diff options
Diffstat (limited to 'kubernetes/multicloud/charts')
16 files changed, 500 insertions, 5 deletions
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml new file mode 100644 index 0000000000..5a73ee32b4 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Multicloud Kubernetes Plugin +name: multicloud-k8s +version: 4.0.0 diff --git a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml new file mode 100644 index 0000000000..566af50cfe --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: mongo + version: ~4.x-0 + repository: '@local' + diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json new file mode 100644 index 0000000000..e451421a5b --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json @@ -0,0 +1,10 @@ +{ + "ca-file": "/opt/multicloud/k8splugin/certs/root_ca.cer", + "server-cert": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pub", + "server-key": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pr", + "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==", + + "database-type": "mongo", + "database-address": "multicloud-k8s-mongo", + "plugin-dir": "/opt/multicloud/k8splugin/plugins" +}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml new file mode 100644 index 0000000000..c9d55fedf3 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml new file mode 100644 index 0000000000..846a751336 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + command: ["/opt/multicloud/k8splugin/k8plugin"] + workingDir: /opt/multicloud/k8splugin + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/multicloud/k8splugin/k8sconfig.json + name: {{ include "common.name" .}} + subPath: k8sconfig.json + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml new file mode 100644 index 0000000000..eaf9f4dee5 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml @@ -0,0 +1,52 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + msb.onap.org/service-info: '[ + { + "serviceName": "multicloud-k8s", + "version": "v1", + "url": "/", + "protocol": "REST", + "port": "{{ .Values.service.externalPort }}", + "visualRange": "1" + } + ]' +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.PortName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml new file mode 100644 index 0000000000..15aade560d --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -0,0 +1,108 @@ +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: {} +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/multicloud/k8s:0.1.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration is via config files + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + +service: + type: ClusterIP + name: multicloud-k8s + portName: multicloud-k8s + internalPort: 9015 + externalPort: 9015 + nodePort: 98 + +#Mongo chart overrides for k8splugin +mongo: + nameOverride: multicloud-k8s-mongo + service: + name: multicloud-k8s-mongo + internalPort: 27017 + nfsprovisionerPrefix: multicloud-k8s + sdnctlPrefix: multicloud-k8s + persistence: + mountSubPath: multicloud-k8s/mongo/data + enabled: true + disableNfsProvisioner: true + + +# No persistence right now as we rely on Mongo to handle that +persistence: + enabled: false + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: multicloud-k8s/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: large +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml index 2642b5a172..53ce0d0ed6 100644 --- a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-ocata:1.3.0-SNAPSHOT +image: onap/multicloud/openstack-ocata:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml index c39d41f879..42aa7ca9e8 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-pike:1.3.0-SNAPSHOT +image: onap/multicloud/openstack-pike:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json new file mode 100644 index 0000000000..d62fec6d85 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json @@ -0,0 +1,70 @@ +{ + "name":"SDCDistributionGroup", + "restServerParameters":{ + "host":"0.0.0.0", + "port":9014, + "userName":"healthcheck", + "password":"zb!XztG34", + "https":true + }, + "receptionHandlerParameters":{ + "SDCReceptionHandler":{ + "receptionHandlerType":"SDC", + "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler", + "receptionHandlerConfigurationName":"sdcConfiguration", + "pluginHandlerParameters":{ + "artifactForwarders":{ + "PAPEngineForwarder":{ + "forwarderType":"PAPEngine", + "forwarderClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarder", + "forwarderConfigurationName": "k8sConfiguration" + } + } + } + } + }, + "receptionHandlerConfigurationParameters":{ + "sdcConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", + "parameters":{ + "asdcAddress": "sdc-be:8443", + "messageBusAddress": [ + "message-router" + ], + "user": "policy", + "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", + "pollingInterval":20, + "pollingTimeout":30, + "consumerId": "policy-id", + "artifactTypes": [ + "TOSCA_CSAR", + "HEAT", + "HEAT_ENV", + "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" + ], + "consumerGroup": "policy-group", + "environmentName": "AUTO", + "keystorePath": "null", + "keystorePassword": "null", + "activeserverTlsAuth": false, + "isFilterinEmptyResources": true, + "isUseHttpsWithDmaap": false + } + } + }, + "artifactForwarderConfigurationParameters":{ + "k8sConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup", + "parameters":{ + "useHttps": true, + "hostname": "pdp", + "port": 8081, + "userName": "testpdp", + "password": "alpha123", + "clientAuth": "cHl0aG9uOnRlc3Q=", + "isManaged": true, + "pdpGroup": "default" + } + } + } +} diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml index 0ccc3f9f95..62bacd7da5 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml @@ -61,6 +61,8 @@ spec: - mountPath: /opt/starlingx/starlingx/pub/config/log.yml name: starlingx-logconfig subPath: log.yml + - mountPath: /opt/artifacts/ + name: artifact-data resources: {{ include "common.resources" . | indent 12 }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -93,6 +95,19 @@ spec: name: starlingx-log - mountPath: /usr/share/filebeat/data name: starlingx-data-filebeat + - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}" + name: framework-artifactbroker + command: ["/opt/app/distribution/bin/artifact-dist.sh"] + args: ["/opt/app/distribution/etc/mounted/config.json"] + ports: + - containerPort: 9014 + protocol: TCP + volumeMounts: + - mountPath: /opt/app/distribution/etc/mounted/config.json + name: starlingx-logconfig + subPath: config.json + - mountPath: /data + name: artifact-data volumes: - name: starlingx-log @@ -105,6 +120,8 @@ spec: - name: starlingx-logconfig configMap: name: {{ include "common.fullname" . }}-log-configmap + - name: artifact-data + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml index 2ca696c704..723d77d6cb 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.3.0-SNAPSHOT +image: onap/multicloud/openstack-starlingx:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-vio/values.yaml b/kubernetes/multicloud/charts/multicloud-vio/values.yaml index a916a049f4..0da23ddeac 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-vio/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/vio:1.2.1 +image: onap/multicloud/vio:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json new file mode 100644 index 0000000000..d62fec6d85 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json @@ -0,0 +1,70 @@ +{ + "name":"SDCDistributionGroup", + "restServerParameters":{ + "host":"0.0.0.0", + "port":9014, + "userName":"healthcheck", + "password":"zb!XztG34", + "https":true + }, + "receptionHandlerParameters":{ + "SDCReceptionHandler":{ + "receptionHandlerType":"SDC", + "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler", + "receptionHandlerConfigurationName":"sdcConfiguration", + "pluginHandlerParameters":{ + "artifactForwarders":{ + "PAPEngineForwarder":{ + "forwarderType":"PAPEngine", + "forwarderClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarder", + "forwarderConfigurationName": "k8sConfiguration" + } + } + } + } + }, + "receptionHandlerConfigurationParameters":{ + "sdcConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", + "parameters":{ + "asdcAddress": "sdc-be:8443", + "messageBusAddress": [ + "message-router" + ], + "user": "policy", + "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", + "pollingInterval":20, + "pollingTimeout":30, + "consumerId": "policy-id", + "artifactTypes": [ + "TOSCA_CSAR", + "HEAT", + "HEAT_ENV", + "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" + ], + "consumerGroup": "policy-group", + "environmentName": "AUTO", + "keystorePath": "null", + "keystorePassword": "null", + "activeserverTlsAuth": false, + "isFilterinEmptyResources": true, + "isUseHttpsWithDmaap": false + } + } + }, + "artifactForwarderConfigurationParameters":{ + "k8sConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup", + "parameters":{ + "useHttps": true, + "hostname": "pdp", + "port": 8081, + "userName": "testpdp", + "password": "alpha123", + "clientAuth": "cHl0aG9uOnRlc3Q=", + "isManaged": true, + "pdpGroup": "default" + } + } + } +} diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml index 99b1ea9557..e6f1456874 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml @@ -62,6 +62,8 @@ spec: - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml name: windriver-logconfig subPath: log.yml + - mountPath: /opt/artifacts/ + name: artifact-data resources: {{ include "common.resources" . | indent 12 }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -94,6 +96,19 @@ spec: name: windriver-log - mountPath: /usr/share/filebeat/data name: windriver-data-filebeat + - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}" + name: framework-artifactbroker + command: ["/opt/app/distribution/bin/artifact-dist.sh"] + args: ["/opt/app/distribution/etc/mounted/config.json"] + ports: + - containerPort: 9014 + protocol: TCP + volumeMounts: + - mountPath: /opt/app/distribution/etc/mounted/config.json + name: windriver-logconfig + subPath: config.json + - mountPath: /data + name: artifact-data volumes: - name: windriver-log @@ -106,6 +121,8 @@ spec: - name: windriver-logconfig configMap: name: {{ include "common.fullname" . }}-log-configmap + - name: artifact-data + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml index 234ad3f0f6..8a6acbd05f 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-windriver:1.3.0-SNAPSHOT +image: onap/multicloud/openstack-windriver:1.3.1 pullPolicy: Always #Istio sidecar injection policy |