summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xkubernetes/policy/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json46
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml (renamed from kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml)55
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml25
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml24
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml10
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml14
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml151
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml24
-rw-r--r--kubernetes/policy/components/policy-pap/templates/kafkauser.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml60
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml12
-rwxr-xr-xkubernetes/policy/templates/job.yaml17
-rw-r--r--kubernetes/policy/templates/policy-kafka-topics.yaml2
-rwxr-xr-xkubernetes/policy/values.yaml22
27 files changed, 386 insertions, 143 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index c9d29ce2ca..c47bdd33f1 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -1,7 +1,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021, 2022 Nordix Foundation
+# Modifications Copyright © 2021, 2022, 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ dependencies:
- name: mariadb-galera
version: ~12.x-0
repository: '@local'
+ condition: global.mariadb.localCluster
- name: policy-nexus
version: ~12.x-0
repository: 'file://components/policy-nexus'
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index f7f0757558..29c9246ed9 100755
--- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -34,3 +34,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 2fe354e2c0..3a38b88d56 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -8,7 +8,7 @@
"https": "false",
"prometheus": true
},
- "pdpStatusParameters":{
+ "pdpStatusParameters": {
"pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
@@ -25,18 +25,38 @@
]
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
}],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topicSinks" : [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
+ }]
}
}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
index 6213fecb31..e68c9fd8d9 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
@@ -22,29 +22,53 @@
*/}}
apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
- serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - sh
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
+ - command: ["/bin/sh", "-cx"]
+{{- if .Values.global.useStrimziKafkaPf }}
+ args:
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
+ cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ else }}
args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
+{{ else }}
+ - name: KAFKA_URL
+ value: message-router
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
{{- end }}
volumeMounts:
- mountPath: /config-input
@@ -58,8 +82,11 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["sh","-c"]
- args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - id apexuser;
+ cat /home/apexuser/config/OnapPfConfig.json;
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -85,12 +112,12 @@ spec:
- mountPath: /home/apexuser/config
name: apexconfig
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
- affinity:
+ {{- if .Values.affinity }}
+ affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
new file mode 100644
index 0000000000..d2fab9f535
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 3ea694fb06..46eaca22e1 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -25,6 +25,7 @@
global:
nodePortPrefix: 302
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
@@ -47,7 +48,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.9.1
+image: onap/policy-apex-pdp:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -139,11 +140,11 @@ metrics:
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: policy-group
+ groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
@@ -158,3 +159,21 @@ config:
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-apex
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 269ecd5f5f..4e73dc0b5b 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -31,7 +31,8 @@ spring:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
@@ -46,6 +47,27 @@ spring:
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+{{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
policy-api:
name: ApiGroup
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 580dcdde86..1d7e0498af 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -12,7 +12,11 @@ spec:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -101,4 +105,4 @@ spec:
emptyDir:
medium: Memory
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 2ec88ee82e..ab8c31ff20 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -24,6 +24,8 @@
global:
nodePortPrefix: 304
persistence: {}
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
@@ -46,7 +48,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.8.1
+image: onap/policy-api:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -58,7 +60,9 @@ db:
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
@@ -104,9 +108,9 @@ resources:
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
+ cpu: 150m
memory: 1Gi
large:
limits:
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index ce53abaf04..47b0955f01 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -42,7 +42,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
+image: onap/policy-clamp-ac-a1pms-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-a1pms-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 6f60fec111..808c60ef86 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -42,7 +42,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.4.1
+image: onap/policy-clamp-ac-http-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-http-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 985399a893..99f6206b20 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -43,7 +43,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-k8s-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index cef5200eb6..28718505df 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -42,7 +42,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
+image: onap/policy-clamp-ac-kserve-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-kserve-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index 83839f80bf..c2c43c7313 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -54,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.4.1
+image: onap/policy-clamp-ac-pf-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-pf-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 0ec4be4726..fef8598ef7 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.4.1
+image: onap/policy-clamp-runtime-acm:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-runtime-acm
@@ -124,17 +124,17 @@ resources:
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
@@ -149,4 +149,4 @@ readinessCheck:
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config' \ No newline at end of file
+ - '{{ include "common.release" . }}-policy-galera-config'
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index e744d09920..e367dd0e15 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -58,7 +58,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.9.1
+image: onap/policy-distribution:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 7cc347c519..6b6c576e6a 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -41,7 +41,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.12.1
+image: onap/policy-pdpd-cl:1.12.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 5e48e99d7a..330161e316 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -29,7 +29,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-gui:2.4.1
+image: onap/policy-gui:2.4.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index ef41d38f08..1af33688d0 100755
--- a/kubernetes/policy/components/policy-pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -34,3 +34,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 7f6f508c03..5496d93174 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -26,7 +26,8 @@ spring:
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
@@ -41,18 +42,27 @@ spring:
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
server:
port: 6969
@@ -65,9 +75,15 @@ pap:
name: PapGroup
aaf: false
topic:
- pdp-pap.name: POLICY-PDP-PAP
- notification.name: POLICY-NOTIFICATION
- heartbeat.name: POLICY-HEARTBEAT
+ {{ if .Values.global.useStrimziKafkaPf }}
+ pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
+ notification.name: {{ .Values.config.kafka.topics.policyNotification }}
+ heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ {{ else }}
+ pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
+ notification.name: {{ .Values.dmaap.topics.policyNotification }}
+ heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
+ {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
@@ -76,34 +92,82 @@ pap:
stateChangeParameters:
maxRetryCount: 1
maxWaitMs: 30000
- savePdpStatisticsInDb: false
+ savePdpStatisticsInDb: true
topicParameterGroup:
topicSources:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
- - topic: POLICY-HEARTBEAT
- effectiveTopic: POLICY-PDP-PAP
- consumerGroup: policy-pap
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
topicSinks:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
- - topic: POLICY-NOTIFICATION
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyNotification }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyNotification }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
@@ -128,11 +192,6 @@ pap:
password: "${DISTRIBUTION_PASSWORD}"
useHttps: false
basePath: healthcheck
- - clientName: dmaap
- hostname: message-router
- port: 3904
- useHttps: false
- basePath: topics
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 201f48776d..78907723b1 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -29,12 +29,18 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
- command:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
- env:
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }} env:
- name: NAMESPACE
valueFrom:
fieldRef:
@@ -42,7 +48,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-db-readiness
- command:
- sh
args:
@@ -65,9 +71,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
@@ -81,8 +90,11 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
+
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml;
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
new file mode 100644
index 0000000000..d2fab9f535
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 8a638f60bc..6674effd62 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -25,6 +25,9 @@
global:
nodePortPrefixExt: 304
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
@@ -66,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.8.1
+image: onap/policy-pap:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -79,7 +82,9 @@ db:
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
@@ -124,6 +129,9 @@ service:
ports:
- name: http-api
port: 6969
+ - name: debug-port
+ port: 5005
+ protocol: TCP
ingress:
enabled: false
@@ -132,18 +140,18 @@ flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 2
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
- cpu: 2
+ cpu: 4
memory: 8Gi
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
@@ -171,14 +179,24 @@ metrics:
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
+ topics:
+ policyHeartbeat: policy-heartbeat
+ policyNotification: policy-notification
+ policyPdpPap: policy-pdp-pap
consumer:
- groupId: policy-group
+ groupId: policy-pap
app:
listener:
policyPdpPapTopic: policy-pdp-pap
+
+dmaap:
+ topics:
+ policyHeartbeat: POLICY-HEARTBEAT
+ policyNotification: POLICY-NOTIFICATION
+ policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
@@ -190,3 +208,25 @@ config:
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-pap
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-notification
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 44ae16de1d..e589c4b315 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.8.1
+image: onap/policy-xacml-pdp:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -106,18 +106,18 @@ flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 2
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 200m
- memory: 2Gi
+ memory: 4Gi
unlimited: {}
#Pods Service Account
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 4bf9def21e..f0e91e8350 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -16,6 +16,7 @@
# limitations under the License.
*/}}
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -83,6 +84,7 @@ spec:
items:
- key: db.sh
path: db.sh
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
@@ -122,13 +124,13 @@ spec:
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: PG_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: PG_USER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
@@ -145,6 +147,7 @@ spec:
{{ end }}
---
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -217,7 +220,7 @@ spec:
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
-
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
apiVersion: batch/v1
@@ -272,9 +275,9 @@ spec:
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: SQL_DB
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
@@ -282,7 +285,7 @@ spec:
- name: SCRIPT_DIRECTORY
value: "postgres"
- name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml
index d9d9769230..a787b8b626 100644
--- a/kubernetes/policy/templates/policy-kafka-topics.yaml
+++ b/kubernetes/policy/templates/policy-kafka-topics.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 7abd75d832..9027e490f0 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -19,6 +19,7 @@
#################################################################
global:
mariadb:
+ localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
@@ -37,6 +38,8 @@ global:
name: postgres
#Strimzi Kafka properties
useStrimziKafka: true
+ # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
+ useStrimziKafkaPf: false
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
kafkaTopics:
@@ -81,19 +84,6 @@ secrets:
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -163,7 +153,7 @@ policy-gui:
#################################################################
dbmigrator:
- image: onap/policy-db-migrator:2.6.1
+ image: onap/policy-db-migrator:2.6.2
schema: policyadmin
policy_home: "/opt/app/policy"
@@ -256,8 +246,8 @@ postgres:
config:
pgUserName: policy_user
pgDatabase: policyadmin
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
wait_for: