aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-03-14 19:44:19 +0000
committerGerrit Code Review <gerrit@onap.org>2023-03-14 19:44:19 +0000
commit8a626708ed05ca337586695b2056441fc6405fec (patch)
tree92003f4373c76afaa9e26bb2684968017248d29f /kubernetes/policy
parent1ca95eead50a3b8994751b013d7b39dc1e5e3562 (diff)
parent6910bbe1e3f2e44e5e100b8fec34a6da8b8eb231 (diff)
Merge "[POLICY-PPNT] Move policy-clamp-ppnt use case to use strimzi kafka"
Diffstat (limited to 'kubernetes/policy')
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml48
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml28
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml52
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml77
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml28
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml54
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml76
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml28
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml55
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml78
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml28
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml56
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml79
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml16
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml18
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml63
-rw-r--r--kubernetes/policy/templates/policy-kafka-topics.yaml14
-rw-r--r--kubernetes/policy/templates/policy-kafka-user.yaml11
-rwxr-xr-xkubernetes/policy/values.yaml29
29 files changed, 488 insertions, 461 deletions
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
index 9f9bef2ddf..9a61fe6408 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# Copyright (C) 2022-2023 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,3 +31,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
index 40c07d4ad1..34d267bc26 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
@@ -16,16 +16,17 @@
# ============LICENSE_END=========================================================
spring:
- security:
- user:
- name: ${RESTSERVER_USER}
- password: ${RESTSERVER_PASSWORD}
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
- org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+
security:
enable-csrf: false
@@ -36,17 +37,44 @@ participant:
participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
-
- topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
index 4590046a1e..a4810bae57 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
@@ -54,9 +41,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 6799635776..885f2c9793 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +22,11 @@
global:
persistence: {}
aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -43,13 +48,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -62,6 +60,8 @@ certStores:
image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-a1pms-ppnt
+
# application configuration
restServer:
user: participantUser
@@ -105,7 +105,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-ac-a1pms-ppnt
+ name: *componentName
ports:
- name: a1pms-api
port: 8086
@@ -131,32 +131,28 @@ resources:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-a1pms-ppnt
+ nameOverride: *componentName
roles:
- create
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
index 1e820fe107..65126ca6b6 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
@@ -33,4 +33,7 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~12.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index 0d879af6fe..bae543e187 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,18 +26,6 @@ spring:
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
@@ -49,46 +37,49 @@ participant:
participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
- topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
index 23ef33b79b..550957b717 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
@@ -54,9 +41,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index e445c9f562..5c897c23e4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +21,12 @@
#################################################################
global:
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -43,13 +48,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -81,6 +79,8 @@ certInitializer:
image: onap/policy-clamp-ac-http-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-http-ppnt
+
# application configuration
restServer:
user: participantUser
@@ -114,7 +114,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-ac-http-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
@@ -141,32 +141,28 @@ resources:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-http-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
index 13507f9e37..c979d7de4a 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
@@ -36,3 +36,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index ee73ed583d..30df5df082 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -26,18 +26,6 @@ spring:
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
@@ -52,50 +40,48 @@ participant:
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-
management:
endpoints:
web:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
index f511723b9c..0baf6c73b3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
@@ -54,9 +41,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index c76c934441..8682d147b4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +22,12 @@
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -44,13 +49,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -82,6 +80,8 @@ certInitializer:
image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-k8s-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
@@ -112,7 +112,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-ac-k8s-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
@@ -142,7 +142,7 @@ resources:
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-k8s-ppnt
+ nameOverride: *componentName
roles:
- create
# Update the config here for permitting repositories and protocols
@@ -161,26 +161,23 @@ repoList:
- https
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
index 59e1ab78f5..a7b7ba8cd8 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
@@ -33,4 +33,7 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~12.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index 4f7e0047f6..9bfeefaf76 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,18 +26,6 @@ spring:
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
@@ -68,50 +56,48 @@ participant:
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
typeVersion: 1.0.0
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-
management:
endpoints:
web:
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
index 4cd73b35f9..726daf1180 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
@@ -62,9 +49,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index fd0b2ae730..206d6e37fa 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +21,12 @@
#################################################################
global:
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -55,13 +60,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -93,6 +91,8 @@ certInitializer:
image: onap/policy-clamp-ac-pf-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-pf-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
@@ -114,6 +114,7 @@ restServer:
nodeSelector: {}
affinity: {}
+
ingress:
enabled: false
@@ -133,7 +134,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-ac-pf-ppnt
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
@@ -159,31 +160,28 @@ resources:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-pf-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
index 12578aba5c..e08bd4d490 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
@@ -36,3 +36,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 4a2bcf3684..e9adad70cb 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -44,18 +44,6 @@ spring:
hibernate:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
@@ -69,7 +57,6 @@ server:
ssl:
enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-
runtime:
participantParameters:
heartBeatMs: 120000
@@ -81,45 +68,43 @@ runtime:
topicParameterGroup:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
- fetchTimeout: 15000
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- useHttps: "false"
-
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# topicParameterGroup:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# fetchTimeout: 15000
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
index bc11e38fe1..5ec20ca7a3 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,6 +28,9 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
- command:
- /app/ready.py
args:
@@ -41,7 +44,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-galera-config-readiness
- command:
- sh
args:
@@ -56,9 +59,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml
new file mode 100644
index 0000000000..5601154ddd
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkatopic" . }}
+{{ end }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index cefe3651f1..e35a6c00a8 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +22,12 @@
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -50,13 +55,6 @@ secrets:
login: '{{ .Values.config.policyAppUserName }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -88,6 +86,8 @@ certInitializer:
image: onap/policy-clamp-runtime-acm:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-runtime-acm
+
# flag to enable debugging - application support required
debugEnabled: false
@@ -95,31 +95,26 @@ debugEnabled: false
config:
policyAppUserName: runtimeUser
policyAppUserPassword: none
-
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy.policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+kafkaTopic:
+ - name: *acRuntimeTopic
+
db:
user: policy_user
password: policy_user
@@ -150,7 +145,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-runtime-acm
+ name: *componentName
useNodePortExt: true
ports:
- name: http-api
@@ -180,6 +175,14 @@ resources:
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-runtime-acm
+ nameOverride: *componentName
roles:
- read
+
+readinessCheck:
+ wait_for:
+ - message-router
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.release" . }}-policy-galera-config' \ No newline at end of file
diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml
index 1894d62a42..d9d9769230 100644
--- a/kubernetes/policy/templates/policy-kafka-topics.yaml
+++ b/kubernetes/policy/templates/policy-kafka-topics.yaml
@@ -13,19 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.acRuntimeTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: {{ .Values.config.acRuntimeTopic.partitions }}
- config:
- retention.ms: {{ .Values.config.acRuntimeTopic.retentionMs }}
- segment.bytes: {{ .Values.config.acRuntimeTopic.segmentBytes }}
----
+{{- if .Values.global.useStrimziKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml
index 43edb64c83..c000af1b82 100644
--- a/kubernetes/policy/templates/policy-kafka-user.yaml
+++ b/kubernetes/policy/templates/policy-kafka-user.yaml
@@ -1,6 +1,5 @@
{{/*
-# Copyright © 2022 Nordix Foundation
-# Modifications Copyright © 2022 Nordix Foundation
+# Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafka }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
@@ -29,11 +28,7 @@ spec:
acls:
- resource:
type: group
- name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.config.acRuntimeTopic.name }}
+ name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }}
operation: All
- resource:
type: topic
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 2fa3d0cbe6..3ff153ac6a 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -18,7 +18,7 @@
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
+ aafEnabled: false
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
@@ -36,8 +36,13 @@ global:
name3: tcp-pgset-replica
container:
name: postgres
+ #Strimzi Kafka properties
+ useStrimziKafka: true
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
+ kafkaTopics:
+ acRuntimeTopic:
+ name: policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -129,32 +134,23 @@ policy-distribution:
db: *dbSecretsHook
policy-clamp-ac-k8s-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-http-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-a1pms-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-nexus:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
+policy-nexus:
+ enabled: false
+ config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
enabled: false
@@ -199,13 +195,6 @@ readiness:
config:
policyAppUserName: runtimeUser
useStrimziKafka: true
- acRuntimeTopic:
- name: policy-acruntime-participant
- partitions: 10
- retentionMs: 7200000
- segmentBytes: 1073741824
- consumer:
- groupId: policy-group
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10