summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt')
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml48
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml28
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml52
5 files changed, 93 insertions, 58 deletions
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
index 9f9bef2ddf..9a61fe6408 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# Copyright (C) 2022-2023 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,3 +31,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
index 40c07d4ad1..34d267bc26 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
@@ -16,16 +16,17 @@
# ============LICENSE_END=========================================================
spring:
- security:
- user:
- name: ${RESTSERVER_USER}
- password: ${RESTSERVER_PASSWORD}
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
- org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
- org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+
security:
enable-csrf: false
@@ -36,17 +37,44 @@ participant:
participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
- fetchTimeout: 15000
-
- topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
index 4590046a1e..a4810bae57 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if .Values.config.useStrimziKafka }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{- end }}
- command:
- sh
@@ -54,9 +41,12 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 6799635776..885f2c9793 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +22,11 @@
global:
persistence: {}
aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
@@ -43,13 +48,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
@@ -62,6 +60,8 @@ certStores:
image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-a1pms-ppnt
+
# application configuration
restServer:
user: participantUser
@@ -105,7 +105,7 @@ readiness:
service:
type: ClusterIP
- name: policy-clamp-ac-a1pms-ppnt
+ name: *componentName
ports:
- name: a1pms-api
port: 8086
@@ -131,32 +131,28 @@ resources:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-a1pms-ppnt
+ nameOverride: *componentName
roles:
- create
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router \ No newline at end of file