aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components/policy-xacml-pdp
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/components/policy-xacml-pdp')
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/Chart.yaml3
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties32
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml89
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/service.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/values.yaml29
6 files changed, 139 insertions, 18 deletions
diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
index a46d6128e8..a02171ef31 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 14.0.0
+version: 14.0.3
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index d2e9c62edf..3df3578fd2 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -1,4 +1,22 @@
{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
#
# Properties that the embedded PDP engine uses to configure and load
#
@@ -49,8 +67,14 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
#
# JPA Properties
#
+{{ if .Values.global.mariadbGalera.useInPolicy }}
eclipselink.target-database=MySQL
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory
+{{ else }}
+eclipselink.target-database=PostgreSQL
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory
+{{ end }}
+jakarta.persistence.jdbc.user=${SQL_USER}
+jakarta.persistence.jdbc.password=${SQL_PASSWORD} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index cda1aa4bae..828f6ec2c7 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -1,6 +1,8 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,12 +29,17 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -41,6 +48,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
@@ -87,9 +95,11 @@ spec:
name: pdpxconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
@@ -110,19 +120,87 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: policy-guard
+ mountPath: /opt/app/policy/pdpx/apps/guard
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/guard/xacml.properties
+ subPath: xacml.properties
+ - name: policy-match
+ mountPath: /opt/app/policy/pdpx/apps/match
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/match/xacml.properties
+ subPath: xacml.properties
+ - name: policy-monitoring
+ mountPath: /opt/app/policy/pdpx/apps/monitoring
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/monitoring/xacml.properties
+ subPath: xacml.properties
+ - name: policy-naming
+ mountPath: /opt/app/policy/pdpx/apps/naming
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/naming/xacml.properties
+ subPath: xacml.properties
+ - name: policy-native
+ mountPath: /opt/app/policy/pdpx/apps/native
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/native/xacml.properties
+ subPath: xacml.properties
+ - name: policy-optimization
+ mountPath: /opt/app/policy/pdpx/apps/optimization
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/optimization/xacml.properties
+ subPath: xacml.properties
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pdpx/etc/logback.xml
+ subPath: logback.xml
+ name: pdpxconfig-processed
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: policy-guard
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-match
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-monitoring
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-naming
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-native
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-optimization
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -130,4 +208,5 @@ spec:
- name: pdpxconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
index 3e76c2ba36..6dabd951b9 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
@@ -18,4 +18,4 @@
# ============LICENSE_END=========================================================
*/}}
-{{ include "common.service" . }} \ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index c9a5a068fb..b20ab89370 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +23,10 @@
#################################################################
global:
persistence: {}
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -49,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:3.1.2
+image: onap/policy-xacml-pdp:3.1.3
pullPolicy: Always
componentName: &componentName policy-xacml-pdp
@@ -63,8 +68,10 @@ db:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
restServer:
user: healthcheck
@@ -147,6 +154,18 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+ policyDir:
+ sizeLimit: 100Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
@@ -194,5 +213,3 @@ kafkaUser:
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
-
-