diff options
Diffstat (limited to 'kubernetes/policy/components/policy-pap')
6 files changed, 179 insertions, 111 deletions
diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json deleted file mode 100755 index e5cbd22105..0000000000 --- a/kubernetes/policy/components/policy-pap/resources/config/config.json +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -{ - "name":"PapGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":6969, - "userName":"${RESTSERVER_USER}", - "password":"${RESTSERVER_PASSWORD}", - "https": true, - "aaf": false, - "prometheus": true - }, - "pdpParameters": { - "heartBeatMs": 120000, - "updateParameters": { - "maxRetryCount": 1, - "maxWaitMs": 30000 - }, - "stateChangeParameters": { - "maxRetryCount": 1, - "maxWaitMs": 30000 - } - }, - "databaseProviderParameters": { - "name": "PolicyProviderParameterGroup", - "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", - "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", - "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD}", - "persistenceUnit": "PolicyMariaDb" - }, - "savePdpStatisticsInDb": true, - "topicParameterGroup": { - "topicSources" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps": true, - "fetchTimeout": 15000, - "topicCommInfrastructure" : "dmaap" - }, - { - "topic" : "POLICY-HEARTBEAT", - "effectiveTopic": "POLICY-PDP-PAP", - "consumerGroup": "policy-pap", - "servers" : [ "message-router" ], - "useHttps": true, - "fetchTimeout": 15000, - "topicCommInfrastructure" : "dmaap" - }], - "topicSinks" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : true, - "topicCommInfrastructure" : "dmaap" - }, - { - "topic" : "POLICY-NOTIFICATION", - "servers" : [ "message-router" ], - "useHttps" : true, - "topicCommInfrastructure" : "dmaap" - }] - }, - "healthCheckRestClientParameters":[{ - "clientName": "api", - "hostname": "policy-api", - "port": 6969, - "userName": "${API_USER}", - "password": "${API_PASSWORD}", - "useHttps": true, - "basePath": "policy/api/v1/healthcheck" - }, - { - "clientName": "distribution", - "hostname": "policy-distribution", - "port": 6969, - "userName": "${DISTRIBUTION_USER}", - "password": "${DISTRIBUTION_PASSWORD}", - "useHttps": true, - "basePath": "healthcheck" - }] -} diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml new file mode 100644 index 0000000000..6f501b8c21 --- /dev/null +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -0,0 +1,113 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Bell Canada. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: "${RESTSERVER_USER}" + password: "${RESTSERVER_PASSWORD}" + http: + converters: + preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + driverClassName: org.mariadb.jdbc.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + +server: + port: 6969 + ssl: + enabled: true + +pap: + name: PapGroup + aaf: false + pdpParameters: + heartBeatMs: 120000 + updateParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + stateChangeParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + savePdpStatisticsInDb: false + topicParameterGroup: + topicSources: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: true + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + - topic: POLICY-HEARTBEAT + effectiveTopic: POLICY-PDP-PAP + consumerGroup: policy-pap + servers: + - message-router + useHttps: true + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + topicSinks: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: true + topicCommInfrastructure: dmaap + - topic: POLICY-NOTIFICATION + servers: + - message-router + useHttps: true + topicCommInfrastructure: dmaap + healthCheckRestClientParameters: + - clientName: api + hostname: policy-api + port: 6969 + userName: "${API_USER}" + password: "${API_PASSWORD}" + useHttps: true + basePath: policy/api/v1/healthcheck + - clientName: distribution + hostname: policy-distribution + port: 6969 + userName: "${DISTRIBUTION_USER}" + password: "${DISTRIBUTION_PASSWORD}" + useHttps: true + basePath: healthcheck + - clientName: dmaap + hostname: message-router + port: 3905 + useHttps: true + basePath: topics + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + path-mapping.prometheus: metrics diff --git a/kubernetes/policy/components/policy-pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml index e1a5360ac2..ee03f70b00 100755 --- a/kubernetes/policy/components/policy-pap/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml @@ -36,4 +36,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 77474a8387..c33b80f4af 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,10 +81,10 @@ spec: {{- if .Values.global.aafEnabled }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"] {{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] - args: ["/opt/app/policy/pap/etc/mounted/config.json"] + args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] env: - name: KEYSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} @@ -101,10 +102,18 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: + path: {{ .Values.readiness.api }} port: {{ .Values.readiness.port }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: {{ .Values.readiness.scheme }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index a31de712ef..311653b860 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. -# Modifications Copyright (C) 2020 Bell Canada. +# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.6.0 +image: onap/policy-pap:2.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,7 +109,7 @@ db: restServer: user: policyadmin - password: none + password: zb!XztG34 healthCheckRestClient: api: @@ -128,7 +128,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -136,9 +136,14 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 - periodSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 120 port: http-api + api: /policy/pap/v1/healthcheck + scheme: HTTPS + successThreshold: 1 + failureThreshold: 3 + timeout: 60 service: type: ClusterIP @@ -175,3 +180,22 @@ serviceAccount: nameOverride: policy-pap roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: http-api + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-pap-user-creds + externalSecretUserKey: login + externalSecretPasswordKey: password |