix: 302 - + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig ################################################################# @@ -42,7 +46,9 @@ secrets: # Application configuration defaults. ################################################################# # application image +# The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes image: onap/policy-pdpd-cl:2.1.3 + pullPolicy: Always # flag to enable debugging - application support required @@ -87,7 +93,7 @@ serviceMesh: - serviceAccount: strimzi-kafka-read server: - jvmOpts: -server -XshowSettings:vm + jvmOpts: "-server -XshowSettings:vm" telemetry: user: demo@people.osaaf.org @@ -101,7 +107,10 @@ nexus: offline: true db: - name: policy-mariadb + mariadbName: policy-mariadb + pgName: policy-pg-primary + mariadbPort: 3306 + pgPort: 5432 user: policy-user password: policy_user @@ -229,3 +238,47 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + - name: a1-p-rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: a1-p + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-cl + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-lcm-read + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-lcm-write + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: dcae_cl_rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: unauthenticated.dcae_cl_output + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: dcae_topic + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: policy-cl-mgt + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: sdnr-cl-rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: sdnr-cl + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index ae8eebe50b..dcb3c3ac72 100755 --- a/kubernetes/policy/components/policy-nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy Nexus name: policy-nexus -version: 14.0.1 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index b82785f2b8..cc75a9fe15 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property # Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright (C) 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +21,10 @@ global: nodePortPrefix: 302 persistence: {} + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Application configuration defaults. diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 1fd621beb0..2122e6fb3f 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -23,7 +23,7 @@ apiVersion: v2 description: ONAP Policy Administration (PAP) name: policy-pap -version: 14.0.1 +version: 14.0.2 dependencies: - name: common @@ -34,4 +34,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 614116ae23..58dfc9f497 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. -# Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2022-2024 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ spring: converters: preferred-json-mapper: gson datasource: -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" @@ -34,9 +34,6 @@ spring: hikari: maximumPoolSize: 20 jpa: - properties: - hibernate: - dialect: org.hibernate.dialect.MariaDB103Dialect hibernate: ddl-auto: none naming: @@ -58,10 +55,6 @@ spring: naming: physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy - properties: - hibernate: - dialect: org.hibernate.dialect.PostgreSQLDialect - format_sql: true {{ end }} server: @@ -73,7 +66,6 @@ server: pap: name: PapGroup - aaf: false topic: pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }} notification.name: {{ .Values.config.kafka.topics.policyNotification }} @@ -151,13 +143,6 @@ pap: password: "${API_PASSWORD}" useHttps: false basePath: policy/api/v1/healthcheck - - clientName: distribution - hostname: policy-distribution - port: 6969 - userName: "${DISTRIBUTION_USER}" - password: "${DISTRIBUTION_PASSWORD}" - useHttps: false - basePath: healthcheck management: endpoints: diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 8f00eb049f..f7c400865f 100755..100644 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -2,6 +2,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,19 +33,20 @@ spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - - /app/ready.py + - /app/ready.py args: - - --job-name -{{ if not .Values.global.postgres.localCluster }} - - {{ include "common.release" . }}-policy-galera-config + - --job-name +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config {{ else }} - - {{ include "common.release" . }}-policy-pg-config -{{ end }} env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{ include "common.containerSecurityContext" . | indent 8 | trim }} @@ -78,11 +80,13 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config +{{- end }} volumeMounts: - mountPath: /config-input name: papconfig @@ -126,27 +130,33 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: - - name: logs - mountPath: /var/log/onap - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - mountPath: /opt/app/policy/pap/etc/logback.xml - subPath: logback.xml - name: papconfig-processed - - name: papconfig-processed - mountPath: /opt/app/policy/pap/etc/mounted + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/pap/etc/logback.xml + subPath: logback.xml + name: papconfig-processed + - name: papconfig-processed + mountPath: /opt/app/policy/pap/etc/mounted resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index d7384a5e65..4c6f5355e0 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. -# Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2022-2024 Nordix Foundation # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +27,9 @@ global: nodePortPrefixExt: 304 persistence: {} postgres: - localCluster: false + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index 8bb17a53de..a02171ef31 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp -version: 14.0.2 +version: 14.0.3 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index d2e9c62edf..3df3578fd2 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -1,4 +1,22 @@ {{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + # # Properties that the embedded PDP engine uses to configure and load # @@ -49,8 +67,14 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # # JPA Properties # +{{ if .Values.global.mariadbGalera.useInPolicy }} eclipselink.target-database=MySQL -javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver -javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory -javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver +jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory +{{ else }} +eclipselink.target-database=PostgreSQL +jakarta.persistence.jdbc.driver=org.postgresql.Driver +jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory +{{ end }} +jakarta.persistence.jdbc.user=${SQL_USER} +jakarta.persistence.jdbc.password=${SQL_PASSWORD}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index ce11fe71e5..828f6ec2c7 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,7 +35,11 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -155,14 +160,17 @@ spec: name: pdpxconfig-processed - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed + - mountPath: /etc/localtime + name: localtime + readOnly: true resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -190,6 +198,9 @@ spec: - name: logs emptyDir: sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} + - name: localtime + hostPath: + path: /etc/localtime - name: pdpxconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 18ddfdfeba..b20ab89370 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +23,10 @@ ################################################################# global: persistence: {} - + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig ################################################################# @@ -64,8 +68,10 @@ db: user: policy-user password: policy_user service: - name: policy-mariadb - internalPort: 3306 + mariadbName: policy-mariadb + mariadbPort: 3306 + pgName: policy-pg-primary + pgPort: 5432 restServer: user: healthcheck diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh index f26a80fad7..913ccc7728 100644 --- a/kubernetes/policy/resources/config/db-pg.sh +++ b/kubernetes/policy/resources/config/db-pg.sh @@ -1,7 +1,7 @@ #!/bin/sh # # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,10 +20,10 @@ export PGPASSWORD=${PG_ADMIN_PASSWORD}; -psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'" +psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'" for db in migration pooling policyadmin policyclamp operationshistory clampacm do psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};" - psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};" -done + psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";" +done
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh index 53921ab751..15a6e3224f 100644 --- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh +++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh @@ -1,6 +1,6 @@ #!/bin/sh {{/* -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022, 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,8 +14,19 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} -/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade -rc=$? -/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report -exit $rc + +for schema in ${SQL_DB}; do + echo "Initializing $schema..." + /opt/app/policy/bin/prepare_upgrade.sh ${schema} + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade + rc=$? + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report + + if [ "$rc" != 0 ]; then + break + fi +done diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh index d1cc108fec..a1d8fd89ea 100644 --- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh +++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh @@ -1,6 +1,6 @@ #!/bin/sh {{/* -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021, 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,8 +14,21 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} -/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade -rc=$? -/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report -exit $rc + +for schema in ${SQL_DB}; do + echo "Initializing $schema..." + /opt/app/policy/bin/prepare_upgrade.sh ${schema} + + /opt/app/policy/bin/db-migrator -s ${schema} -o report + + /opt/app/policy/bin/db-migrator -s ${schema} -o upgrade + rc=$? + + /opt/app/policy/bin/db-migrator -s ${schema} -o report + + if [ "$rc" != 0 ]; then + break + fi +done + +exit $rc
\ No newline at end of file diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 2c0ee783d5..3886a85d11 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2022 Nordix Foundation. +# Modifications Copyright (C) 2022-2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,7 +17,7 @@ # limitations under the License. */}} -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} apiVersion: batch/v1 kind: Job metadata: @@ -68,6 +68,7 @@ spec: - name: policy-service-mesh-wait-for-job-container image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - /bin/sh - "-c" @@ -101,7 +102,7 @@ spec: path: db.sh {{ end }} -{{ if .Values.global.postgres.localCluster }} +{{ if .Values.global.postgres.useInPolicy }} --- apiVersion: batch/v1 kind: Job @@ -153,6 +154,7 @@ spec: resources: {{ include "common.resources" . | nindent 10 }} {{- if (include "common.requireSidecarKiller" .) }} - name: policy-service-mesh-wait-for-job-container + {{ include "common.containerSecurityContext" . | indent 8 | trim }} image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: @@ -187,110 +189,104 @@ spec: - key: db-pg.sh path: db-pg.sh {{ end }} - --- -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.fullname" . }}-galera-config + name: {{ include "common.fullname" . }}-galera-migrator-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-galera-config + app: {{ include "common.name" . }}-galera-migrator-config release: {{ include "common.release" . }} spec: template: metadata: labels: - app: {{ include "common.name" . }}-galera-config + app: {{ include "common.name" . }}-galera-migrator-config release: {{ include "common.release" . }} - name: {{ include "common.name" . }}-galera-config + name: {{ include "common.name" . }}-galera-migrator-config spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-galera-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + - name: {{ include "common.name" . }}-init-readiness + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-galera-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" containers: - - name: {{ include "common.name" . }}-galera-db-migrator - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_policy_init.sh - - mountPath: /opt/app/policy/etc/db - name: db-conf - command: - - /bin/sh - - -cx - - | + - name: {{ include "common.name" . }}-galera-db-migrator + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + - mountPath: /dbcmd-config/db_migrator_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_policy_init.sh + command: + - /bin/sh + - -cx + - | {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_policy_init.sh - env: - - name: SQL_HOST - value: "{{ index .Values "mariadb-galera" "service" "name" }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schema }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "sql" - resources: {{ include "common.resources" . | nindent 10 }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_policy_init.sh + env: + - name: SQL_HOST + value: "{{ index .Values "mariadb-galera" "service" "name" }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "sql" + resources: {{ include "common.resources" . | nindent 12 }} {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 10m - memory: 10Mi + - name: policy-service-mesh-wait-for-job-container + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-db-configmap @@ -298,116 +294,107 @@ spec: items: - key: db_migrator_policy_init.sh path: db_migrator_policy_init.sh - - name: db-conf - emptyDir: - medium: Memory - sizeLimit: 64Mi {{ end }} -{{ if .Values.global.postgres.localCluster }} +{{ if .Values.global.postgres.useInPolicy }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.fullname" . }}-pg-config + name: {{ include "common.fullname" . }}-pg-migrator-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-pg-config + app: {{ include "common.name" . }}-pg-migrator-config release: {{ include "common.release" . }} spec: template: metadata: labels: - app: {{ include "common.name" . }}-pg-config + app: {{ include "common.name" . }}-pg-migrator-config release: {{ include "common.release" . }} - name: {{ include "common.name" . }}-pg-config + name: {{ include "common.name" . }}-pg-migrator-config spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-pg-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + - name: {{ include "common.name" . }}-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-pg-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" containers: - - name: {{ include "common.name" . }}-pg-db-migrator - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_pg_policy_init.sh - - mountPath: /opt/app/policy/etc/db - name: db-conf - command: - - /bin/sh - - -cx - - | + - name: {{ include "common.name" . }}-pg-db-migrator + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_pg_policy_init.sh + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + command: + - /bin/sh + - -cx + - | {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_pg_policy_init.sh - env: - - name: SQL_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schema }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "postgres" - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - resources: {{ include "common.resources" . | nindent 10 }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_pg_policy_init.sh + env: + - name: SQL_HOST + value: "{{ .Values.postgres.service.name2 }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "postgres" + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 10m - memory: 10Mi + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-db-configmap @@ -415,8 +402,4 @@ spec: items: - key: db_migrator_pg_policy_init.sh path: db_migrator_pg_policy_init.sh - - name: db-conf - emptyDir: - medium: Memory - sizeLimit: 64Mi -{{ end }} +{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index ccd8223284..67f4dbd1e5 100755..100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -35,6 +35,7 @@ global: nameOverride: *mariadbService # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> + useInPolicy: true prometheusEnabled: false postgres: localCluster: false @@ -44,8 +45,10 @@ global: name3: tcp-pgset-replica container: name: postgres + useInPolicy: false kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user + useStrimziKafka: true kafkaTopics: acRuntimeTopic: name: policy.clamp-runtime-acm @@ -56,8 +59,8 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | - ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | + externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary ( + ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) @@ -164,8 +167,11 @@ policy-nexus: ################################################################# dbmigrator: + # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later. image: onap/policy-db-migrator:3.1.3 - schema: policyadmin + # These schemas will be required with the new version of db-migrator + # schemas: "policyadmin clampacm pooling operationshistory" + schemas: "policyadmin" policy_home: "/opt/app/policy" subChartsOnly: @@ -305,4 +311,4 @@ securityContext: serviceAccount: nameOverride: policy roles: - - read + - read
\ No newline at end of file |