diff options
65 files changed, 411 insertions, 643 deletions
diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties index 8c7e91ab84..8f47bf084b 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/application.properties +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -25,11 +25,11 @@ logging.config=${CONFIG_HOME}/logback.xml tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json spring.application.name=aai-babel -spring.sleuth.enabled={{ default .Values.global.tracing.enabled .Values.tracing.enabled }} -spring.zipkin.baseUrl={{ default .Values.global.tracing.collector.baseUrl .Values.tracing.collector.baseUrl }} +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.sleuth.messaging.jms.enabled = false spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ default .Values.global.tracing.sampling.probability .Values.tracing.collector.baseUrl }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index cfe70ffc76..7bd28b02b8 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -22,7 +22,7 @@ global: tracing: enabled: false collector: - baseUrl: http://jaeger-collector.istio-system:9411 + baseUrl: http://jaeger-collector.istio-config:9411 sampling: probability: 1.0 @@ -103,15 +103,6 @@ resources: memory: "1Gi" unlimited: {} -## -## Use this to override the global defaults -tracing: -# enabled: false - collector: {} -# baseUrl: http://jaeger-collector.istio-system:9411 - sampling: {} -# probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) - # adds jvm args for remote debugging the application debug: enabled: false diff --git a/kubernetes/aai/components/aai-modelloader/resources/application.properties b/kubernetes/aai/components/aai-modelloader/resources/application.properties index f910af1cae..e2dc186c82 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/application.properties +++ b/kubernetes/aai/components/aai-modelloader/resources/application.properties @@ -14,11 +14,11 @@ server.port=9500 spring.application.name=aai-model-loader -spring.sleuth.enabled={{ .Values.tracing.enabled }} -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.sleuth.messaging.jms.enabled=false spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c,b3 spring.sleuth.supports-join=false spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index eae505458e..08d635107b 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -19,6 +19,13 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + # application image image: onap/model-loader:1.14.2 @@ -108,12 +115,9 @@ resources: memory: "2Gi" unlimited: {} +# use this to define service specific overrides +# for the global.tracing.* config keys tracing: - enabled: false - collector: - baseUrl: http://jaeger-collector.istio-system:9411 - sampling: - probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ignorePatterns: - /aai/util.* diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml index 44b54bc3d3..7e6c6b6bd7 100644 --- a/kubernetes/aai/components/aai-resources/Chart.yaml +++ b/kubernetes/aai/components/aai-resources/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI resources name: aai-resources -version: 15.0.2 +version: 15.0.3 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 6c34705e8a..daa4e7dfe4 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -28,11 +28,10 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ -spring.sleuth.enabled={{ .Values.tracing.enabled }} -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} -spring.sleuth.messaging.jms.enabled = false +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 625267b318..861d6dacbd 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -26,6 +26,12 @@ global: # global defaults #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # Specifies a list of jobs to be run jobs: @@ -318,11 +324,6 @@ resources: unlimited: {} tracing: - enabled: false - collector: - baseUrl: http://jaeger-collector.istio-system:9411 - sampling: - probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ignorePatterns: - /aai/util.* diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index fc7bd40892..098be2fc59 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -24,12 +24,17 @@ info.build.version=1.1.0 spring.application.name=aai-schema-service spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true -spring.sleuth.enabled={{ .Values.tracing.enabled }} -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} + +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false +{{- if and .Values.tracing .Values.tracing.ignorePatterns }} +spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} +{{- end }} + server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index f1227835b6..f47c9a5e8e 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -19,6 +19,12 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) # Common configuration for resources traversal and graphadmin config: @@ -188,6 +194,6 @@ podAnnotations: tracing: enabled: false collector: - baseUrl: http://jaeger-collector.istio-system:9411 + baseUrl: http://jaeger-collector.istio-config:9411 sampling: probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml index d23237577d..03c27cb6bb 100644 --- a/kubernetes/aai/components/aai-traversal/Chart.yaml +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI traversal name: aai-traversal -version: 15.0.2 +version: 15.0.3 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index f6fad88c19..027c9cd215 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -32,11 +32,10 @@ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSou spring.profiles.active={{ .Values.global.config.profiles.active }} spring.jersey.application-path=/ -spring.sleuth.enabled={{ .Values.tracing.enabled }} -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} -spring.sleuth.messaging.jms.enabled = false +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 81f8e668c1..302d08e04c 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -28,6 +28,13 @@ global: # global defaults serviceName: cassandra # Cassandra datacenter name localDataCenter: dc1 + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -340,11 +347,6 @@ autoscaling: targetCPUUtilizationPercentage: 80 tracing: - enabled: false - collector: - baseUrl: http://jaeger-collector.istio-system:9411 - sampling: - probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ignorePatterns: - /aai/util.* diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index f2363b7915..6c8157b84d 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -25,7 +25,7 @@ global: # global defaults dockerhubRepository: docker.io busyboxImage: busybox - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 @@ -34,6 +34,13 @@ global: # global defaults centralizedLoggingEnabled: false + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties index 004a9909ab..248e5bf4ec 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties @@ -197,12 +197,13 @@ blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/ blueprintsprocessor.workflow.self-service-api.audit.storeEnable={{ .Values.workflow.storeEnabled }} #Tracing -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.enabled={{ .Values.global.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.global.tracing.collector.baseUrl }} spring.zipkin.checkTimeout=5000 spring.zipkin.service.name={{ include "common.name" . }} spring.sleuth.messaging.jms.enabled=false spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ .Values.global.tracing.sampling.probability }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 469e40f4bd..549a44f986 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -36,6 +36,12 @@ global: # This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) # This concerns CDS/AAI communication through HTTP when TLS is not being needed # Port value should match the one in aai/values.yml : service.externalPlainPort aaiData: @@ -244,9 +250,5 @@ workflow: storeEnabled: false tracing: - collector: - baseUrl: http://jaeger-collector.istio-system:9411 - sampling: - probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ignorePatterns: - .*/execution-service/health-check diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index ced4f1d930..ac17183331 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -36,6 +36,12 @@ global: nameOverride: mariadb-galera # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ################################################################# diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index 1f148ce142..4b7e4ea860 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -36,7 +36,7 @@ tests: content: mariadb-galera - equal: path: spec.template.spec.initContainers[0].image - value: nexus3.onap.org:10001/onap/oom/readiness:6.1.1 + value: nexus3.onap.org:10001/onap/oom/readiness:6.1.2 - equal: path: spec.template.spec.initContainers[0].imagePullPolicy value: IfNotPresent diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 8f97431599..9916d71bad 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -41,10 +41,10 @@ global: mongodbImage: percona/percona-server-mongodb:7.0.5-3 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15 - quitQuitImage: onap/oom/readiness:6.1.1 + quitQuitImage: onap/oom/readiness:6.1.2 # Default credentials # they're optional. If the target repository doesn't need them, comment them diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index 71f8fa251d..f66b1d7b2d 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -32,7 +32,7 @@ global: #repository: nexus3.onap.org:10001 # readiness check - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 2cbd324a0f..4f23dfcb9c 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -35,7 +35,7 @@ global: password: docker # readiness check - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 78ecf27149..6b70dc5b63 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -107,7 +107,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 # readiness check image - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 # image pull policy pullPolicy: Always @@ -119,6 +119,14 @@ global: # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} clusterName: cluster.local + # enable this if you have deployed Jaeger alongside ONAP + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + # default mount path root directory referenced # by persistent volumes and log files persistence: diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index 8fb46b293e..70bd872107 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -15,7 +15,7 @@ # Global global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 busyboxRepository: registry.hub.docker.com diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 52e3bf302a..7a4ac1f377 100644 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -2,7 +2,7 @@ # Modifications Copyright © 2018, 2020 AT&T # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 16.0.2 +version: 16.0.8 dependencies: - name: common @@ -50,7 +50,7 @@ dependencies: repository: 'file://components/policy-drools-pdp' condition: policy-drools-pdp.enabled - name: policy-opa-pdp - version: ~15.x-0 + version: ~16.x-0 repository: 'file://components/policy-opa-pdp' condition: policy-opa-pdp.enabled - name: policy-distribution @@ -87,9 +87,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - name: postgres version: ~13.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index b457a7b100..8333f06825 100644 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Design API name: policy-api -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 16292b8e60..15ee20e9f6 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2022 AT&T Intellectual Property. -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023,2025 Deutsche Telekom. All rights reserved. # Modifications Copyright © 2024-2025 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,7 @@ spring: password: "${RESTSERVER_PASSWORD}" mvc.converters.preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/policyadmin driverClassName: org.postgresql.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/components/policy-api/resources/config/db-pg.sh index a7fc088d55..a7fc088d55 100644 --- a/kubernetes/policy/resources/config/db-pg.sh +++ b/kubernetes/policy/components/policy-api/resources/config/db-pg.sh diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/components/policy-api/resources/config/db_migrator_pg_policy_init.sh index 15a6e3224f..15a6e3224f 100644 --- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh +++ b/kubernetes/policy/components/policy-api/resources/config/db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index 0b1873afd4..a4962b46ed 100755 --- a/kubernetes/policy/components/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -3,6 +3,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. # Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# Modification (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,3 +35,12 @@ binaryData: {{- end }} data: {{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-db-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: +{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 063bc80445..20c02befae 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. +# Modification (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,29 +29,78 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} + {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} + {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }} + - name: {{ include "common.name" . }}-pg-config + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} - name: {{ include "common.name" . }}-readiness + command: + - /bin/sh + - -cx + - | + /docker-entrypoint-initdb.d/db-pg.sh + env: + - name: PG_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + {{- if eq .Values.global.postgres.localCluster true }} + name: '{{ include "common.release" . }}-policy-db-root-password' + {{- else }} + name: '{{ .Values.global.postgres.userRootSecret }}' + {{- end }} + key: password + - name: PG_HOST + value: "{{ .Values.global.postgres.service.name2 }}" + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: PG_USER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: PG_PORT + value: "{{ .Values.global.postgres.service.port }}" resources: - limits: - cpu: "100m" - memory: "500Mi" requests: - cpu: "3m" - memory: "20Mi" + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 128Mi + volumeMounts: + - mountPath: /docker-entrypoint-initdb.d/db-pg.sh + name: {{ include "common.fullname" . }}-config + subPath: db-pg.sh + - name: {{ include "common.name" . }}-pg-db-migrator + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_pg_policy_init.sh + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + command: + - /bin/sh + - -cx + - | + /dbcmd-config/db_migrator_pg_policy_init.sh + env: + - name: SQL_HOST + value: "{{ .Values.global.postgres.service.name2 }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "postgres" + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} - command: - sh args: @@ -58,9 +108,9 @@ spec: - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} - name: RESTSERVER_PASSWORD @@ -70,10 +120,17 @@ spec: name: apiconfig - mountPath: /config name: apiconfig-processed + name: {{ include "common.name" . }}-update-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi {{ include "common.containerSecurityContext" . | indent 10 | trim }} - name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} @@ -90,7 +147,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: httpGet: path: {{ .Values.readiness.api }} @@ -140,4 +197,15 @@ spec: - name: logs emptyDir: sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - {{- include "common.imagePullSecrets" . | nindent 6 }} + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: + sizeLimit: {{ .Values.dirSizes.migration.sizeLimit }} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 + items: + - key: db-pg.sh + path: db-pg.sh + - key: db_migrator_pg_policy_init.sh + path: db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index f65ce801f4..a9d0449f86 100644 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. -# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2025 Deutsche Telekom. All rights reserved. # Modifications Copyright © 2024-2025 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,12 +25,18 @@ global: nodePortPrefix: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: db-creds + - uid: db-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' @@ -44,6 +50,17 @@ secrets: passwordPolicy: required ################################################################# +# DB configuration defaults. +################################################################# + +dbmigrator: + image: onap/policy-db-migrator:4.1.0 + schemas: "policyadmin clampacm pooling operationshistory" + policy_home: "/opt/app/policy" + +postgresImage: library/postgres:17.2 + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -57,9 +74,11 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - internalPgPort: 5432 + +readinessCheck: + wait_for: + services: + - '{{ .Values.global.postgres.service.name2 }}' restServer: user: policyadmin @@ -131,6 +150,11 @@ dirSizes: sizeLimit: 1Gi logDir: sizeLimit: 500Mi + migration: + sizeLimit: 1Gi + +dbReadiness: + retryCount: 3 #Pods Service Account serviceAccount: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 5d26bfdad9..61a95ce117 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2021, 2025 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021-2024 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime name: policy-clamp-runtime-acm -version: 16.0.0 +version: 16.0.2 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index a296e8c7a4..d22d73a642 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -25,7 +25,7 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/clampacm driverClassName: org.postgresql.Driver username: ${SQL_USER} password: ${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index c09a3616b0..79120a3f33 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,28 +30,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-config-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 00bd0acdbd..540b3732a5 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,12 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 #Strimzi Kafka properties kafkaTopics: acRuntimeOperationTopic: @@ -90,9 +96,6 @@ kafkaTopic: db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - pgPort: 5432 # default number of instances replicaCount: 1 @@ -164,9 +167,10 @@ serviceAccount: roles: - read -wait_for_job_container: - containers: - - '{{ include "common.release" . }}-galera-migrator-config' +readinessCheck: + wait_for: + services: + - policy-api customNaming: toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 05615a28c1..fc81c4c4d0 100644 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -2,7 +2,7 @@ # Modifications Copyright © 2018, 2020 AT&T Intellectual Property # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Drools Policy Engine (PDP-D) name: policy-drools-pdp -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -31,3 +31,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index b1a7f04b58..e4bc752bf9 100644 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -3,6 +3,7 @@ # Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property. # Modifications Copyright (C) 2021 Bell Canada. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. +# Modifications Copyright (C) 2025 Deutsche Telekom. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,9 +42,9 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.db.pgName }} -SQL_PORT={{ .Values.db.pgPort }} -JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/ +SQL_HOST={{ .Values.global.postgres.service.name2 }} +SQL_PORT={{ .Values.global.postgres.service.port }} +JDBC_URL=jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/ JDBC_OPTS= JDBC_DRIVER=org.postgresql.Driver diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index e8c0a5edea..d7bcccf121 100644 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -2,7 +2,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,28 +29,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- if not .Values.nexus.offline }} - command: - /app/ready.py diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index d84c26eeea..40de912ef0 100644 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -2,7 +2,7 @@ # Copyright © 2017, 2021 Bell Canada # Modifications Copyright © 2018-2022 AT&T Intellectual Property # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,12 @@ ################################################################# global: nodePortPrefix: 302 + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -104,8 +110,6 @@ nexus: offline: true db: - pgName: policy-pg-primary - pgPort: 5432 password: policy_user pap: @@ -281,3 +285,8 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml index 6416e5016e..f776feae35 100644 --- a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy OPA PDP (PDP-O) name: policy-opa-pdp -version: 15.0.0 +version: 16.0.1 dependencies: - name: common @@ -31,3 +31,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json index e978b84186..bb18a3bacc 100755 --- a/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json @@ -21,22 +21,6 @@ "logging": { "level": "debug" }, - "services": [ - { - "name": "opa-bundle-server", - "url": "http://policy-opa-pdp:8282/opa/bundles" - } - ], - "bundles": { - "opabundle": { - "service": "opa-bundle-server", - "resource": "bundle.tar.gz", - "polling": { - "min_delay_seconds": 60, - "max_delay_seconds": 120 - } - } - }, "decision_logs": { "console": true } diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz b/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz Binary files differdeleted file mode 100644 index fa841c0191..0000000000 --- a/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz +++ /dev/null diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml index cc08af6937..1942a59f6f 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap-policies-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -{{- with .Files.Glob "resources/policies/*" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml index 6c25bac01c..90ff759bb8 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml @@ -29,29 +29,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /bin/sh - args: - - -c - - | - echo "*** set right permissions to the different folders" - chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /var/log; - chmod -R 755 /var/log - chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /opt/; - chmod -R 755 /opt/* - tar -xvf /tmp/policies/policy-data.tar.gz -C /opt/ - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-readiness - volumeMounts: - - name: logs - mountPath: /var/log - - name: tmp-policies-data - mountPath: /tmp/policies - - name : opa-policies-data - mountPath: /opt/ - + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} @@ -65,8 +43,12 @@ spec: value: "{{ .Values.kafka.useSASL }}" - name: KAFKA_URL value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid - name: GROUPID - value: "{{ .Values.kafka.groupid }}" + value: "{{ .Values.groupIdPrefix }}-$(POD_UID)" - name: LOG_LEVEL value: "{{ .Values.log.loglevel }}" - name: PAP_TOPIC @@ -97,15 +79,12 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - - name: opa-policies-data - mountPath: /opt - name: opa-config mountPath: /app/config - name: opa-bundles mountPath: /app/bundles - name: logs - mountPath: /var/log + mountPath: /var/logs resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -117,13 +96,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: tmp-policies-data - configMap: - name: {{ include "common.fullname" . }}-configmap-policies-data - defaultMode: 0755 - - name: opa-policies-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-policies-data - name: opa-config configMap: name: {{ include "common.fullname" . }}-configmap-config diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml deleted file mode 100755 index 5a1e9e3450..0000000000 --- a/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2025 Deutsche Telekom Intellectual Property. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "common.fullname" . }}-policies-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.logsSize }} - storageClassName: {{ include "common.storageClass" . }} - volumeMode: Filesystem - -{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/values.yaml b/kubernetes/policy/components/policy-opa-pdp/values.yaml index 20c7e513bc..0971dc8d7f 100644 --- a/kubernetes/policy/components/policy-opa-pdp/values.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/values.yaml @@ -43,7 +43,8 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-opa-pdp:1.0.0 +image: onap/policy-opa-pdp:1.0.4 + pullPolicy: Always componentName: &componentName policy-opa-pdp @@ -79,20 +80,8 @@ config: policyPdpPapTopic: policy-pdp-pap securityContext: - user_id: 0 - group_id : 0 - runAsNonRoot: false - - -containerSecurityContext: - enabled: true - privileged: false - allowPrivilegeEscalation: true - readOnlyRootFilesystem: false - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 0 - + user_id: 1000 + group_id : 1000 kafka: groupid: "policy-opa-pdp" @@ -112,8 +101,6 @@ persistence: parameters: {} storageclassProvisioner: cinder-os - - # default number of instances replicaCount: 1 @@ -133,6 +120,11 @@ readiness: initialDelaySeconds: 20 periodSeconds: 10 +readinessCheck: + wait_for: + services: + - 'policy-pap' + service: type: ClusterIP name: *componentName @@ -187,7 +179,6 @@ resources: memory: "2Gi" unlimited: {} - dirSizes: emptyDir: sizeLimit: 1Gi @@ -198,6 +189,7 @@ dirSizes: bundleDir: sizeLimit: 5Gi +groupIdPrefix: opa-pdp #Pods Service Account serviceAccount: @@ -244,8 +236,9 @@ config: kafkaUser: authenticationType: scram-sha-512 acls: - - name: policy-opa-pdp + - name: opa-pdp type: group + patternType: prefix operations: [ Create, Describe, Read, Write ] - name: policy-pdp-pap type: topic diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 6f5905e8ee..5a676e94d7 100644 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -3,7 +3,7 @@ # Modified Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ apiVersion: v2 description: ONAP Policy Administration (PAP) name: policy-pap -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -35,3 +35,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 614cff344f..7b9a0f179e 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -26,7 +26,7 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/policyadmin driverClassName: org.postgresql.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index e94e82764d..5722563b47 100644 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -3,7 +3,7 @@ # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,28 +32,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: @@ -151,8 +130,8 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime - hostPath: - path: /etc/localtime + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 7f421fff5e..a7b3c5a4f2 100644..100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -3,7 +3,7 @@ # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. # Modifications Copyright © 2022-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,12 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -78,9 +84,6 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - internalPgPort: 5432 restServer: user: policyadmin @@ -237,3 +240,8 @@ kafkaUser: type: topic patternType: prefix operations: [Create, Describe, Read, Write] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index 9ec8f21457..347ca0dda2 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index 46d6b2a842..8641165d3c 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2024-2025 Nordix Foundation. All rights reserved. +# Modifications (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -69,6 +70,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # eclipselink.target-database=PostgreSQL jakarta.persistence.jdbc.driver=org.postgresql.Driver -jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory +jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/operationshistory jakarta.persistence.jdbc.user=${SQL_USER} jakarta.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 4cebd27f74..cd23866263 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -2,7 +2,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,28 +38,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: @@ -206,8 +185,8 @@ spec: emptyDir: sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: localtime - hostPath: - path: /etc/localtime + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} - name: pdpxconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 2f315838e0..ff0bea4ce6 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,12 @@ ################################################################# global: persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -64,9 +70,6 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - pgPort: 5432 restServer: user: healthcheck @@ -229,3 +232,8 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml deleted file mode 100755 index 06249a068c..0000000000 --- a/kubernetes/policy/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018, 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021-2022 Nordix Foundation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-configmap - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -data: -{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml deleted file mode 100755 index 3cd18c7d65..0000000000 --- a/kubernetes/policy/templates/job.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada -# Modifications Copyright © 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2022-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pg-init - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-init") | nindent 4 }} - {{- if .Values.jobAnnotations }} - annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-init") | nindent 8 }} - name: {{ include "common.name" . }}-pg-init - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }} - containers: - - name: {{ include "common.name" . }}-pg-config - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/db-pg.sh - name: {{ include "common.fullname" . }}-config - subPath: db-pg.sh - command: - - /bin/sh - - -cx - - | - {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /docker-entrypoint-initdb.d/db-pg.sh - env: - - name: PG_ADMIN_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} - - name: PG_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: PG_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: PG_USER_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: PG_PORT - value: "{{ .Values.postgres.service.internalPort }}" - resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 10m - memory: 10Mi - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-db-configmap - defaultMode: 0755 - items: - - key: db-pg.sh - path: db-pg.sh ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pg-migrator-config - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-migrator-config") | nindent 4 }} - {{- if .Values.jobAnnotations }} - annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-migrator-config") | nindent 8 }} - name: {{ include "common.name" . }}-pg-migrator-config - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-pg-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }}-pg-db-migrator - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_pg_policy_init.sh - - mountPath: /opt/app/policy/etc/db/ - name: {{ include "common.fullname" . }}-migration-writable - command: - - /bin/sh - - -cx - - | - {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_pg_policy_init.sh - env: - - name: SQL_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schemas }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "postgres" - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-migration-writable - emptyDir: {} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-db-configmap - defaultMode: 0755 - items: - - key: db_migrator_pg_policy_init.sh - path: db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 6e813825a0..32d374f118 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,7 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property # Modifications Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,12 +25,11 @@ global: # flag to enable the DB creation via pgo-operator useOperator: false service: - name: pgset - name2: tcp-pgset-primary - name3: tcp-pgset-replica - container: - name: postgres - nameOverride: "policy-postgres" + name: &postgresName policy-postgres + name2: &postgresName2 policy-pg-primary + name3: &postgresName3 policy-pg-replica + port: &postgresPort 5432 + nameOverride: *postgresName # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> kafkaBootstrap: strimzi-kafka-bootstrap:9092 @@ -157,15 +156,6 @@ policy-nexus: config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -################################################################# -# DB configuration defaults. -################################################################# - -dbmigrator: - image: onap/policy-db-migrator:4.1.0 - schemas: "policyadmin clampacm pooling operationshistory" - policy_home: "/opt/app/policy" - subChartsOnly: enabled: true @@ -216,19 +206,18 @@ config: groupId: policy-group someConfig: blah -postgresImage: library/postgres:17.2 # application configuration override for postgres postgres: nameOverride: &postgresName policy-postgres service: name: *postgresName - name2: policy-pg-primary - name3: policy-pg-replica - internalPort: 5432 + name2: *postgresName2 + name3: *postgresName3 + internalPort: *postgresPort container: name: - primary: policy-pg-primary - replica: policy-pg-replica + primary: *postgresName2 + replica: *postgresName3 persistence: mountSubPath: policy/postgres/data mountInitPath: policy @@ -239,11 +228,6 @@ postgres: pgUserExternalSecret: *dbSecretName pgRootPasswordExternalSecret: *dbRootPassSecretName -readinessCheck: - wait_for_postgres: - services: - - '{{ .Values.global.postgres.service.name2 }}' - restServer: policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 @@ -279,18 +263,3 @@ serviceAccount: nameOverride: policy roles: - read - -# Annotations to control the execution and deletion of the job -# Can be used to delete a job before an Upgrade -# -# jobAnnotations: -# # In case of an ArgoCD deployment this Hook deletes the job before syncing -# argocd.argoproj.io/hook: Sync -# argocd.argoproj.io/hook-delete-policy: BeforeHookCreation -# -# # In case of an Helm/Flux deployment this Hook deletes the job -# # This is what defines this resource as a hook. Without this line, the -# # job is considered part of the release. -# "helm.sh/hook": "pre-upgrade,pre-rollback,post-install" -# "helm.sh/hook-delete-policy": "before-hook-creation" -# "helm.sh/hook-weight": "1" diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 2b10d1b9ef..61a38dbb0a 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 sdc_cassandra: diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml index ef006d8071..894bfd60f7 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml @@ -37,6 +37,12 @@ spec: env: - name: LOG_LEVEL value: {{ .Values.config.loggingLevel }} + - name: TRACING_ENABLED + value: {{ .Values.global.tracing.enabled | quote }} + - name: COLLECTOR_URL + value: {{ .Values.global.tracing.collector.baseUrl }} + - name: TRACING_SAMPLING_PROBABILITY + value: {{ .Values.global.tracing.sampling.probability | quote }} livenessProbe: httpGet: path: {{ .Values.liveness.path }} diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index 7d3883cd91..b96e3c1544 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -18,8 +18,14 @@ # Global values global: pullPolicy: Always + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) -image: onap/sdc-helm-validator:1.3.1 +image: onap/sdc-helm-validator:1.3.2 containerPort: &svc_port 8080 config: diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 88cd12654a..23324186a1 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -65,6 +65,12 @@ global: topics: sdcDistNotifTopic: ¬if-topic-name SDC-DISTR-NOTIF-TOPIC sdcDistStatusTopic: &status-topic-name SDC-DISTR-STATUS-TOPIC + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-config:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) # Environment file env: @@ -124,4 +130,3 @@ cassandra: socket_read_timeout: 20000 socket_connect_timeout: 20000 janusgraph_connection_timeout: 10000 - diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml index 2734152240..2ae9eb3c22 100644 --- a/kubernetes/so/components/so-admin-cockpit/values.yaml +++ b/kubernetes/so/components/so-admin-cockpit/values.yaml @@ -26,7 +26,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index dbbe03cdb5..d084b393be 100755 --- a/kubernetes/so/components/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -22,7 +22,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:6.1.1 + readinessImage: onap/oom/readiness:6.1.2 ubuntuInitRepository: docker.io mariadbGalera: # flag to enable the DB creation via mariadb-operator diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml index 890bc5e033..2d52f1e1d1 100644 --- a/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml @@ -43,25 +43,37 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - name: POSTGRES_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} -{{- if eq .Values.liveness.enabled true }} + - name: TRACING_ENABLED + value: {{ .Values.global.tracing.enabled | quote }} + - name: COLLECTOR_HOST + value: {{ .Values.tracing.collector.host }} + - name: COLLECTOR_PORT + value: {{ .Values.tracing.collector.port | quote }} + {{- if eq .Values.startup.enabled true }} + startupProbe: + httpGet: + port: {{ .Values.startup.port }} + path: {{ .Values.startup.path }} + failureThreshold: {{ .Values.startup.failureThreshold }} + periodSeconds: {{ .Values.startup.periodSeconds }} + {{- end }} + {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} -{{- end }} + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} -{{- if .Values.nodeSelector }} + {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} -{{- end }} -{{- if .Values.affinity }} + {{- end }} + {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} -{{- end }} + {{- end }} volumeMounts: - mountPath: /uui/run.sh name: entrypoint diff --git a/kubernetes/uui/components/uui-intent-analysis/values.yaml b/kubernetes/uui/components/uui-intent-analysis/values.yaml index 53c1aa036d..65f721449a 100644 --- a/kubernetes/uui/components/uui-intent-analysis/values.yaml +++ b/kubernetes/uui/components/uui-intent-analysis/values.yaml @@ -18,6 +18,8 @@ global: passwordStrength: long + tracing: + enabled: false #Pods Service Account serviceAccount: @@ -40,7 +42,7 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate -image: onap/usecase-ui-intent-analysis:15.0.0 +image: onap/usecase-ui-intent-analysis:15.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -58,14 +60,19 @@ service: - name: http-rest port: &svc_port 8083 +startup: + enabled: true + path: /api/usecaseui-intent-analysis/v1/actuator/health + port: *svc_port + periodSeconds: 1 + failureThreshold: 90 + liveness: - initialDelaySeconds: 120 + enabled: true port: *svc_port periodSeconds: 10 - enabled: true readiness: - initialDelaySeconds: 60 port: *svc_port periodSeconds: 10 @@ -125,6 +132,11 @@ resources: memory: "1Gi" unlimited: {} +tracing: + collector: + host: jaeger-collector.istio-config + port: 9411 + # Annotations to control the execution and deletion of the job # Can be used to delete a job before an Upgrade # diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 182dcfeea7..83dabb3b9b 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -22,7 +22,7 @@ global: tracing: collector: - baseUrl: http://jaeger-collector.istio-system:9411 + baseUrl: http://jaeger-collector.istio-config:9411 sampling: probability: 1.0 @@ -130,7 +130,7 @@ ingress: tracing: # enabled: false collector: {} -# baseUrl: http://jaeger-collector.istio-system:9411 +# baseUrl: http://jaeger-collector.istio-config:9411 sampling: {} # probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) @@ -201,7 +201,7 @@ uuiServer: so: baseUrl: http://so.onap:8080 username: InfraPortalClient - password: password1 + password: password1$ sdc: baseUrl: http://sdc-be:8080 username: aai |