diff options
author | jhh <jorge.hernandez-herrero@att.com> | 2020-08-09 12:08:08 -0500 |
---|---|---|
committer | Jorge Hernandez <jorge.hernandez-herrero@att.com> | 2020-08-27 21:06:19 +0000 |
commit | d425867ae1c52a9b31a06f1dea8810c1c7a0af65 (patch) | |
tree | 15f646c0ab60a2df0916ffd155790b81150b9ff4 /kubernetes/policy/components/policy-drools-pdp | |
parent | 15c9df97f8bd5d7871b7287a2f525059e3ccb033 (diff) |
[POLICY] certInit support + refactoring
Several changes are including in this patch:
- certInitializer support (POLICY-2615, REQ-361)
- renamed policy objects to start with "policy-"
prefix (POLICY-1000)
- add resources section to components that did not
have or had it incorrectly set up rendering null
(POLICY-2502)
- Removal of legacy policy-engine components (POLICY-2743)
- Miscellaneous refactoring of charts (POLICY-2745)
- update pdp legacy reference to policy-xacml-pdp from
pdp (legacy)
Issue-ID: POLICY-2615
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy/components/policy-drools-pdp')
12 files changed, 1003 insertions, 0 deletions
diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml new file mode 100755 index 0000000000..22567af862 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Drools Policy Engine (PDP-D) +name: policy-drools-pdp +version: 6.0.0 diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml new file mode 100755 index 0000000000..ca24480fc8 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf new file mode 100755 index 0000000000..184ae9aee7 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -0,0 +1,114 @@ +# Copyright © 2017-2018 Amdocs, Bell Canada. +# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# JVM options + +JVM_OPTIONS={{.Values.server.jvmOpts}} + +# SYSTEM software configuration + +POLICY_HOME=/opt/app/policy +POLICY_LOGS=/var/log/onap/policy/pdpd + +# Telemetry credentials + +TELEMETRY_PORT=9696 +TELEMETRY_HOST=0.0.0.0 + +# nexus repository + +SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots +SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +RELEASE_REPOSITORY_ID=policy-nexus-releases +RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +REPOSITORY_OFFLINE={{.Values.nexus.offline}} + +# Relational (SQL) DB access + +SQL_HOST={{ .Values.db.name }} + +# AAF + +AAF={{.Values.aaf.enabled}} +AAF_NAMESPACE=org.onap.policy +AAF_HOST=aaf-locate.{{.Release.Namespace}} + +# PDP-D DMaaP configuration channel + +PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION +PDPD_CONFIGURATION_SERVERS=message-router +PDPD_CONFIGURATION_CONSUMER_GROUP= +PDPD_CONFIGURATION_CONSUMER_INSTANCE= +PDPD_CONFIGURATION_PARTITION_KEY= + +# PAP-PDP configuration channel + +POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_GROUP=defaultGroup + +# Symmetric Key for encoded sensitive data + +SYMM_KEY= + +# PAP + +PAP_HOST=policy-pap + +# PDP-X + +PDP_HOST=policy-xacml-pdp +PDP_PORT=6969 +PDP_CONTEXT_URI=policy/pdpx/v1/ +GUARD_DISABLED=false + +# DCAE DMaaP + +DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT +DCAE_SERVERS=message-router +DCAE_CONSUMER_GROUP=dcae.policy.shared + +# Open DMaaP + +DMAAP_SERVERS=message-router + +# AAI + +AAI_HOST=aai.{{.Release.Namespace}} +AAI_PORT=8443 +AAI_CONTEXT_URI= + +# MSO + +SO_HOST=so.{{.Release.Namespace}} +SO_PORT=8080 +SO_CONTEXT_URI=onap/so/infra/ +SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra + +# VFC + +VFC_HOST= +VFC_PORT= +VFC_CONTEXT_URI=api/nslcm/v1/ + +# SDNC + +SDNC_HOST=sdnc.{{.Release.Namespace}} +SDNC_PORT=8282 +SDNC_CONTEXT_URI=restconf/operations/ + +# CDS + +CDS_GRPC_HOST={{.Values.cds.grpc.svcName}} +CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf new file mode 100755 index 0000000000..44d0bf18ce --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf @@ -0,0 +1,16 @@ +# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +POOLING_TOPIC=POOLING diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml new file mode 100755 index 0000000000..9cd92da7fa --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -0,0 +1,162 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/metric.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricStdOut" /> + </appender> + + <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionStdOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="AsyncMetricStdOut" /> + <appender-ref ref="AsyncTransactionStdOut" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml new file mode 100755 index 0000000000..3777d27044 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + ONAP + ================================================================================ + Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> + + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + + <offline>{{.Values.nexus.offline}}</offline> + + <profiles> + + <profile> + <id>policy-local</id> + + <repositories> + <repository> + <id>file-repository</id> + <url>file:${user.home}/.m2/file-repository</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-releases</id> + + <repositories> + <repository> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <url>${env.RELEASE_REPOSITORY_URL}</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-snapshots</id> + + <repositories> + <repository> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <url>${env.SNAPSHOT_REPOSITORY_URL}</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>onap-releases</id> + + <repositories> + <repository> + <id>onap-releases</id> + <name>onap-releases</name> + <url>https://nexus.onap.org/content/repositories/releases/</url> + <releases> + <enabled>true</enabled> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + + <id>onap-snapshots</id> + + <repositories> + <repository> + <id>onap-snapshots</id> + <name>onap-snapshots</name> + <url>https://nexus.onap.org/content/repositories/snapshots/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + </profiles> + + <activeProfiles> + <activeProfile>policy-local</activeProfile> + <activeProfile>policy-releases</activeProfile> + <activeProfile>policy-snapshots</activeProfile> + <activeProfile>onap-releases</activeProfile> + <activeProfile>onap-snapshots</activeProfile> + </activeProfiles> + + <servers> + <server> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + <server> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + </servers> + +</settings> diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf new file mode 100755 index 0000000000..bb2b90c1a7 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -0,0 +1,62 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +KEYSTORE_PASSWD={{.Values.keystore.password}} +TRUSTSTORE_PASSWD={{.Values.truststore.password}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PAP_LEGACY_USERNAME={{.Values.papl.user}} +PAP_LEGACY_PASSWORD={{.Values.papl.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +PDP_LEGACY_USERNAME={{.Values.pdpl.user}} +PDP_LEGACY_PASSWORD={{.Values.pdpl.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} + +CDS_GRPC_USERNAME={{.Values.cds.grpc.user}} +CDS_GRPC_PASSWORD={{.Values.cds.grpc.password}} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml new file mode 100755 index 0000000000..90d75cc409 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml @@ -0,0 +1,33 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml new file mode 100755 index 0000000000..7fb84b5ddc --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -0,0 +1,32 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml new file mode 100755 index 0000000000..9f4ad9bed4 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml @@ -0,0 +1,46 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} + - port: {{ .Values.service.externalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml new file mode 100755 index 0000000000..dc917ce248 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -0,0 +1,149 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ include "common.servicename" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-readiness +{{- if not .Values.nexus.offline }} + - command: + - /root/ready.py + args: + - --container-name + - {{ .Values.nexus.name }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness +{{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] + ports: + - containerPort: {{ .Values.service.externalPort }} + - containerPort: {{ .Values.service.externalPort2 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: REPLICAS + value: "{{ .Values.replicaCount }}" + - name: SQL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} + name: drools-secret + subPath: {{ base $path }} + {{- end }} + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} + name: drools-config + subPath: {{ base $path }} + {{- end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: drools-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - key: {{ base $path }} + path: {{ base $path }} + mode: 0755 + {{- end }} + - name: drools-secret + secret: + secretName: {{ include "common.fullname" . }}-secret + items: + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - key: {{ base $path }} + path: {{ base $path }} + mode: 0644 + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml new file mode 100755 index 0000000000..5a7f6f0504 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -0,0 +1,197 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + envsubstImage: dibi/envsubst + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/policy-pdpd-cl:1.7.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 180 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-drools-pdp + portName: policy-drools-pdp + internalPort: 6969 + externalPort: 6969 + nodePort: 17 + internalPort2: 9696 + externalPort2: 9696 + nodePort2: 21 + +ingress: + enabled: false + +# Default installation values to be overridden + +certInitializer: + nameOverride: policy-drools-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 1000 + gid: 1000 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + +server: + jvmOpts: -server -XshowSettings:vm + +aaf: + enabled: "false" + +keystore: + password: Pol1cy_0nap + +truststore: + password: Pol1cy_0nap + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + name: policy-nexus + port: 8081 + user: admin + password: admin123 + offline: true + +db: + name: policy-mariadb + user: policy_user + password: policy_user + +pap: + user: healthcheck + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +papl: + user: testpap + password: alpha123 + +pdpl: + user: testpdp + password: alpha123 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + +cds: + grpc: + user: ccsdkapps + password: ccsdkapps + svcName: cds-blueprints-processor-grpc + svcPort: 9111 + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} |