[POLICY] Migration of clamp to policy area

Creation of the clamp subcharts + fusion of the clamp database to policy mariadb

Issue-ID: POLICY-2951
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I8192f82bc393e3fc8d5884d6ab73912a0466edcd
Signed-off-by: sebdet <sebastien.determe@intl.att.com>

2 files changed, 86 insertions, 0 deletions

diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
new file mode 100644
index 0000000000..4cab734074
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
@@ -0,0 +1,31 @@
+server {
+
+  listen 2443 default ssl;
+  ssl_protocols TLSv1.2;
+  {{ if .Values.global.aafEnabled }}
+  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+  {{ else }}
+  ssl_certificate /etc/ssl/clamp.pem;
+  ssl_certificate_key /etc/ssl/clamp.key;
+  {{ end }}
+
+  ssl_verify_client optional_no_ca;
+    location /restservices/clds/ {
+        proxy_pass https://policy-clamp-be:8443;
+        proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+    }
+
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+    try_files $uri $uri/ /index.html;
+  }
+
+  error_page   500 502 503 504  /50x.html;
+
+  location = /50x.html {
+    root   /usr/share/nginx/html;
+  }
+
+}
diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000000..8717e6f33a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+{{/*
+# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+  paths:
+    - /var/log/onap/*/*/*/*.log
+    - /var/log/onap/*/*/*.log
+    - /var/log/onap/*/*.log
+  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+  ignore_older: 48h
+  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+  clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+  #List of logstash server ip addresses with port number.
+  #But, in our case, this will be the loadbalancer IP address.
+  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+  hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+  #If enable will do load balancing among availabe Logstash, automatically.
+  loadbalance: true
+
+  #The list of root certificates for server verifications.
+  #If certificate_authorities is empty or not set, the trusted
+  #certificate authorities of the host system are used.
+  #ssl.certificate_authorities: $ssl.certificate_authorities
+
+  #The path to the certificate for SSL client authentication. If the certificate is not specified,
+  #client authentication is not available.
+  #ssl.certificate: $ssl.certificate
+
+  #The client certificate key used for client authentication.
+  #ssl.key: $ssl.key
+
+  #The passphrase used to decrypt an encrypted key stored in the configured key file
+  #ssl.key_passphrase: $ssl.key_passphrase