summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/templates')
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/templates/job.yaml71
-rw-r--r--kubernetes/policy/templates/policy-kafka-topics.yaml64
-rw-r--r--kubernetes/policy/templates/policy-kafka-user.yaml41
4 files changed, 174 insertions, 4 deletions
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 17558f86ea..c8b01ccb81 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index d59b5fe770..9fea669c37 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,9 +33,9 @@ spec:
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
@@ -71,6 +71,33 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-config
+ image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db-pg.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /docker-entrypoint-initdb.d/db-pg.sh
+ env:
+ - name: PG_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ - name: PG_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_USER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: PG_PORT
+ value: "{{ .Values.postgres.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
containers:
- name: {{ include "common.release" . }}-policy-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
@@ -95,8 +122,41 @@ spec:
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -108,3 +168,8 @@ spec:
path: db.sh
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - key: db-pg.sh
+ path: db-pg.sh
+ - key: db_migrator_pg_policy_init.sh
+ path: db_migrator_pg_policy_init.sh
+
diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml
new file mode 100644
index 0000000000..1894d62a42
--- /dev/null
+++ b/kubernetes/policy/templates/policy-kafka-topics.yaml
@@ -0,0 +1,64 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.acRuntimeTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.acRuntimeTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.acRuntimeTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.acRuntimeTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.policyPdpPapTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.policyPdpPapTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.policyPdpPapTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.policyPdpPapTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.policyHeartbeatTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.policyHeartbeatTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.policyHeartbeatTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.policyHeartbeatTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.policyNotificationTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.policyNotificationTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
+{{- end }}
diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml
new file mode 100644
index 0000000000..1bc7ab1d3a
--- /dev/null
+++ b/kubernetes/policy/templates/policy-kafka-user.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.acRuntimeTopic.name }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.acRuntimeTopic.name }}
+ operation: Write
+{{- end }}