[POLICY] Service Mesh Compliance for Policy

Updating the basic requirements for Service Mesh Compliance within Policy.
Changing the DB jobs and updating the configuration files to use HTTP

Issue-ID: OOM-2253
Change-Id: If1aed68f0ed2f00d6a5cf06e5f95837f9405f65b
Signed-off-by: amatthews <adrian.matthews@est.tech>
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>

6 files changed, 192 insertions, 10 deletions

diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml
new file mode 100644
index 0000000000..9be81d8ddd
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml
@@ -0,0 +1,25 @@
+server:
+  port: 2443
+  ssl:
+    enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+#    enabled-protocols: TLSv1.2
+#    client-auth: want
+#    key-store: file:${KEYSTORE}
+#    key-store-password: ${KEYSTORE_PASSWD}
+#    trust-store: file:${TRUSTSTORE}
+#    trust-store-password: ${TRUSTSTORE_PASSWD}
+
+clamp:
+  url:
+  disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+  disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+
+apex-editor:
+  upload-url:
+  upload-userid:
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health, metrics, prometheus
diff --git a/kubernetes/policy/components/policy-gui/resources/config/logback.xml b/kubernetes/policy/components/policy-gui/resources/config/logback.xml
new file mode 100644
index 0000000000..c20df8329d
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/logback.xml
@@ -0,0 +1,118 @@
+<!--
+  ============LICENSE_START=======================================================
+  policy-gui
+  ================================================================================
+  Copyright (C) 2021-2022 Nordix Foundation.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  ============LICENSE_END=========================================================
+  -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>TRACE</level>
+        </filter>
+        <encoder>
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${POLICY_LOGS}/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>TRACE</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ERROR" />
+    </appender>
+
+    <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${POLICY_LOGS}/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DEBUG" />
+    </appender>
+
+    <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${POLICY_LOGS}/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NETWORK" />
+    </appender>
+
+    <logger name="network" level="TRACE" additivity="false">
+        <appender-ref ref="asyncNetwork" />
+    </logger>
+
+    <logger name="org.apache" level="TRACE" additivity="false">
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- Spring related loggers -->
+    <logger name="org.springframework" level="TRACE" additivity="false">
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- GUI related loggers -->
+    <logger name="org.onap.policy.gui" level="TRACE" additivity="false">
+        <appender-ref ref="ERROR" />
+        <appender-ref ref="DEBUG" />
+    </logger>
+
+    <!-- logback internals logging -->
+    <logger name="ch.qos.logback.classic" level="INFO" />
+    <logger name="ch.qos.logback.core" level="INFO" />
+
+    <root level="TRACE">
+        <appender-ref ref="asyncDebug" />
+        <appender-ref ref="asyncError" />
+        <appender-ref ref="asyncNetwork" />
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>
diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
index 4f600882e9..9426b0f54f 100644
--- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
@@ -21,7 +21,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}
+  name: {{ include "common.fullname" . }}-configmap
   namespace: {{ include "common.namespace" . }}
   labels:
     app: {{ include "common.name" . }}
@@ -29,6 +29,6 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }}
 
 {{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index a155715580..5a43fc71b0 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -41,10 +41,34 @@ spec:
     spec:
       initContainers:
       - command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: KEYSTORE
+          value: {{ .Values.certStores.keystoreLocation }}
+        - name: KEYSTORE_PASSWD
+          value: {{ .Values.certStores.keyStorePassword }}
+        - name: TRUSTSTORE
+          value: {{ .Values.certStores.truststoreLocation }}
+        - name: TRUSTSTORE_PASSWD
+          value: {{ .Values.certStores.trustStorePassword }}
+        - name: POLICY_LOGS
+          value: {{ .Values.log.path }}
+        volumeMounts:
+          - mountPath: /config-input
+            name: policy-gui-config
+          - mountPath: /config
+            name: policy-gui-config-processed
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+      - command:
         - /app/ready.py
         args:
         - --container-name
-        - policy-clamp-be
+        - policy-clamp-runtime-acm
         env:
         - name: NAMESPACE
           valueFrom:
@@ -62,20 +86,20 @@ spec:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
+{{- if not (include "common.onServiceMesh" .)  }}
           command: ["sh","-c"]
           args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
           env:
-{{- else }}
+{{ else }}
           command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
           env:
           - name: KEYSTORE_PASSWD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
           - name: TRUSTSTORE_PASSWD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
+{{ end }}
           - name: CLAMP_URL
-            value: https://policy-clamp-be:8443
+            value: http://policy-clamp-runtime-acm:6969
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -95,6 +119,12 @@ spec:
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
+          - mountPath: /opt/app/policy/gui/etc/application.yml
+            name: policy-gui-config-processed
+            subPath: application.yml
+          - mountPath: /opt/app/policy/gui/etc/logback.xml
+            name: policy-gui-config-processed
+            subPath: logback.xml
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -113,5 +143,12 @@ spec:
         - name:  logs
           emptyDir: {}
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+        - name: policy-gui-config
+          configMap:
+            name: {{ include "common.fullname" . }}-configmap
+            defaultMode: 0755
+        - name: policy-gui-config-processed
+          emptyDir:
+            medium: Memory
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
index 44e66b8680..827e93a4f2 100644
--- a/kubernetes/policy/components/policy-gui/templates/service.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -34,11 +34,11 @@ spec:
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName }}
+      name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
     {{- else -}}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
+      name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
     {{- end}}
   selector:
     app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index c605b6b6ea..8761df7a6b 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -42,6 +42,8 @@ secrets:
 
 certStores:
   keyStorePassword: Pol1cy_0nap
+  keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
+  truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
   trustStorePassword: Pol1cy_0nap
 
 #################################################################
@@ -116,7 +118,7 @@ readiness:
 service:
   type: NodePort
   name: policy-gui
-  portName: policy-gui
+  portName: http
   internalPort: 2443
   nodePort: 43