summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components/policy-drools-pdp/templates
diff options
context:
space:
mode:
authorjhh <jorge.hernandez-herrero@att.com>2020-08-09 12:08:08 -0500
committerJorge Hernandez <jorge.hernandez-herrero@att.com>2020-08-27 21:06:19 +0000
commitd425867ae1c52a9b31a06f1dea8810c1c7a0af65 (patch)
tree15f646c0ab60a2df0916ffd155790b81150b9ff4 /kubernetes/policy/components/policy-drools-pdp/templates
parent15c9df97f8bd5d7871b7287a2f525059e3ccb033 (diff)
[POLICY] certInit support + refactoring
Several changes are including in this patch: - certInitializer support (POLICY-2615, REQ-361) - renamed policy objects to start with "policy-" prefix (POLICY-1000) - add resources section to components that did not have or had it incorrectly set up rendering null (POLICY-2502) - Removal of legacy policy-engine components (POLICY-2743) - Miscellaneous refactoring of charts (POLICY-2745) - update pdp legacy reference to policy-xacml-pdp from pdp (legacy) Issue-ID: POLICY-2615 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy/components/policy-drools-pdp/templates')
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml33
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml32
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/service.yaml46
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml149
4 files changed, 260 insertions, 0 deletions
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml
new file mode 100755
index 0000000000..90d75cc409
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml
@@ -0,0 +1,33 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml
new file mode 100755
index 0000000000..7fb84b5ddc
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
new file mode 100755
index 0000000000..9f4ad9bed4
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
@@ -0,0 +1,46 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ - port: {{ .Values.service.externalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
new file mode 100755
index 0000000000..dc917ce248
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -0,0 +1,149 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.nexus.name }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ - containerPort: {{ .Values.service.externalPort2 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
+ name: drools-secret
+ subPath: {{ base $path }}
+ {{- end }}
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
+ name: drools-config
+ subPath: {{ base $path }}
+ {{- end }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: drools-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
+ mode: 0755
+ {{- end }}
+ - name: drools-secret
+ secret:
+ secretName: {{ include "common.fullname" . }}-secret
+ items:
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
+ mode: 0644
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"