diff options
Diffstat (limited to 'kubernetes/policy/charts')
15 files changed, 221 insertions, 10 deletions
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 6ff76ddfd1..5bbffb5836 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -33,6 +33,24 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -84,7 +102,7 @@ spec: name: pe-brmsgw subPath: brmsgw.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -115,5 +133,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 08afdeeac0..f578f09617 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -20,6 +20,7 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties new file mode 100644 index 0000000000..189248ffb3 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties @@ -0,0 +1,47 @@ +### +# ============LICENSE_START======================================================= +# feature-healthcheck +# ================================================================================ +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +http.server.services=HEALTHCHECK +http.server.services.HEALTHCHECK.host=0.0.0.0 +http.server.services.HEALTHCHECK.port=6969 +http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck +http.server.services.HEALTHCHECK.managed=false +http.server.services.HEALTHCHECK.swagger=true +http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER} +http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD} +http.server.services.HEALTHCHECK.https=true +http.server.services.HEALTHCHECK.aaf=${envd:AAF:false} +http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler + +http.client.services=PAP + +http.client.services.PAP.host={{ .Values.global.pap.nameOverride }} +http.client.services.PAP.port=9091 +http.client.services.PAP.contextUriPath=pap/test +http.client.services.PAP.https=true +http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME} +http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD} + +http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }} +http.client.services.PDP.port=8081 +http.client.services.PDP.contextUriPath=pdp/test +http.client.services.PDP.https=true +http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME} +http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD} diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf index ee2acc40f2..bb2b90c1a7 100644 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -34,9 +34,15 @@ POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} PAP_USERNAME={{.Values.pap.user}} PAP_PASSWORD={{.Values.pap.password}} +PAP_LEGACY_USERNAME={{.Values.papl.user}} +PAP_LEGACY_PASSWORD={{.Values.papl.password}} + PDP_USERNAME={{.Values.pdp.user}} PDP_PASSWORD={{.Values.pdp.password}} +PDP_LEGACY_USERNAME={{.Values.pdpl.user}} +PDP_LEGACY_PASSWORD={{.Values.pdpl.password}} + AAI_USERNAME={{.Values.aai.user}} AAI_PASSWORD={{.Values.aai.password}} diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index b62772d57f..58ce2d0455 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -115,6 +115,14 @@ pdp: user: healthcheck password: zb!XztG34 +papl: + user: testpap + password: alpha123 + +pdpl: + user: testpdp + password: alpha123 + aai: user: policy@policy.onap.org password: demo123456! diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index e4517c7a5d..544ecdfc32 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -41,8 +41,8 @@ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}", - "databaseUser": "{{ .Values.global.mariadb.config.userName }}", - "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", + "databaseUser": "${SQL_USER}", + "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" }, "topicParameterGroup": { diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index caef5218ef..85ca9c1486 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -31,6 +31,25 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: papconfig + - mountPath: /config + name: papconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,7 +77,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted - name: papconfig + name: papconfig-processed resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -77,5 +96,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: papconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/charts/pap/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/pap/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index 05f43d66e0..7edb3ab871 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -22,6 +22,18 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -36,6 +48,10 @@ debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index 16d5fb5cec..e55f9d0987 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -37,6 +37,24 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -84,7 +102,7 @@ spec: name: localtime readOnly: true - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/config/pdp-tweaks.sh name: pe-pdp @@ -144,5 +162,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index ccfc07ae67..2e46ccae96 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -30,8 +30,8 @@ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", - "databaseUser": "{{ .Values.global.mariadb.config.userName }}", - "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", + "databaseUser": "${SQL_USER}", + "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 25e80d0ac3..777cc4954d 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -31,6 +31,26 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: apiconfig + - mountPath: /config + name: apiconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,7 +78,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted - name: apiconfig + name: apiconfig-processed resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -77,5 +97,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: apiconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-api/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index b5e10493dc..fd66b69e4e 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -22,6 +22,18 @@ global: nodePortPrefix: 304 persistence: {} + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -35,6 +47,9 @@ pullPolicy: Always debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index 93b02e76bc..810b090069 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -21,8 +21,9 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap JDBC_DRIVER=org.mariadb.jdbc.Driver JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_USER={{ .Values.global.mariadb.config.userName }} -JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }} + +JDBC_USER=${JDBC_USER} +JDBC_PASSWORD=${JDBC_PASSWORD} site_name=site_1 fp_monitor_interval=30 |