diff options
Diffstat (limited to 'kubernetes/policy/charts')
29 files changed, 414 insertions, 101 deletions
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 0989a02e2e..7c58b3da54 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -63,5 +63,5 @@ BRMS_UEB_API_KEY= BRMS_UEB_API_SECRET= #Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.5.3 -BRMS_MODELS_DEPENDENCY_VERSION=2.1.4 +BRMS_DEPENDENCY_VERSION=1.6.0 +BRMS_MODELS_DEPENDENCY_VERSION=2.2.2 diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 2b2f383e6c..6ff76ddfd1 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -54,6 +54,11 @@ spec: name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/charts/brmsgw/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/brmsgw/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 03b3a3c2af..08afdeeac0 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,11 +22,22 @@ global: readinessImage: readiness-check:2.0.2 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.5.2 +image: onap/policy-pe:1.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -38,6 +49,10 @@ config: pdpPort: 8081 nexusPort: 8081 +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh deleted file mode 100644 index 5949db4dc4..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - - -docker-entrypoint.sh nexus
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/charts/drools/resources/configmaps/base.conf index 0b982fd7d0..c996d13e27 100644 --- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/base.conf @@ -1,5 +1,5 @@ # Copyright © 2017-2018 Amdocs, Bell Canada. -# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,6 @@ JVM_OPTIONS={{.Values.server.jvmOpts}} POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap/policy/pdpd -JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk # Telemetry credentials @@ -34,6 +33,7 @@ SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access @@ -56,6 +56,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_GROUP=defaultGroup # Symmetric Key for encoded sensitive data @@ -68,6 +69,9 @@ PAP_HOST=policy-pap # PDP-X PDP_HOST=policy-xacml-pdp +PDP_PORT=6969 +PDP_CONTEXT_URI=policy/pdpx/v1/ +GUARD_DISABLED=false # DCAE DMaaP @@ -81,19 +85,28 @@ DMAAP_SERVERS=message-router # AAI -AAI_URL=https://aai.{{.Release.Namespace}}:8443 +AAI_HOST=aai.{{.Release.Namespace}} +AAI_PORT=8443 +AAI_CONTEXT_URI= # MSO -SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra +SO_HOST=so.{{.Release.Namespace}} +SO_PORT=8080 +SO_CONTEXT_URI=onap/so/infra/ +SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra # VFC -VFC_URL= +VFC_HOST= +VFC_PORT= +VFC_CONTEXT_URI=api/nslcm/v1/ # SDNC -SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations +SDNC_HOST=sdnc.{{.Release.Namespace}} +SDNC_PORT=8282 +SDNC_CONTEXT_URI=restconf/operations/ # CDS diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/charts/drools/resources/configmaps/settings.xml new file mode 100644 index 0000000000..3777d27044 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/settings.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + ONAP + ================================================================================ + Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> + + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + + <offline>{{.Values.nexus.offline}}</offline> + + <profiles> + + <profile> + <id>policy-local</id> + + <repositories> + <repository> + <id>file-repository</id> + <url>file:${user.home}/.m2/file-repository</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-releases</id> + + <repositories> + <repository> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <url>${env.RELEASE_REPOSITORY_URL}</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-snapshots</id> + + <repositories> + <repository> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <url>${env.SNAPSHOT_REPOSITORY_URL}</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>onap-releases</id> + + <repositories> + <repository> + <id>onap-releases</id> + <name>onap-releases</name> + <url>https://nexus.onap.org/content/repositories/releases/</url> + <releases> + <enabled>true</enabled> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + + <id>onap-snapshots</id> + + <repositories> + <repository> + <id>onap-snapshots</id> + <name>onap-snapshots</name> + <url>https://nexus.onap.org/content/repositories/snapshots/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + </profiles> + + <activeProfiles> + <activeProfile>policy-local</activeProfile> + <activeProfile>policy-releases</activeProfile> + <activeProfile>policy-snapshots</activeProfile> + <activeProfile>onap-releases</activeProfile> + <activeProfile>onap-snapshots</activeProfile> + </activeProfiles> + + <servers> + <server> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + <server> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + </servers> + +</settings> diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf index 57269c18af..ee2acc40f2 100644 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -25,9 +25,6 @@ TELEMETRY_PASSWORD={{.Values.telemetry.password}} REPOSITORY_USERNAME={{.Values.nexus.user}} REPOSITORY_PASSWORD={{.Values.nexus.password}} -SQL_USER={{.Values.db.user}} -SQL_PASSWORD={{.Values.db.password}} - PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index 47e0b8cfb0..7fb84b5ddc 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index 047a77afef..e2463aa2c2 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -74,6 +74,10 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" + - name: SQL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index fbb4211920..b62772d57f 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,11 +25,22 @@ global: ubuntuImage: ubuntu:16.04 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.3 +image: onap/policy-pdpd-cl:1.6.0 pullPolicy: Always # flag to enable debugging - application support required @@ -90,6 +101,7 @@ nexus: user: admin password: admin123 port: 8081 + offline: true db: user: policy_user diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 48065aeb4b..e4517c7a5d 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -49,17 +49,38 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps": true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }, { "topic" : "POLICY-NOTIFICATION", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] - } + }, + "healthCheckRestClientParameters":[{ + "clientName": "api", + "hostname": "policy-api", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "useHttps": true, + "basePath": "policy/api/v1/healthcheck" + }, + { + "clientName": "distribution", + "hostname": "policy-distribution", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "useHttps": true, + "basePath": "healthcheck" + }] } diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index bcf08f20e8..05f43d66e0 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.1.2 +image: onap/policy-pap:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/charts/pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index 127c400c12..16d5fb5cec 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -58,6 +58,11 @@ spec: name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} resources: {{ include "common.resources" . | indent 12 }} ports: diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index af5bb9e383..7b9c561a61 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018,2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,17 +24,33 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.5.2 +image: onap/policy-pe:1.6.1 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false # application configuration + +db: + user: policy_user + password: policy_user + config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json index f26f35a9f4..3b6813d3e3 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -8,20 +8,36 @@ "https": true }, "pdpStatusParameters":{ + "pdpGroup": "defaultGroup", "timeIntervalMs": 120000, "pdpType":"apex", "description":"Pdp Heartbeat", - "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}] + "supportedPolicyTypes": [ + { + "name": "onap.policies.controlloop.operational.Apex", + "version": "1.0.0" + }, + { + "name": "onap.policies.native.Apex", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.operational.common.Apex", + "version": "1.0.0" + } + ] }, "topicParameterGroup": { "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 1dd1d18409..b149c17c48 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.2.2 +image: onap/policy-apex-pdp:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 8952ae86d8..ccfc07ae67 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,5 +33,37 @@ "databaseUser": "{{ .Values.global.mariadb.config.userName }}", "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", "persistenceUnit": "PolicyMariaDb" - } + }, + "preloadPolicyTypes": [ + "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", + "policytypes/onap.policies.Optimization.yaml", + "policytypes/onap.policies.optimization.Resource.yaml", + "policytypes/onap.policies.optimization.Service.yaml", + "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml", + "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml", + "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml", + "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml", + "policytypes/onap.policies.optimization.resource.PciPolicy.yaml", + "policytypes/onap.policies.optimization.service.QueryPolicy.yaml", + "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml", + "policytypes/onap.policies.optimization.resource.Vim_fit.yaml", + "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml", + "policytypes/onap.policies.controlloop.guard.Common.yaml", + "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", + "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", + "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", + "policytypes/onap.policies.controlloop.Operational.yaml", + "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.native.Drools.yaml", + "policytypes/onap.policies.native.Xacml.yaml", + "policytypes/onap.policies.native.Apex.yaml", + "policytypes/onap.policies.controlloop.operational.Common.yaml", + "policytypes/onap.policies.controlloop.operational.common.Apex.yaml", + "policytypes/onap.policies.controlloop.operational.common.Drools.yaml" + ], + "preloadPolicies" : [ + "policies/sdnc.policy.naming.input.tosca.yaml" + ] } diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index 3a55227d81..b5e10493dc 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.1.2 +image: onap/policy-api:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index 571104491e..93b02e76bc 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk +JAVA_HOME=/usr/local/openjdk-11 POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap KEYSTORE_PASSWD=Pol1cy_0nap diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index 052b6f2c2f..0e473105a2 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -78,8 +78,17 @@ else # wait for DB up # now that DB is up, invoke database upgrade # (which does nothing if the db is already up-to-date) - dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) - dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) + if [[ -v JDBC_USER ]]; then + dbuser=${JDBC_USER}; + else + dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) + fi + + if [[ -v JDBC_PASSWORD ]]; then + dbpw=${JDBC_PASSWORD} + else + dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) + fi db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}} fi diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index 5e1c80f80a..906263343a 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,28 +32,18 @@ "receptionHandlerConfigurationName":"sdcConfiguration", "pluginHandlerParameters":{ "policyDecoders":{ - "CsarDecoder":{ - "decoderType":"CsarDecoder", - "decoderClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpx", + "HpaDecoder":{ + "decoderType":"HpaDecoder", + "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa", "decoderConfigurationName": "csarToOptimizationPolicyConfiguration" }, - "ApexDecoder":{ - "decoderType":"ApexDecoder", + "ToscaPolicyDecoder":{ + "decoderType":"ToscaPolicyDecoder", "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy", - "decoderConfigurationName": "apexDecoderConfiguration" + "decoderConfigurationName": "toscaPolicyDecoderConfiguration" } }, "policyForwarders":{ - "PAPEngineForwarder":{ - "forwarderType":"PAPEngine", - "forwarderClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarder", - "forwarderConfigurationName": "xacmlPdpConfiguration" - }, - "ApexForwarder":{ - "forwarderType":"ApexForwarder", - "forwarderClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarder", - "forwarderConfigurationName": "apexForwarderConfiguration" - }, "LifeCycleApiForwarder":{ "forwarderType":"LifeCycleAPI", "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder", @@ -85,13 +76,13 @@ "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false + "isUseHttpsWithDmaap": true } } }, "policyDecoderConfigurationParameters":{ "csarToOptimizationPolicyConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpxConfigurationParameterGroup", + "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters", "parameters":{ "policyNamePrefix": "oofCasablanca", "onapName": "OOF", @@ -101,37 +92,15 @@ "riskLevel": "2" } }, - "apexDecoderConfiguration":{ + "toscaPolicyDecoderConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup", "parameters":{ - "policyFileName": "apex_policy", - "policyTypeFileName": "apex_policy_type" + "policyFileName": "tosca_policy", + "policyTypeFileName": "tosca_policy_type" } } }, "policyForwarderConfigurationParameters":{ - "xacmlPdpConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup", - "parameters":{ - "useHttps": true, - "hostname": "pdp", - "port": 8081, - "userName": "testpdp", - "password": "alpha123", - "clientAuth": "cHl0aG9uOnRlc3Q=", - "isManaged": true, - "pdpGroup": "default" - } - }, - "apexForwarderConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarderParameterGroup", - "parameters":{ - "hostname":"policy-apex-pdp", - "port":"12345", - "ignoreConflicts": true, - "forceUpdate": true - } - }, "lifecycleApiConfiguration":{ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters", "parameters":{ diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 04257a4725..2d62d1b571 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.2.1 +image: onap/policy-distribution:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index 7fd8572c1f..a52cc0f6d4 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +39,13 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], + "useHttps" : true, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index 29feeb6e24..f2c2cd7765 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -49,5 +49,5 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory -javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }} -javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }} +javax.persistence.jdbc.user=${SQL_USER} +javax.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 57e7c78218..5b02c177b5 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -37,6 +37,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 161722b585..dc7266e9a1 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,11 +23,22 @@ global: persistence: {} ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.1.2 +image: onap/policy-xacml-pdp:2.2.0 pullPolicy: Always # flag to enable debugging - application support required @@ -35,6 +46,10 @@ debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 |