diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2023-05-05 08:40:13 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2023-05-05 08:40:13 +0000 |
| commit | 797229eebacfb1ec6b8c8b5cfae4a825d8450050 (patch) | |
| tree | f0cb1c0b9cad38f6cafba67a2f2459ea0dd597be /kubernetes/policy/components/policy-pap | |
| parent | 2fa018482fd50ac033a3d99b674fa5fdc9d8d290 (diff) | |
| parent | ef208b0677fca2b5982c5a822c0aec188ffe72d8 (diff) | |
Merge "[POLICY] Update docker images to latest versions"
Diffstat (limited to 'kubernetes/policy/components/policy-pap')
5 files changed, 194 insertions, 62 deletions
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index ef41d38f08..1af33688d0 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 7f6f508c03..5496d93174 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -26,7 +26,8 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin +{{ if not .Values.global.postgres.localCluster }} + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" @@ -41,18 +42,27 @@ spring: naming: physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} -{{- if .Values.config.useStrimziKafka }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} +{{- else }} + url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin + driverClassName: org.postgresql.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + hikari: + connectionTimeout: 30000 + idleTimeout: 600000 + maxLifetime: 1800000 + maximumPoolSize: 10 + jpa: + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + properties: + hibernate: + dialect: org.hibernate.dialect.PostgreSQLDialect + format_sql: true +{{ end }} server: port: 6969 @@ -65,9 +75,15 @@ pap: name: PapGroup aaf: false topic: - pdp-pap.name: POLICY-PDP-PAP - notification.name: POLICY-NOTIFICATION - heartbeat.name: POLICY-HEARTBEAT + {{ if .Values.global.useStrimziKafkaPf }} + pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }} + notification.name: {{ .Values.config.kafka.topics.policyNotification }} + heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }} + {{ else }} + pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }} + notification.name: {{ .Values.dmaap.topics.policyNotification }} + heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }} + {{ end }} pdpParameters: heartBeatMs: 120000 updateParameters: @@ -76,34 +92,82 @@ pap: stateChangeParameters: maxRetryCount: 1 maxWaitMs: 30000 - savePdpStatisticsInDb: false + savePdpStatisticsInDb: true topicParameterGroup: topicSources: - - topic: POLICY-PDP-PAP - servers: - - message-router - useHttps: false - fetchTimeout: 15000 - topicCommInfrastructure: dmaap - - topic: POLICY-HEARTBEAT - effectiveTopic: POLICY-PDP-PAP - consumerGroup: policy-pap - servers: - - message-router - useHttps: false - fetchTimeout: 15000 - topicCommInfrastructure: dmaap + - useHttps: false + fetchTimeout: 15000 + {{ if .Values.global.useStrimziKafkaPf }} + topic: {{ .Values.config.kafka.topics.policyPdpPap }} + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + topicCommInfrastructure: kafka + additionalProps: + group.id : {{ .Values.config.kafka.consumer.groupId }} + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${JAASLOGIN} + {{ else }} + topic: {{ .Values.dmaap.topics.policyPdpPap }} + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + {{ end }} + - useHttps: false + fetchTimeout: 15000 + {{ if .Values.global.useStrimziKafkaPf }} + topic: {{ .Values.config.kafka.topics.policyHeartbeat }} + effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }} + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + topicCommInfrastructure: kafka + additionalProps: + group.id : {{ .Values.config.kafka.consumer.groupId }} + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${JAASLOGIN} + {{ else }} + topic: {{ .Values.dmaap.topics.policyHeartbeat }} + effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }} + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + {{ end }} topicSinks: - - topic: POLICY-PDP-PAP - servers: - - message-router - useHttps: false - topicCommInfrastructure: dmaap - - topic: POLICY-NOTIFICATION - servers: - - message-router - useHttps: false - topicCommInfrastructure: dmaap + - useHttps: false + {{ if .Values.global.useStrimziKafkaPf }} + topic: {{ .Values.config.kafka.topics.policyPdpPap }} + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + topicCommInfrastructure: kafka + additionalProps: + group.id : {{ .Values.config.kafka.consumer.groupId }} + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${JAASLOGIN} + {{ else }} + topic: {{ .Values.dmaap.topics.policyPdpPap }} + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + {{ end }} + - useHttps: false + {{ if .Values.global.useStrimziKafkaPf }} + topic: {{ .Values.config.kafka.topics.policyNotification }} + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + topicCommInfrastructure: kafka + additionalProps: + group.id : {{ .Values.config.kafka.consumer.groupId }} + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${JAASLOGIN} + {{ else }} + topic: {{ .Values.dmaap.topics.policyNotification }} + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + {{ end }} # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: # - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 @@ -128,11 +192,6 @@ pap: password: "${DISTRIBUTION_PASSWORD}" useHttps: false basePath: healthcheck - - clientName: dmaap - hostname: message-router - port: 3904 - useHttps: false - basePath: topics management: endpoints: diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 201f48776d..78907723b1 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -29,12 +29,18 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: +{{- if not .Values.global.useStrimziKafkaPf }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- end }} - command: - /app/ready.py args: - --job-name +{{ if not .Values.global.postgres.localCluster }} - {{ include "common.release" . }}-policy-galera-config - env: +{{ else }} + - {{ include "common.release" . }}-policy-pg-config +{{ end }} env: - name: NAMESPACE valueFrom: fieldRef: @@ -42,7 +48,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-db-readiness - command: - sh args: @@ -65,9 +71,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} +{{- if .Values.global.useStrimziKafkaPf }} - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input @@ -81,8 +90,11 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/opt/app/policy/pap/bin/policy-pap.sh"] - args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] + + command: [ "/bin/sh", "-cx" ] + args: + - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml; + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml new file mode 100644 index 0000000000..d2fab9f535 --- /dev/null +++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafkaPf }} +{{ include "common.kafkauser" . }} +{{ end }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index a190fb0cdd..a3bdba9b88 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,6 +25,9 @@ global: nodePortPrefixExt: 304 persistence: {} + useStrimziKafkaPf: set-via-parent-chart-global-value + postgres: + localCluster: false ################################################################# # Secrets metaconfig @@ -66,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.8.1 +image: onap/policy-pap:2.8.2 pullPolicy: Always # flag to enable debugging - application support required @@ -79,7 +82,9 @@ db: password: policy_user service: name: policy-mariadb + pgName: policy-pg-primary internalPort: 3306 + internalPgPort: 5432 restServer: user: policyadmin @@ -124,6 +129,9 @@ service: ports: - name: http-api port: 6969 + - name: debug-port + port: 5005 + protocol: TCP ingress: enabled: false @@ -138,18 +146,18 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 2 + memory: 6Gi requests: - cpu: 100m - memory: 1Gi + cpu: 200m + memory: 2Gi large: limits: - cpu: 2 + cpu: 4 memory: 8Gi requests: - cpu: 200m - memory: 2Gi + cpu: 400m + memory: 4Gi unlimited: {} #Pods Service Account @@ -177,14 +185,24 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafka: true + useStrimziKafkaPf: true kafkaBootstrap: strimzi-kafka-bootstrap kafka: + topics: + policyHeartbeat: policy-heartbeat + policyNotification: policy-notification + policyPdpPap: policy-pdp-pap consumer: - groupId: policy-group + groupId: policy-pap app: listener: policyPdpPapTopic: policy-pdp-pap + +dmaap: + topics: + policyHeartbeat: POLICY-HEARTBEAT + policyNotification: POLICY-NOTIFICATION + policyPdpPap: POLICY-PDP-PAP # If targeting a custom kafka cluster, ie useStrimziKakfa: false # uncomment below config and target your kafka bootstrap servers, # along with any other security config. @@ -196,3 +214,25 @@ config: # # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-pap + type: group + operations: [Create, Describe, Read, Write] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-heartbeat + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-notification + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + +readinessCheck: + wait_for: + - message-router |