diff options
author | Ubuntu <dgl@research.att.com> | 2019-11-07 16:26:50 +0000 |
---|---|---|
committer | Dominic Lunanuova <dgl@research.att.com> | 2019-11-07 16:58:20 +0000 |
commit | e9cd1ee8e62624af8e3939a2e3c8d45ff644f65d (patch) | |
tree | 0f82878fb5c0766608ae539c4ea43eb7088e3a6f /kubernetes/dcaegen2/components/dcae-policy-handler | |
parent | 5bdb14011023be31471622a92b98493a04da0281 (diff) |
Attempt 2 at chart restructure
Helm value override file now supports component-specific settings:
dcae-bootstrap:
enabled: true
dcae-cloudify-manager:
enabled: true
dcae-config-binding-service:
enabled: true
dcae-healthcheck:
enabled: true
dcae-redis:
enabled: true
dcae-servicechange-handler:
enabled: true
dcae-inventory-api:
enabled: true
dcae-deployment-handler:
enabled: true
dcae-policy-handler:
enabled: true
dcae-dashboard:
enabled: true
Issue-ID: OOM-1574
Signed-off-by: Ubuntu <dgl@research.att.com>
Change-Id: I85e0fe6ae19e176d954611549ec954a5fe662307
Signed-off-by: Ubuntu <dgl@research.att.com>
Diffstat (limited to 'kubernetes/dcaegen2/components/dcae-policy-handler')
9 files changed, 505 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/.helmignore b/kubernetes/dcaegen2/components/dcae-policy-handler/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/Chart.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/Chart.yaml new file mode 100644 index 0000000000..dfcc52e116 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE Policy Handler +name: dcae-policy-handler +version: 6.0.0 diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml new file mode 100644 index 0000000000..2dabd190b1 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json new file mode 100644 index 0000000000..7342ca633a --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json @@ -0,0 +1,42 @@ +{ + "policy_handler": { + "thread_pool_size": 4, + "pool_connections": 20, + "policy_retry_count": 5, + "policy_retry_sleep": 5, + "catch_up": { + "interval": 1200 + }, + "reconfigure": { + "interval": 600 + }, + "policy_engine": { + "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", + "path_decision": "/policy/pdpx/v1/decision", + "path_notifications": "/pdp/notifications", + "path_api": "/pdp/api/", + "headers": { + "Accept": "application/json", + "Content-Type": "application/json", + "ClientAuth": "cHl0aG9uOnRlc3Q=", + "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0", + "Environment": "TEST" + }, + "target_entity": "policy_engine", + "tls_ca_mode": "cert_directory", + "tls_wss_ca_mode": "cert_directory", + "timeout_in_secs": 60, + "ws_ping_interval_in_secs": 180 + }, + "deploy_handler": { + "target_entity": "deployment_handler", + "url": "https://deployment-handler:8443", + "max_msg_length_mb": 5, + "query": { + "cfy_tenant_name": "default_tenant" + }, + "tls_ca_mode": "cert_directory", + "timeout_in_secs": 60 + } + } +} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml new file mode 100644 index 0000000000..1a3f693a12 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml new file mode 100644 index 0000000000..39af31a4f3 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml @@ -0,0 +1,34 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{include "common.fullname" . }}-filebeat-configmap + namespace: {{include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml new file mode 100644 index 0000000000..8c1c8741aa --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -0,0 +1,157 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcae-deployment-handler + - --container-name + - consul-server + - --container-name + - pdp + - "-t" + - "45" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + - name: init-consul + image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --key + - policy_handler|/phconfig/config.json + resources: {} + volumeMounts: + - mountPath: /phconfig + name: ph-config + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/app/policy_handler/logs + name: component-log + - mountPath: /opt/app/policy_handler/etc/tls/certs/ + name: tls-info + env: + - name: CONSUL_HOST + value: consul-server.{{ include "common.namespace" . }} + - name: CLOUDIFY_USER + value: admin + - name: CLOUDIFY_PASSWORD + value: admin + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: {{ include "common.name" . }}-filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /var/log/onap/policy-handler + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + volumes: + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + - emptyDir: {} + name: tls-info + - configMap: + defaultMode: 422 + name: {{ include "common.fullname" . }}-configmap + name: ph-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml new file mode 100644 index 0000000000..088d381d50 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml @@ -0,0 +1,43 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml new file mode 100644 index 0000000000..3b15c55118 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -0,0 +1,96 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + consulLoaderRepository: nexus3.onap.org:10001 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + repositoryCred: + user: docker + password: docker + +config: + logstashServiceName: log-ls + logstashPort: 5044 + # Addresses of other ONAP entities + address: + consul: + host: consul-server + port: 8500 + policy_xacml_pdp: policy-xacml-pdp + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.policy-handler:5.0.0 +pullPolicy: Always + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + # liveness not desirable for Cloudify Manager container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 300 + path: /healthcheck + scheme: HTTP + +service: + type: ClusterIP + name: policy-handler + externalPort: 25577 + internalPort: 25577 + + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} +# Kubernetes namespace for components deployed via Cloudify manager +# If empty, use the common namespace +# dcae_ns: "dcae" |