diff options
Diffstat (limited to 'kubernetes/policy/components/policy-clamp-ac-kserve-ppnt')
7 files changed, 92 insertions, 95 deletions
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml index 281f3c86ed..863d07952f 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2023-2024 Nordix Foundation. All rights reserved. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Kserve Participant name: policy-clamp-ac-kserve-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common @@ -31,6 +32,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml index af9d46a807..6613235050 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -48,40 +48,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement @@ -108,5 +96,3 @@ server: context-path: /onap/policy/clamp/acm/kserveparticipant ssl: enabled: false - - diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml index f5ecd27ee1..3d1f4f8ca3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,10 +28,8 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +40,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-kserve-ppnt-config @@ -55,9 +52,11 @@ spec: name: ac-kserve-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"] @@ -78,11 +77,16 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-kserve-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-kserve-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -94,9 +98,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-kserve-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -104,4 +105,11 @@ spec: - name: ac-kserve-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml index 16a3f72049..6fc37c3d01 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml @@ -1,18 +1,16 @@ -{{/*
-# Copyright © 2023 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if .Values.global.useStrimziKafka }}
-{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml index ac5ee0b72f..073ffe9618 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml @@ -1,38 +1,38 @@ -{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
- namespace: {{ include "common.namespace" . }}
+{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} + namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index a432fff142..6f9868bc0d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +23,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -42,7 +42,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-kserve-ppnt:7.1.0 +image: onap/policy-clamp-ac-kserve-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-kserve-ppnt @@ -67,7 +67,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -107,6 +107,17 @@ resources: cpu: "1" memory: "1.4Gi" unlimited: {} + +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName @@ -129,7 +140,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file |