diff options
Diffstat (limited to 'kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt')
5 files changed, 93 insertions, 58 deletions
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index 9f9bef2ddf..9a61fe6408 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# Copyright (C) 2022-2023 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,3 +31,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 40c07d4ad1..34d267bc26 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -16,16 +16,17 @@ # ============LICENSE_END========================================================= spring: - security: - user: - name: ${RESTSERVER_USER} - password: ${RESTSERVER_PASSWORD} autoconfigure: exclude: - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + security: enable-csrf: false @@ -36,17 +37,44 @@ participant: participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 clampAutomationCompositionTopics: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - fetchTimeout: 15000 - - topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} + {{ end }} + topicSinks: + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap + servers: + - ${topicServer:message-router} + {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index 4590046a1e..a4810bae57 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,21 +28,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if .Values.config.useStrimziKafka }} - - command: - - /app/ready.py - args: - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} {{- end }} - command: - sh @@ -54,9 +41,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index 6799635776..885f2c9793 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +22,11 @@ global: persistence: {} aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -43,13 +48,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -62,6 +60,8 @@ certStores: image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-ac-a1pms-ppnt + # application configuration restServer: user: participantUser @@ -105,7 +105,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-ac-a1pms-ppnt + name: *componentName ports: - name: a1pms-api port: 8086 @@ -131,32 +131,28 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-a1pms-ppnt + nameOverride: *componentName roles: - create config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router
\ No newline at end of file |