diff options
Diffstat (limited to 'kubernetes/policy')
31 files changed, 238 insertions, 457 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index f7e1e50ff0..7a4ac1f377 100644 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -2,7 +2,7 @@ # Modifications Copyright © 2018, 2020 AT&T # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 16.0.2 +version: 16.0.8 dependencies: - name: common @@ -87,9 +87,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - name: postgres version: ~13.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index b457a7b100..8333f06825 100644 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Design API name: policy-api -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 16292b8e60..15ee20e9f6 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2022 AT&T Intellectual Property. -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023,2025 Deutsche Telekom. All rights reserved. # Modifications Copyright © 2024-2025 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,7 @@ spring: password: "${RESTSERVER_PASSWORD}" mvc.converters.preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/policyadmin driverClassName: org.postgresql.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/components/policy-api/resources/config/db-pg.sh index a7fc088d55..a7fc088d55 100644 --- a/kubernetes/policy/resources/config/db-pg.sh +++ b/kubernetes/policy/components/policy-api/resources/config/db-pg.sh diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/components/policy-api/resources/config/db_migrator_pg_policy_init.sh index 15a6e3224f..15a6e3224f 100644 --- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh +++ b/kubernetes/policy/components/policy-api/resources/config/db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index 0b1873afd4..a4962b46ed 100755 --- a/kubernetes/policy/components/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -3,6 +3,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. # Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# Modification (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,3 +35,12 @@ binaryData: {{- end }} data: {{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-db-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: +{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 063bc80445..20c02befae 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. +# Modification (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,29 +29,78 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} + {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} + {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }} + - name: {{ include "common.name" . }}-pg-config + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} - name: {{ include "common.name" . }}-readiness + command: + - /bin/sh + - -cx + - | + /docker-entrypoint-initdb.d/db-pg.sh + env: + - name: PG_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + {{- if eq .Values.global.postgres.localCluster true }} + name: '{{ include "common.release" . }}-policy-db-root-password' + {{- else }} + name: '{{ .Values.global.postgres.userRootSecret }}' + {{- end }} + key: password + - name: PG_HOST + value: "{{ .Values.global.postgres.service.name2 }}" + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: PG_USER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: PG_PORT + value: "{{ .Values.global.postgres.service.port }}" resources: - limits: - cpu: "100m" - memory: "500Mi" requests: - cpu: "3m" - memory: "20Mi" + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 128Mi + volumeMounts: + - mountPath: /docker-entrypoint-initdb.d/db-pg.sh + name: {{ include "common.fullname" . }}-config + subPath: db-pg.sh + - name: {{ include "common.name" . }}-pg-db-migrator + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_pg_policy_init.sh + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + command: + - /bin/sh + - -cx + - | + /dbcmd-config/db_migrator_pg_policy_init.sh + env: + - name: SQL_HOST + value: "{{ .Values.global.postgres.service.name2 }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "postgres" + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} - command: - sh args: @@ -58,9 +108,9 @@ spec: - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} - name: RESTSERVER_PASSWORD @@ -70,10 +120,17 @@ spec: name: apiconfig - mountPath: /config name: apiconfig-processed + name: {{ include "common.name" . }}-update-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi {{ include "common.containerSecurityContext" . | indent 10 | trim }} - name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} @@ -90,7 +147,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: httpGet: path: {{ .Values.readiness.api }} @@ -140,4 +197,15 @@ spec: - name: logs emptyDir: sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - {{- include "common.imagePullSecrets" . | nindent 6 }} + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: + sizeLimit: {{ .Values.dirSizes.migration.sizeLimit }} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 + items: + - key: db-pg.sh + path: db-pg.sh + - key: db_migrator_pg_policy_init.sh + path: db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index f65ce801f4..a9d0449f86 100644 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. -# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2025 Deutsche Telekom. All rights reserved. # Modifications Copyright © 2024-2025 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,12 +25,18 @@ global: nodePortPrefix: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: db-creds + - uid: db-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' @@ -44,6 +50,17 @@ secrets: passwordPolicy: required ################################################################# +# DB configuration defaults. +################################################################# + +dbmigrator: + image: onap/policy-db-migrator:4.1.0 + schemas: "policyadmin clampacm pooling operationshistory" + policy_home: "/opt/app/policy" + +postgresImage: library/postgres:17.2 + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -57,9 +74,11 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - internalPgPort: 5432 + +readinessCheck: + wait_for: + services: + - '{{ .Values.global.postgres.service.name2 }}' restServer: user: policyadmin @@ -131,6 +150,11 @@ dirSizes: sizeLimit: 1Gi logDir: sizeLimit: 500Mi + migration: + sizeLimit: 1Gi + +dbReadiness: + retryCount: 3 #Pods Service Account serviceAccount: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 5d26bfdad9..61a95ce117 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2021, 2025 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021-2024 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime name: policy-clamp-runtime-acm -version: 16.0.0 +version: 16.0.2 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index a296e8c7a4..d22d73a642 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -25,7 +25,7 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/clampacm driverClassName: org.postgresql.Driver username: ${SQL_USER} password: ${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index c09a3616b0..79120a3f33 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,28 +30,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-config-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 00bd0acdbd..540b3732a5 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,12 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 #Strimzi Kafka properties kafkaTopics: acRuntimeOperationTopic: @@ -90,9 +96,6 @@ kafkaTopic: db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - pgPort: 5432 # default number of instances replicaCount: 1 @@ -164,9 +167,10 @@ serviceAccount: roles: - read -wait_for_job_container: - containers: - - '{{ include "common.release" . }}-galera-migrator-config' +readinessCheck: + wait_for: + services: + - policy-api customNaming: toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 05615a28c1..fc81c4c4d0 100644 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -2,7 +2,7 @@ # Modifications Copyright © 2018, 2020 AT&T Intellectual Property # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Drools Policy Engine (PDP-D) name: policy-drools-pdp -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -31,3 +31,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index b1a7f04b58..e4bc752bf9 100644 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -3,6 +3,7 @@ # Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property. # Modifications Copyright (C) 2021 Bell Canada. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. +# Modifications Copyright (C) 2025 Deutsche Telekom. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,9 +42,9 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.db.pgName }} -SQL_PORT={{ .Values.db.pgPort }} -JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/ +SQL_HOST={{ .Values.global.postgres.service.name2 }} +SQL_PORT={{ .Values.global.postgres.service.port }} +JDBC_URL=jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/ JDBC_OPTS= JDBC_DRIVER=org.postgresql.Driver diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index e8c0a5edea..d7bcccf121 100644 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -2,7 +2,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,28 +29,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- if not .Values.nexus.offline }} - command: - /app/ready.py diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index d84c26eeea..40de912ef0 100644 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -2,7 +2,7 @@ # Copyright © 2017, 2021 Bell Canada # Modifications Copyright © 2018-2022 AT&T Intellectual Property # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,12 @@ ################################################################# global: nodePortPrefix: 302 + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -104,8 +110,6 @@ nexus: offline: true db: - pgName: policy-pg-primary - pgPort: 5432 password: policy_user pap: @@ -281,3 +285,8 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml index 78a804a75c..f776feae35 100644 --- a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy OPA PDP (PDP-O) name: policy-opa-pdp -version: 16.0.0 +version: 16.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml index 4a3f85ead7..1942a59f6f 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml @@ -26,4 +26,3 @@ metadata: labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} - diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml index 744562d261..90ff759bb8 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: - name: opa-bundles mountPath: /app/bundles - name: logs - mountPath: /var/log + mountPath: /var/logs resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: diff --git a/kubernetes/policy/components/policy-opa-pdp/values.yaml b/kubernetes/policy/components/policy-opa-pdp/values.yaml index b7a5944ea4..0971dc8d7f 100644 --- a/kubernetes/policy/components/policy-opa-pdp/values.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/values.yaml @@ -80,19 +80,8 @@ config: policyPdpPapTopic: policy-pdp-pap securityContext: - fsGroup: 1000 user_id: 1000 group_id : 1000 - runAsNonRoot: true - runAsUser: 1000 - - -containerSecurityContext: - runAsGroup: 1000 - runAsUser: 1000 - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: true kafka: groupid: "policy-opa-pdp" @@ -112,8 +101,6 @@ persistence: parameters: {} storageclassProvisioner: cinder-os - - # default number of instances replicaCount: 1 @@ -192,7 +179,6 @@ resources: memory: "2Gi" unlimited: {} - dirSizes: emptyDir: sizeLimit: 1Gi diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 6f5905e8ee..5a676e94d7 100644 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -3,7 +3,7 @@ # Modified Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ apiVersion: v2 description: ONAP Policy Administration (PAP) name: policy-pap -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -35,3 +35,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 614cff344f..7b9a0f179e 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -26,7 +26,7 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/policyadmin driverClassName: org.postgresql.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index e94e82764d..5722563b47 100644 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -3,7 +3,7 @@ # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,28 +32,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-db-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: @@ -151,8 +130,8 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime - hostPath: - path: /etc/localtime + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} - name: empty-dir emptyDir: sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 7f421fff5e..a7b3c5a4f2 100644..100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -3,7 +3,7 @@ # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. # Modifications Copyright © 2022-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,12 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -78,9 +84,6 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - internalPgPort: 5432 restServer: user: policyadmin @@ -237,3 +240,8 @@ kafkaUser: type: topic patternType: prefix operations: [Create, Describe, Read, Write] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index 9ec8f21457..347ca0dda2 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024-2025 Nordix Foundation -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp -version: 16.0.1 +version: 16.0.3 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index 46d6b2a842..8641165d3c 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2024-2025 Nordix Foundation. All rights reserved. +# Modifications (C) 2025 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -69,6 +70,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # eclipselink.target-database=PostgreSQL jakarta.persistence.jdbc.driver=org.postgresql.Driver -jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory +jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.port }}/operationshistory jakarta.persistence.jdbc.user=${SQL_USER} jakarta.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 4cebd27f74..cd23866263 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -2,7 +2,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,28 +38,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-pg-migrator-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - command: - sh args: @@ -206,8 +185,8 @@ spec: emptyDir: sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: localtime - hostPath: - path: /etc/localtime + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} - name: pdpxconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 2f315838e0..ff0bea4ce6 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2024-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,12 @@ ################################################################# global: persistence: {} + postgres: + service: + name: policy-postgres + name2: policy-pg-primary + name3: policy-pg-replica + port: 5432 ################################################################# # Secrets metaconfig @@ -64,9 +70,6 @@ debugEnabled: false db: user: policy-user password: policy_user - service: - pgName: policy-pg-primary - pgPort: 5432 restServer: user: healthcheck @@ -229,3 +232,8 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + +readinessCheck: + wait_for: + services: + - policy-api diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml deleted file mode 100755 index 06249a068c..0000000000 --- a/kubernetes/policy/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018, 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021-2022 Nordix Foundation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-configmap - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -data: -{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml deleted file mode 100755 index 3cd18c7d65..0000000000 --- a/kubernetes/policy/templates/job.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada -# Modifications Copyright © 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2022-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pg-init - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-init") | nindent 4 }} - {{- if .Values.jobAnnotations }} - annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-init") | nindent 8 }} - name: {{ include "common.name" . }}-pg-init - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }} - containers: - - name: {{ include "common.name" . }}-pg-config - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/db-pg.sh - name: {{ include "common.fullname" . }}-config - subPath: db-pg.sh - command: - - /bin/sh - - -cx - - | - {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /docker-entrypoint-initdb.d/db-pg.sh - env: - - name: PG_ADMIN_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} - - name: PG_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: PG_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: PG_USER_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: PG_PORT - value: "{{ .Values.postgres.service.internalPort }}" - resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 10m - memory: 10Mi - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-db-configmap - defaultMode: 0755 - items: - - key: db-pg.sh - path: db-pg.sh ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pg-migrator-config - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-migrator-config") | nindent 4 }} - {{- if .Values.jobAnnotations }} - annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "pg-migrator-config") | nindent 8 }} - name: {{ include "common.name" . }}-pg-migrator-config - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-pg-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }}-pg-db-migrator - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_pg_policy_init.sh - - mountPath: /opt/app/policy/etc/db/ - name: {{ include "common.fullname" . }}-migration-writable - command: - - /bin/sh - - -cx - - | - {{- if include "common.requireSidecarKiller" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_pg_policy_init.sh - env: - - name: SQL_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schemas }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "postgres" - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if (include "common.requireSidecarKiller" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - {{ include "common.containerSecurityContext" . | indent 10 | trim }} - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-migration-writable - emptyDir: {} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-db-configmap - defaultMode: 0755 - items: - - key: db_migrator_pg_policy_init.sh - path: db_migrator_pg_policy_init.sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 6e813825a0..32d374f118 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,7 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property # Modifications Copyright (C) 2021-2025 Nordix Foundation. -# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,12 +25,11 @@ global: # flag to enable the DB creation via pgo-operator useOperator: false service: - name: pgset - name2: tcp-pgset-primary - name3: tcp-pgset-replica - container: - name: postgres - nameOverride: "policy-postgres" + name: &postgresName policy-postgres + name2: &postgresName2 policy-pg-primary + name3: &postgresName3 policy-pg-replica + port: &postgresPort 5432 + nameOverride: *postgresName # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> kafkaBootstrap: strimzi-kafka-bootstrap:9092 @@ -157,15 +156,6 @@ policy-nexus: config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -################################################################# -# DB configuration defaults. -################################################################# - -dbmigrator: - image: onap/policy-db-migrator:4.1.0 - schemas: "policyadmin clampacm pooling operationshistory" - policy_home: "/opt/app/policy" - subChartsOnly: enabled: true @@ -216,19 +206,18 @@ config: groupId: policy-group someConfig: blah -postgresImage: library/postgres:17.2 # application configuration override for postgres postgres: nameOverride: &postgresName policy-postgres service: name: *postgresName - name2: policy-pg-primary - name3: policy-pg-replica - internalPort: 5432 + name2: *postgresName2 + name3: *postgresName3 + internalPort: *postgresPort container: name: - primary: policy-pg-primary - replica: policy-pg-replica + primary: *postgresName2 + replica: *postgresName3 persistence: mountSubPath: policy/postgres/data mountInitPath: policy @@ -239,11 +228,6 @@ postgres: pgUserExternalSecret: *dbSecretName pgRootPasswordExternalSecret: *dbRootPassSecretName -readinessCheck: - wait_for_postgres: - services: - - '{{ .Values.global.postgres.service.name2 }}' - restServer: policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 @@ -279,18 +263,3 @@ serviceAccount: nameOverride: policy roles: - read - -# Annotations to control the execution and deletion of the job -# Can be used to delete a job before an Upgrade -# -# jobAnnotations: -# # In case of an ArgoCD deployment this Hook deletes the job before syncing -# argocd.argoproj.io/hook: Sync -# argocd.argoproj.io/hook-delete-policy: BeforeHookCreation -# -# # In case of an Helm/Flux deployment this Hook deletes the job -# # This is what defines this resource as a hook. Without this line, the -# # job is considered part of the release. -# "helm.sh/hook": "pre-upgrade,pre-rollback,post-install" -# "helm.sh/hook-delete-policy": "before-hook-creation" -# "helm.sh/hook-weight": "1" |