diff options
Diffstat (limited to 'kubernetes/a1policymanagement')
12 files changed, 440 insertions, 0 deletions
diff --git a/kubernetes/a1policymanagement/.helmignore b/kubernetes/a1policymanagement/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/a1policymanagement/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml new file mode 100644 index 0000000000..6ec0159c0e --- /dev/null +++ b/kubernetes/a1policymanagement/Chart.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0.0" +description: A Helm chart for A1 Policy Management Service +name: a1policymanagement +version: 7.0.0 diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml new file mode 100644 index 0000000000..e570cb0b32 --- /dev/null +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -0,0 +1,23 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json new file mode 100644 index 0000000000..64c42e6cd1 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json @@ -0,0 +1,39 @@ +{ + "config": { + "controller": [ + { + "name": "controller1", + "baseUrl": "{{ .Values.sdncLink }}", + "userName": "${A1CONTROLLER_USER}", + "password": "${A1CONTROLLER_PASSWORD}" + } + ], + "ric": [ + { + "name": "ric1", + "baseUrl": "{{ .Values.ricLink }}", + "controller": "controller1", + "managedElementIds": [ + "kista_1", + "kista_2" + ] + } + ], + "streams_publishes": { + "dmaap_publisher": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamPublish }}" + } + } + }, + "streams_subscribes": { + "dmaap_subscriber": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamSubscribe }}" + } + } + } + } +} diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh new file mode 100644 index 0000000000..6d239f1ec8 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh @@ -0,0 +1,30 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +terminate() { + echo "$(date) | INFO | Terminating child processes" + pids="$(jobs -p)" + if [ "$pids" != "" ]; then + kill -TERM $pids >/dev/null 2>/dev/null + fi + wait +} + +trap terminate TERM +echo "$(date) | INFO | Started monitoring /config-input/ directory" +inotifyd /tmp/scripts/update_files /config-input/ & +wait diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files new file mode 100644 index 0000000000..754bb55432 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/update_files @@ -0,0 +1,27 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +if [ "$1" == "y" ] && [ "$3" == "..data" ]; then + echo "$(date) | INFO | Configmap has been reloaded" + cd /config-input + for file in $(ls -1); do + if [ "$file" -nt "/config/$file" ]; then + echo "$(date) | INFO | Templating /config/$file" + envsubst <$file >/config/$file + fi + done +fi diff --git a/kubernetes/a1policymanagement/templates/configmap.yaml b/kubernetes/a1policymanagement/templates/configmap.yaml new file mode 100644 index 0000000000..e84beac2ab --- /dev/null +++ b/kubernetes/a1policymanagement/templates/configmap.yaml @@ -0,0 +1,24 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-policy-conf +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml new file mode 100644 index 0000000000..ce2e2732e6 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -0,0 +1,103 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +kind: Deployment +apiVersion: apps/v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-bootstrap-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config + containers: + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsGroup: {{ .Values.groupID }} + runAsUser: {{ .Values.userID }} + runAsNonRoot: true + command: + - sh + args: + - /tmp/scripts/daemon.sh + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /tmp/scripts + name: {{ include "common.fullname" . }}-envsubst-scripts + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + livenessProbe: + httpGet: + path: /status + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + volumeMounts: + - name: config + mountPath: /opt/app/policy-agent/data + resources: {{ include "common.resources" . | nindent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-policy-conf-input + configMap: + name: {{ include "common.fullname" . }}-policy-conf + defaultMode: 0555 + - name: {{ include "common.fullname" . }}-envsubst-scripts + configMap: + name: {{ include "common.fullname" . }}-envsubst-scripts + - name: config + emptyDir: + medium: Memory diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml new file mode 100644 index 0000000000..99449638f4 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml @@ -0,0 +1,23 @@ +{{/* +################################################################################ +# Copyright © 2020 Samsung Electronics # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-envsubst-scripts +data: +{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/templates/secrets.yaml b/kubernetes/a1policymanagement/templates/secrets.yaml new file mode 100644 index 0000000000..55e465c373 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/secrets.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/a1policymanagement/templates/service.yaml b/kubernetes/a1policymanagement/templates/service.yaml new file mode 100644 index 0000000000..f13c16105b --- /dev/null +++ b/kubernetes/a1policymanagement/templates/service.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml new file mode 100644 index 0000000000..a1602c569c --- /dev/null +++ b/kubernetes/a1policymanagement/values.yaml @@ -0,0 +1,90 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +# Default values for Policy Management Service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + nodePortPrefix: 302 + +secrets: + - uid: controller-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}' + login: '{{ .Values.a1controller.user }}' + password: '{{ .Values.a1controller.password }}' + passwordPolicy: required + +image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 +userID: 1000 #Should match with image-defined user ID +groupID: 999 #Should match with image-defined group ID +pullPolicy: IfNotPresent +replicaCount: 1 + +service: + type: NodePort + name: a1policymanagement + both_tls_and_plain: true + ports: + - name: api + port: 8433 + plain_port: 8081 + port_protocol: http + nodePort: '94' + +# SDNC Credentials are used here +a1controller: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +sdncLink: https://sdnc.onap:8443 +# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port> +# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination. +# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface +# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep +ricLink: +streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE +streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100 + +liveness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 +readiness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 + +#Resource Limit flavor -By Default using small +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} |