aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components
diff options
context:
space:
mode:
authoramatthews <adrian.matthews@est.tech>2021-12-14 16:04:15 +0000
committerjhh <jorge.hernandez-herrero@att.com>2022-10-12 18:20:13 -0500
commit736bf37d0369fd88154f228efa4d94dd37156486 (patch)
tree3f5ff0031b8c2a1264a0543e0e9b556491c7486d /kubernetes/policy/components
parent1712ea65fb6d28e88bcf579dad6b980ea002432e (diff)
[POLICY] Service Mesh Compliance for Policy
Updating the basic requirements for Service Mesh Compliance within Policy. Changing the DB jobs and updating the configuration files to use HTTP Issue-ID: OOM-2253 Change-Id: If1aed68f0ed2f00d6a5cf06e5f95837f9405f65b Signed-off-by: amatthews <adrian.matthews@est.tech> Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy/components')
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json6
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/service.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/service.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml7
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml7
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml11
-rw-r--r--kubernetes/policy/components/policy-clamp-be/Chart.yaml32
-rw-r--r--kubernetes/policy/components/policy-clamp-be/resources/config/application.properties77
-rwxr-xr-xkubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh19
-rw-r--r--kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml55
-rw-r--r--kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql275
-rw-r--r--kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json18
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt32
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml135
-rwxr-xr-xkubernetes/policy/components/policy-clamp-be/templates/job.yaml86
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/service.yaml42
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-distribution/resources/config/config.json11
-rwxr-xr-xkubernetes/policy/components/policy-distribution/templates/service.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf6
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/service.yaml8
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/application.yml25
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/logback.xml118
-rw-r--r--kubernetes/policy/components/policy-gui/templates/configmap.yaml4
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml47
-rw-r--r--kubernetes/policy/components/policy-gui/templates/service.yaml4
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/service.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml16
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/config.json8
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/service.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml2
43 files changed, 261 insertions, 887 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 0c9d6a504f..7614a8c5b1 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -5,7 +5,7 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"pdpStatusParameters":{
@@ -28,14 +28,14 @@
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
index e28331baca..6a4d28bc4b 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
@@ -34,11 +34,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index f0fa193281..09206dc8e9 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -114,7 +114,7 @@ readiness:
service:
type: ClusterIP
name: policy-apex-pdp
- portName: policy-apex-pdp
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 37
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 92f580942e..bcee4d35d1 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -19,6 +19,8 @@
server:
port: {{ .Values.service.internalPort }}
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
spring:
security.user:
@@ -26,7 +28,7 @@ spring:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
@@ -50,7 +52,7 @@ database:
name: PolicyProviderParameterGroup
implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
driver: org.mariadb.jdbc.Driver
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
user: "${SQL_USER}"
password: "${SQL_PASSWORD}"
persistenceUnit: PolicyDb
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index f19233e3b4..c4946a8263 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -92,7 +92,7 @@ spec:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
diff --git a/kubernetes/policy/components/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml
index a1b5585db6..b5dee39e60 100755
--- a/kubernetes/policy/components/policy-api/templates/service.yaml
+++ b/kubernetes/policy/components/policy-api/templates/service.yaml
@@ -34,11 +34,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 45e54ed3aa..d77929dc42 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -116,7 +116,6 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 120
api: /policy/api/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
@@ -124,7 +123,7 @@ readiness:
service:
type: ClusterIP
name: policy-api
- portName: policy-api
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 40
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index bae5941854..c8532499a6 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -54,13 +54,13 @@ participant:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
- topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
# topicSources:
@@ -94,3 +94,6 @@ server:
port: 8084
servlet:
context-path: /onap/httpparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index 00451b9425..6fc53e24d6 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -57,14 +57,14 @@ participant:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
@@ -104,6 +104,9 @@ server:
port: 8083
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
logging:
# Configuration of logging
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index 07d5eca377..fc0060629e 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -46,7 +46,7 @@ participant:
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
@@ -54,7 +54,7 @@ participant:
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
@@ -73,14 +73,14 @@ participant:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
@@ -118,3 +118,6 @@ server:
port: 8085
servlet:
context-path: /onap/policyparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
diff --git a/kubernetes/policy/components/policy-clamp-be/Chart.yaml b/kubernetes/policy/components/policy-clamp-be/Chart.yaml
deleted file mode 100644
index 9b0cdf6a87..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/Chart.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Policy Clamp Backend
-name: policy-clamp-be
-version: 11.0.0
-
-dependencies:
- - name: certInitializer
- version: ~11.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~11.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~11.x-0
- repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
deleted file mode 100644
index 03e55e15f5..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
+++ /dev/null
@@ -1,77 +0,0 @@
-{{/*
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Modifications copyright (c) 2019 Nokia
-# Modifications Copyright (c) 2022 Nordix Foundation
-# ================================================================================\
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-*/}}
-{{- if .Values.global.aafEnabled }}
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
-server.ssl.key-store-password=${cadi_keystore_password_p12}
-server.ssl.key-password=${cadi_key_password}
-server.ssl.key-store-type=PKCS12
-server.ssl.key-alias={{ .Values.certInitializer.fqi }}
-
-# The key file used to decode the key store and trust store password
-# If not defined, the key store and trust store password will not be decrypted
-clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
-
-## Config part for Client certificates
-server.ssl.client-auth=want
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
-server.ssl.trust-store-password=${cadi_truststore_password}
-{{- end }}
-
-#clds datasource connection details
-spring.datasource.username=${MYSQL_USER}
-spring.datasource.password=${MYSQL_PASSWORD}
-spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
-spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
-
-#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json
-
-#
-# Configuration Settings for Policy Engine Components
-clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969
-clamp.config.policy.api.userName=policyadmin
-clamp.config.policy.api.password=zb!XztG34
-clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969
-clamp.config.policy.pap.userName=policyadmin
-clamp.config.policy.pap.password=zb!XztG34
-
-#DCAE Inventory Url Properties
-clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080
-clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-#DCAE Deployment Url Properties
-clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-clamp.config.dcae.deployment.userName=none
-clamp.config.dcae.deployment.password=none
-
-#AAF related parameters
-clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
-
-# Configuration settings for ControlLoop Runtime Rest API
-clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969
-clamp.config.acm.runtime.userName=${RUNTIME_USER}
-clamp.config.acm.runtime.password=${RUNTIME_PASSWORD}
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
deleted file mode 100755
index ad9984c26c..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 8717e6f33a..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
deleted file mode 100644
index 1652dc18c3..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * Copyright (C) 2021 Nordix Foundation
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-create table if not exists dictionary (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dictionary_second_level integer,
- dictionary_type varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_elements (
- short_name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- description varchar(255) not null,
- name varchar(255) not null,
- subdictionary_name varchar(255),
- type varchar(255) not null,
- primary key (short_name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_to_dictionaryelements (
- dictionary_name varchar(255) not null,
- dictionary_element_short_name varchar(255) not null,
- primary key (dictionary_name, dictionary_element_short_name)
- ) engine=InnoDB;
-
-create table if not exists hibernate_sequence (
- next_val bigint
-) engine=InnoDB;
-
-insert into hibernate_sequence values ( 1 );
-
-create table if not exists loop_element_models (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- loop_element_type varchar(255) not null,
- short_name varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loop_logs (
- id bigint not null,
- log_component varchar(255) not null,
- log_instant datetime(6) not null,
- log_type varchar(255) not null,
- message MEDIUMTEXT not null,
- loop_id varchar(255) not null,
- primary key (id)
- ) engine=InnoDB;
-
-create table if not exists loop_templates (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- allowed_loop_type varchar(255),
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- maximum_instances_allowed integer,
- svg_representation MEDIUMTEXT,
- unique_blueprint boolean default false,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loopelementmodels_to_policymodels (
- loop_element_name varchar(255) not null,
- policy_model_type varchar(255) not null,
- policy_model_version varchar(255) not null,
- primary key (loop_element_name, policy_model_type, policy_model_version)
- ) engine=InnoDB;
-
-create table if not exists loops (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- global_properties_json json,
- last_computed_state varchar(255) not null,
- svg_representation MEDIUMTEXT,
- loop_template_name varchar(255) not null,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loops_to_microservicepolicies (
- loop_name varchar(255) not null,
- microservicepolicy_name varchar(255) not null,
- primary key (loop_name, microservicepolicy_name)
- ) engine=InnoDB;
-
-create table if not exists looptemplates_to_loopelementmodels (
- loop_element_model_name varchar(255) not null,
- loop_template_name varchar(255) not null,
- flow_order integer not null,
- primary key (loop_element_model_name, loop_template_name)
- ) engine=InnoDB;
-
-create table if not exists micro_service_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- context varchar(255),
- dcae_blueprint_id varchar(255),
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- device_type_scope varchar(255),
- shared bit not null,
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists operational_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- loop_id varchar(255) not null,
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists policy_models (
- policy_model_type varchar(255) not null,
- version varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- policy_acronym varchar(255),
- policy_tosca MEDIUMTEXT,
- policy_pdp_group json,
- primary key (policy_model_type, version)
- ) engine=InnoDB;
-
-create table if not exists services (
- service_uuid varchar(255) not null,
- name varchar(255) not null,
- resource_details json,
- service_details json,
- version varchar(255),
- primary key (service_uuid)
- ) engine=InnoDB;
-
-alter table dictionary_to_dictionaryelements
- add constraint FK68hjjinnm8nte2owstd0xwp23
- foreign key (dictionary_element_short_name)
- references dictionary_elements (short_name);
-
-alter table dictionary_to_dictionaryelements
- add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
- foreign key (dictionary_name)
- references dictionary (name);
-
-alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
- references loops (name);
-
-alter table loop_templates
- add constraint FKn692dk6281wvp1o95074uacn6
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loopelementmodels_to_policymodels
- add constraint FK23j2q74v6kaexefy0tdabsnda
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table loopelementmodels_to_policymodels
- add constraint FKjag1iu0olojfwryfkvb5o0rk5
- foreign key (loop_element_name)
- references loop_element_models (name);
-
-alter table loops
- add constraint FK844uwy82wt0l66jljkjqembpj
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table loops
- add constraint FK4b9wnqopxogwek014i1shqw7w
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loops_to_microservicepolicies
- add constraint FKle255jmi7b065fwbvmwbiehtb
- foreign key (microservicepolicy_name)
- references micro_service_policies (name);
-
-alter table loops_to_microservicepolicies
- add constraint FK8avfqaf7xl71l7sn7a5eri68d
- foreign key (loop_name)
- references loops (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
- foreign key (loop_element_model_name)
- references loop_element_models (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FKj29yxyw0x7ue6mwgi6d3qg748
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table micro_service_policies
- add constraint FKqvvdypacbww07fuv8xvlvdjgl
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table micro_service_policies
- add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FKi9kh7my40737xeuaye9xwbnko
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table operational_policies
- add constraint FKlsyhfkoqvkwj78ofepxhoctip
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
- references loops (name);
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
deleted file mode 100644
index 6021b21d21..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "sdc-connections":{
- "sdc-controller":{
- "user": "clamp",
- "consumerGroup": "clamp",
- "consumerId": "clamp",
- "environmentName": "AUTO",
- "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
- "password": "${SDC_CLIENT_PASSWORD_ENC}",
- "pollingInterval":30,
- "pollingTimeout":30,
- "activateServerTLSAuth":"false",
- "keyStorePassword":"",
- "keyStorePath":"",
- "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"]
- }
- }
-}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
deleted file mode 100644
index e36d6a5bfb..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit https://127.0.0.1:8443 to use your application"
- kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
deleted file mode 100644
index aeadc37bd4..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
deleted file mode 100644
index 4354c00a30..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
+++ /dev/null
@@ -1,135 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-policy-clamp-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- # side car containers
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- # main container
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- workingDir: "/opt/policy/clamp/"
- args:
- - -c
- - |
- {{- if .Values.global.aafEnabled }}
- export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
- export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
- envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
- {{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: logs
- mountPath: {{ .Values.log.path }}
- - mountPath: /opt/policy/clamp/sdc-controllers-config.json
- name: {{ include "common.fullname" . }}-config
- subPath: sdc-controllers-config.json
- - mountPath: /opt/policy/clamp/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- env:
- - name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }}
- - name: RUNTIME_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }}
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
- - name: SDC_CLIENT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }}
- {{- if ne "unlimited" (include "common.flavor" .) }}
- - name: JAVA_RAM_CONFIGURATION
- value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
- {{- end }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: sdc-controllers-config.json
- path: sdc-controllers-config.json
- - key: application.properties
- path: application.properties
- - name: logs
- emptyDir: {}
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
deleted file mode 100755
index b942dd3fb2..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2020-2021 AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.release" . }}-policy-clamp-galera-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
-#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.release" . }}-policy-clamp-galera-config
- image: {{ include "repositoryGenerator.image.mariadb" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/create-db-tables.sh
- name: {{ include "common.fullname" . }}-config
- subPath: create-db-tables.sh
- - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
- name: {{ include "common.fullname" . }}-config
- subPath: policy-clamp-create-tables.sql
- command:
- - /bin/sh
- args:
- - -x
- - /dbcmd-config/create-db-tables.sh
- env:
- - name: MYSQL_HOST
- value: "{{ .Values.db.service.name }}"
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
- - name: MYSQL_PORT
- value: "{{ .Values.db.service.internalPort }}"
- resources:
-{{ include "common.resources" . }}
- restartPolicy: Never
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: create-db-tables.sh
- path: create-db-tables.sh
- - key: policy-clamp-create-tables.sql
- path: policy-clamp-create-tables.sql
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
deleted file mode 100644
index 4cf8155f6c..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml
deleted file mode 100644
index c01d36a53d..0000000000
--- a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 4fb70fc337..3d192f4b6a 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -66,6 +66,8 @@ server:
context-path: /onap/policy/clamp/acm
error:
path: /error
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
runtime:
@@ -83,7 +85,7 @@ runtime:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
fetchTimeout: 15000
topicSinks:
-
@@ -91,7 +93,7 @@ runtime:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# topicParameterGroup:
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 615afc6351..1aa9044eab 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -26,7 +26,7 @@
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"receptionHandlerParameters":{
@@ -56,7 +56,7 @@
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
@@ -75,7 +75,8 @@
"keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": true
+ "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
}
}
},
@@ -98,7 +99,7 @@
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"papParameters": {
"clientName": "policy-pap",
@@ -106,7 +107,7 @@
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"deployPolicies": true
}
diff --git a/kubernetes/policy/components/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml
index 4b91692749..f8fa5415ba 100755
--- a/kubernetes/policy/components/policy-distribution/templates/service.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml
@@ -33,7 +33,7 @@ spec:
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index fe1c720590..11b47a676e 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -131,7 +131,7 @@ readiness:
service:
type: ClusterIP
name: policy-distribution
- portName: policy-distribution
+ portName: http
externalPort: 6969
internalPort: 6969
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index c1e578733b..22168e8753 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -57,7 +57,7 @@ AAF_HOST=aaf-locate.{{.Release.Namespace}}
# HTTP Servers
-HTTP_SERVER_HTTPS=true
+HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
PROMETHEUS=true
# PDP-D DMaaP configuration channel
@@ -98,12 +98,12 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
DMAAP_SERVERS=message-router
-DMAAP_HTTPS=true
+DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT=8443
+AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
AAI_CONTEXT_URI=
# MSO
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
index b41bf4fdb9..619d0d4441 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
@@ -31,17 +31,17 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index d48d05fe44..72f22bcd3b 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -70,7 +70,7 @@ readiness:
service:
type: ClusterIP
name: policy-drools-pdp
- portName: policy-drools-pdp
+ portName: http
internalPort: 6969
externalPort: 6969
nodePort: 17
diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml
new file mode 100644
index 0000000000..9be81d8ddd
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml
@@ -0,0 +1,25 @@
+server:
+ port: 2443
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+# enabled-protocols: TLSv1.2
+# client-auth: want
+# key-store: file:${KEYSTORE}
+# key-store-password: ${KEYSTORE_PASSWD}
+# trust-store: file:${TRUSTSTORE}
+# trust-store-password: ${TRUSTSTORE_PASSWD}
+
+clamp:
+ url:
+ disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+
+apex-editor:
+ upload-url:
+ upload-userid:
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
diff --git a/kubernetes/policy/components/policy-gui/resources/config/logback.xml b/kubernetes/policy/components/policy-gui/resources/config/logback.xml
new file mode 100644
index 0000000000..c20df8329d
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/logback.xml
@@ -0,0 +1,118 @@
+<!--
+ ============LICENSE_START=======================================================
+ policy-gui
+ ================================================================================
+ Copyright (C) 2021-2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ERROR" />
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DEBUG" />
+ </appender>
+
+ <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NETWORK" />
+ </appender>
+
+ <logger name="network" level="TRACE" additivity="false">
+ <appender-ref ref="asyncNetwork" />
+ </logger>
+
+ <logger name="org.apache" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- GUI related loggers -->
+ <logger name="org.onap.policy.gui" level="TRACE" additivity="false">
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <root level="TRACE">
+ <appender-ref ref="asyncDebug" />
+ <appender-ref ref="asyncError" />
+ <appender-ref ref="asyncNetwork" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
index 4f600882e9..9426b0f54f 100644
--- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
@@ -21,7 +21,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
@@ -29,6 +29,6 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }}
{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index a155715580..5a43fc71b0 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -41,10 +41,34 @@ spec:
spec:
initContainers:
- command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE
+ value: {{ .Values.certStores.keystoreLocation }}
+ - name: KEYSTORE_PASSWD
+ value: {{ .Values.certStores.keyStorePassword }}
+ - name: TRUSTSTORE
+ value: {{ .Values.certStores.truststoreLocation }}
+ - name: TRUSTSTORE_PASSWD
+ value: {{ .Values.certStores.trustStorePassword }}
+ - name: POLICY_LOGS
+ value: {{ .Values.log.path }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: policy-gui-config
+ - mountPath: /config
+ name: policy-gui-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ - command:
- /app/ready.py
args:
- --container-name
- - policy-clamp-be
+ - policy-clamp-runtime-acm
env:
- name: NAMESPACE
valueFrom:
@@ -62,20 +86,20 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
+{{- if not (include "common.onServiceMesh" .) }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
env:
-{{- else }}
+{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
+{{ end }}
- name: CLAMP_URL
- value: https://policy-clamp-be:8443
+ value: http://policy-clamp-runtime-acm:6969
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -95,6 +119,12 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/app/policy/gui/etc/application.yml
+ name: policy-gui-config-processed
+ subPath: application.yml
+ - mountPath: /opt/app/policy/gui/etc/logback.xml
+ name: policy-gui-config-processed
+ subPath: logback.xml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -113,5 +143,12 @@ spec:
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ - name: policy-gui-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: policy-gui-config-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
index 44e66b8680..827e93a4f2 100644
--- a/kubernetes/policy/components/policy-gui/templates/service.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -34,11 +34,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index c605b6b6ea..8761df7a6b 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -42,6 +42,8 @@ secrets:
certStores:
keyStorePassword: Pol1cy_0nap
+ keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
+ truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
trustStorePassword: Pol1cy_0nap
#################################################################
@@ -116,7 +118,7 @@ readiness:
service:
type: NodePort
name: policy-gui
- portName: policy-gui
+ portName: http
internalPort: 2443
nodePort: 43
diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml
index 55defa9e92..6bec5619f6 100755
--- a/kubernetes/policy/components/policy-nexus/templates/service.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml
@@ -31,11 +31,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index 3d77e67456..ac0028d1d9 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -56,7 +56,7 @@ readiness:
service:
type: ClusterIP
name: policy-nexus
- portName: policy-nexus
+ portName: http
externalPort: 8081
internalPort: 8081
nodePort: 36
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 7cb32d0079..8fe4fac5fb 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -57,7 +57,7 @@ spring:
server:
port: 6969
ssl:
- enabled: true
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
pap:
name: PapGroup
@@ -76,7 +76,7 @@ pap:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
- topic: POLICY-HEARTBEAT
@@ -84,19 +84,19 @@ pap:
consumerGroup: policy-pap
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
topicSinks:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
- topic: POLICY-NOTIFICATION
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
@@ -113,19 +113,19 @@ pap:
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: healthcheck
- clientName: dmaap
hostname: message-router
port: 3905
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: topics
management:
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 6f02f8e4c0..e05204249e 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -112,7 +112,7 @@ spec:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 0dc6dbe4dc..cc66af9146 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -148,7 +148,6 @@ readiness:
periodSeconds: 120
port: http-api
api: /policy/pap/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 19b4d9c03b..0f1744a9e4 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -26,7 +26,7 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false,
"prometheus": true
},
@@ -35,7 +35,7 @@
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true,
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false
},
"applicationParameters": {
@@ -45,14 +45,14 @@
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout" : 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
index 123ae66432..42995c8985 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
@@ -33,7 +33,7 @@ spec:
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 3a44719727..c29e0303fd 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -128,7 +128,7 @@ readiness:
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: policy-xacml-pdp
+ portName: http
externalPort: 6969
internalPort: 6969