diff options
Diffstat (limited to 'kubernetes/policy/components')
56 files changed, 180 insertions, 408 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index 2318a592eb..c8a2862326 100755 --- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml @@ -34,6 +34,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 3a38b88d56..441955f1ed 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -30,23 +30,17 @@ "useHttps": false, "fetchTimeout": 15000, "servers": [ "${KAFKA_URL}" ], -{{ if .Values.global.useStrimziKafkaPf }} "topicCommInfrastructure": "kafka", "additionalProps": { "group.id" : "${GROUP_ID}", "security.protocol": "SASL_PLAINTEXT", "sasl.mechanism": "${SASL}", "sasl.jaas.config": "${JAASLOGIN}" - } -{{ else }} - "topicCommInfrastructure": "dmaap" -{{ end }} - }], + }}], "topicSinks" : [{ "topic": "${PAP_TOPIC}", "useHttps": false, "servers": [ "${KAFKA_URL}" ], -{{ if .Values.global.useStrimziKafkaPf }} "topicCommInfrastructure": "kafka", "additionalProps": { "group.id" : "${GROUP_ID}", @@ -54,9 +48,6 @@ "sasl.mechanism": "${SASL}", "sasl.jaas.config": "${JAASLOGIN}" } -{{ else }} - "topicCommInfrastructure": "dmaap" -{{ end }} }] } } diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml index daed724cbd..de3e6d1004 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml @@ -31,45 +31,29 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafkaPf }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: ["/bin/sh", "-cx"] -{{- if .Values.global.useStrimziKafkaPf }} args: - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done -{{ else }} - args: - - cd /config-input && for PFILE in `ls -1`; - do envsubst <${PFILE} >/config/${PFILE}; done -{{ end }} env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafkaPf }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config - name: KAFKA_URL - value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} - name: SASL value: {{ .Values.kafkaUser.authenticationType | upper }} - name: GROUP_ID value: {{ .Values.config.kafka.consumer.groupId }} - name: PAP_TOPIC value: {{ .Values.config.app.listener.policyPdpPapTopic }} -{{ else }} - - name: KAFKA_URL - value: message-router - - name: PAP_TOPIC - value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }} -{{- end }} volumeMounts: - mountPath: /config-input name: apexconfig-input @@ -104,9 +88,6 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /var/log/onap name: policy-logs - mountPath: /home/apexuser/config @@ -122,9 +103,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: policy-logs emptyDir: {} - name: apexconfig-input diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml index d2fab9f535..4259381afe 100644 --- a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml @@ -13,6 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafkaPf }} {{ include "common.kafkauser" . }} -{{ end }} + diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index e01cb61176..3fd1a26f36 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -25,7 +25,6 @@ global: nodePortPrefix: 302 persistence: {} - useStrimziKafkaPf: set-via-parent-chart-global-value ################################################################# # Secrets metaconfig @@ -48,7 +47,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:3.1.0 +image: onap/policy-apex-pdp:3.1.2 pullPolicy: Always # flag to enable debugging - application support required @@ -93,7 +92,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) @@ -145,25 +144,13 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafkaPf: true - kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: groupId: policy-apex app: listener: policyPdpPapTopic: policy-pdp-pap -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# -# Any new property can be added in the env by setting in overrides in the format mentioned below -# All the added properties must be in "key: value" format instead of yaml. + kafkaUser: authenticationType: scram-sha-512 acls: @@ -178,7 +165,3 @@ kafkaUser: type: topic patternType: prefix operations: [Create, Describe, Read, Write] - -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index ccb1e1971b..8de035e5d1 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -85,9 +85,6 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/api/etc/mounted name: apiconfig-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -101,9 +98,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: apiconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 530f021d85..c76be2fb23 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -48,7 +48,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:3.1.0 +image: onap/policy-api:3.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index 10baa90eba..e35dd3d6f0 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -31,6 +31,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 34d267bc26..31aa1b746a 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -41,40 +41,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index 4ed282ade4..d34da146a5 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-a1pms-ppnt-config @@ -78,9 +73,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-a1pms-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -94,9 +86,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-a1pms-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index ac74011463..3f5e7dfc0d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -21,8 +21,6 @@ ################################################################# global: persistence: {} - #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -42,7 +40,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-a1pms-ppnt:7.1.0 +image: onap/policy-clamp-ac-a1pms-ppnt:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-a1pms-ppnt @@ -77,7 +75,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -140,7 +138,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index abdd038607..faa7014a79 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -31,6 +31,4 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' + diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index 6cc45cc5c6..a04c37fe3d 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -41,40 +41,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 8d0d22901b..e502c1a091 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-http-ppnt-config @@ -78,9 +73,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-http-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -94,9 +86,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-http-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 419c2c02aa..0bcc66e4e1 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -42,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-http-ppnt:7.1.0 +image: onap/policy-clamp-ac-http-ppnt:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-http-ppnt @@ -67,7 +66,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -130,7 +129,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index f6aade83b7..aa6d08a3de 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -33,6 +33,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 761f19c5e3..14deab557b 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -43,40 +43,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index d69a85824e..cfc2fc7fac 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-k8s-ppnt-config @@ -78,9 +73,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-k8s-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -94,9 +86,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-k8s-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 5d82c83cc5..35530405bd 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -23,7 +23,6 @@ global: nodePortPrefixExt: 304 persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -43,7 +42,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:7.1.0 +image: onap/policy-clamp-ac-k8s-ppnt:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-k8s-ppnt @@ -89,7 +88,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read flavor: small resources: @@ -147,6 +146,3 @@ kafkaUser: type: topic operations: [Read, Write] -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml index 281f3c86ed..44c80ff879 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -31,6 +31,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml index af9d46a807..89cf9494a3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -48,40 +48,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml index f5ecd27ee1..8574979cbc 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -41,13 +38,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-kserve-ppnt-config @@ -78,9 +73,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-kserve-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -94,9 +86,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-kserve-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml index 16a3f72049..b7e7364eab 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index a432fff142..f19ebf0cb5 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -42,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-kserve-ppnt:7.1.0 +image: onap/policy-clamp-ac-kserve-ppnt:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-kserve-ppnt @@ -67,7 +66,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -129,7 +128,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index 05b3f2e61e..f860393f43 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -31,6 +31,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index f4c26e430a..1cd4ba318c 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -59,40 +59,28 @@ participant: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} participantSupportedElementTypes: - typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 5786fcfabd..9026309fa1 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - sh args: @@ -49,13 +46,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-pf-ppnt-config @@ -86,9 +81,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-pf-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -102,9 +94,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-pf-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index c867891b78..7fc4f71eeb 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -22,7 +22,6 @@ global: persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -54,7 +53,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:7.1.0 +image: onap/policy-clamp-ac-pf-ppnt:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-ac-pf-ppnt @@ -87,7 +86,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read # probe configuration parameters liveness: @@ -151,7 +150,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 4f929628c7..bdd6c99c53 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -33,6 +33,4 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' + diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 96cb265567..35e42c589d 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -75,40 +75,28 @@ runtime: useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: group.id: {{ (first .Values.kafkaUser.acls).name }} allow.auto.create.topics: false security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} topicSinks: - useHttps: false fetchTimeout: 15000 topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} - {{ if .Values.global.useStrimziKafka }} topicCommInfrastructure: kafka servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} additionalProps: client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} - {{ else }} - topicCommInfrastructure: dmaap - servers: - - ${topicServer:message-router} - {{ end }} acmParameters: toscaElementName: {{ .Values.customNaming.toscaElementName }} toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index be8c35aaea..b0ea909e55 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -28,9 +28,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafka }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - /app/ready.py args: @@ -66,13 +63,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: ac-runtime-config @@ -103,9 +98,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-runtime-config-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -119,9 +111,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: ac-runtime-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml index 92184b8e85..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafka }} {{ include "common.kafkauser" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 34cceeded2..6f2f230d3b 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -23,7 +23,6 @@ global: nodePortPrefixExt: 304 persistence: {} #Strimzi Kafka properties - useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: acRuntimeTopic: name: &acRuntimeTopic policy.clamp-runtime-acm @@ -49,7 +48,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:7.1.0 +image: onap/policy-clamp-runtime-acm:7.1.2 pullPolicy: Always componentName: &componentName policy-clamp-runtime-acm @@ -122,7 +121,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: policy-gui-read flavor: small @@ -149,10 +148,6 @@ serviceAccount: roles: - read -readinessCheck: - wait_for: - - message-router - wait_for_job_container: containers: - '{{ include "common.release" . }}-policy-galera-config' diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index f4b8ff7182..62a3bfc98e 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -86,9 +86,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/distribution/etc/mounted name: distributionconfig resources: {{ include "common.resources" . | nindent 12 }} @@ -102,9 +99,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: distributionconfig-input configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index fd2fe2e5df..ba160c86b2 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -58,7 +58,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:3.1.0 +image: onap/policy-distribution:3.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index cf3c54aab4..2e6efae345 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -56,15 +56,15 @@ PROMETHEUS=true # PDP-D DMaaP configuration channel -PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION -PDPD_CONFIGURATION_SERVERS=message-router +PDPD_CONFIGURATION_TOPIC=pdpd_configuration +PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} PDPD_CONFIGURATION_CONSUMER_GROUP= PDPD_CONFIGURATION_CONSUMER_INSTANCE= PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel -POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_TOPIC=policy-pdp-pap POLICY_PDP_PAP_GROUP=defaultGroup POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools @@ -85,13 +85,13 @@ GUARD_DISABLED=false # DCAE DMaaP -DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT -DCAE_SERVERS=message-router +DCAE_TOPIC=unauthenticated.dcae_cl_output +DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP -DMAAP_SERVERS=message-router +KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} DMAAP_HTTPS="false" # AAI diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf index 761e8afef8..006388af61 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf @@ -15,4 +15,4 @@ # limitations under the License. */}} -POOLING_TOPIC=POOLING +POOLING_TOPIC=pooling diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml new file mode 100644 index 0000000000..1d571df8b7 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2024 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index 013732e2d2..ba0e2d1a41 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -51,7 +51,7 @@ spec: - command: - /app/ready.py args: - - --container-name + - --service-name - {{ .Values.nexus.name }} env: - name: NAMESPACE @@ -59,6 +59,14 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness @@ -99,9 +107,6 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-secret @@ -123,9 +128,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 6e86b3e64a..992cf01938 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -41,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:2.1.0 +image: onap/policy-pdpd-cl:2.1.2 pullPolicy: Always # flag to enable debugging - application support required @@ -83,7 +83,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read server: jvmOpts: -server -XshowSettings:vm @@ -197,3 +197,24 @@ metrics: chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-drools-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-drools-pdp + type: group + operations: [ Create, Describe, Read, Write ] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index ff1ae9472c..a236d5f558 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -47,7 +47,7 @@ spec: - command: - /app/ready.py args: - - --container-name + - --service-name - policy-clamp-runtime-acm env: - name: NAMESPACE diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 3338d8f724..6d9b712250 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -29,7 +29,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:3.1.0 +image: onap/policy-gui:3.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index c56ed8d2b9..3d03338836 100755 --- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -51,9 +51,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /sonatype-work name: nexus-data resources: @@ -72,9 +69,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: nexus-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 697aaa1575..0634118a4f 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -34,6 +34,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 5496d93174..614116ae23 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -75,15 +75,9 @@ pap: name: PapGroup aaf: false topic: - {{ if .Values.global.useStrimziKafkaPf }} pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }} notification.name: {{ .Values.config.kafka.topics.policyNotification }} heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }} - {{ else }} - pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }} - notification.name: {{ .Values.dmaap.topics.policyNotification }} - heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }} - {{ end }} pdpParameters: heartBeatMs: 120000 updateParameters: @@ -97,77 +91,49 @@ pap: topicSources: - useHttps: false fetchTimeout: 15000 - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} - useHttps: false fetchTimeout: 15000 - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyHeartbeat }} effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyHeartbeat }} - effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} topicSinks: - useHttps: false - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyPdpPap }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyPdpPap }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} - useHttps: false - {{ if .Values.global.useStrimziKafkaPf }} topic: {{ .Values.config.kafka.topics.policyNotification }} servers: - - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} topicCommInfrastructure: kafka additionalProps: group.id : {{ .Values.config.kafka.consumer.groupId }} security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${JAASLOGIN} - {{ else }} - topic: {{ .Values.dmaap.topics.policyNotification }} - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - {{ end }} + # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: # - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 67a2270fb8..9ca8b84a47 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -29,9 +29,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: -{{- if not .Values.global.useStrimziKafkaPf }} -{{ include "common.readinessCheck.waitFor" . | nindent 6 }} -{{- end }} - command: - /app/ready.py args: @@ -78,13 +75,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} -{{- if .Values.global.useStrimziKafkaPf }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- end }} volumeMounts: - mountPath: /config-input name: papconfig @@ -126,9 +121,6 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted name: papconfig-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -142,9 +134,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: papconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml index d2fab9f535..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml @@ -13,6 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ if .Values.global.useStrimziKafkaPf }} {{ include "common.kafkauser" . }} -{{ end }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 365028c229..4b8ed70fcc 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,7 +25,6 @@ global: nodePortPrefixExt: 304 persistence: {} - useStrimziKafkaPf: set-via-parent-chart-global-value postgres: localCluster: false @@ -69,7 +68,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:3.1.0 +image: onap/policy-pap:3.1.2 pullPolicy: Always # flag to enable debugging - application support required @@ -139,7 +138,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: portal-app-read flavor: small @@ -185,8 +184,6 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafkaPf: true - kafkaBootstrap: strimzi-kafka-bootstrap kafka: topics: policyHeartbeat: policy-heartbeat @@ -198,11 +195,6 @@ config: listener: policyPdpPapTopic: policy-pdp-pap -dmaap: - topics: - policyHeartbeat: POLICY-HEARTBEAT - policyNotification: POLICY-NOTIFICATION - policyPdpPap: POLICY-PDP-PAP # If targeting a custom kafka cluster, ie useStrimziKakfa: false # uncomment below config and target your kafka bootstrap servers, # along with any other security config. @@ -233,6 +225,3 @@ kafkaUser: patternType: prefix operations: [Create, Describe, Read, Write] -readinessCheck: - wait_for: - - message-router diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 08dcb67182..7bf6707136 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -42,18 +42,30 @@ "applicationPath": "/opt/app/policy/pdpx/apps" }, "topicParameterGroup": { - "topicSources" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "fetchTimeout" : 15000, - "topicCommInfrastructure" : "dmaap" + "topicSources": [{ + "topic": "${PAP_TOPIC}", + "useHttps": false, + "fetchTimeout": 15000, + "servers": [ "${KAFKA_URL}" ], + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id": "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } }], "topicSinks" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "topicCommInfrastructure" : "dmaap" - }] + "topic": "${PAP_TOPIC}", + "useHttps": false, + "servers": [ "${KAFKA_URL}" ], + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id": "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } + }] } } diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index b475d2ce2d..cda1aa4bae 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -53,7 +53,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -67,6 +67,19 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} volumeMounts: - mountPath: /config-input name: pdpxconfig @@ -97,9 +110,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -113,9 +123,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: pdpxconfig configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml new file mode 100644 index 0000000000..1d571df8b7 --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2024 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index b9d877fe7b..c9a5a068fb 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -49,9 +49,11 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:3.1.0 +image: onap/policy-xacml-pdp:3.1.2 pullPolicy: Always +componentName: &componentName policy-xacml-pdp + # flag to enable debugging - application support required debugEnabled: false @@ -93,7 +95,7 @@ readiness: service: type: ClusterIP - name: policy-xacml-pdp + name: *componentName internalPort: 6969 ports: - name: http @@ -123,7 +125,7 @@ serviceMesh: - serviceAccount: dcae-ves-collector-read - serviceAccount: dcae-ves-mapper-read - serviceAccount: dcae-ves-openapi-manager-read - - serviceAccount: message-router-read + - serviceAccount: strimzi-kafka-read - serviceAccount: oof-read - serviceAccount: sdnc-read @@ -147,7 +149,7 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-xacml-pdp + nameOverride: *componentName roles: - read @@ -171,3 +173,26 @@ metrics: chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-xacml-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-xacml-pdp + type: group + operations: [ Create, Describe, Read, Write ] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + + |