diff options
Diffstat (limited to 'kubernetes/policy')
14 files changed, 648 insertions, 16 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 8f2723e72e..8c41754da5 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -63,6 +63,10 @@ dependencies: version: ~12.x-0 repository: 'file://components/policy-clamp-ac-http-ppnt' condition: policy-clamp-ac-http-ppnt.enabled + - name: policy-clamp-ac-a1pms-ppnt + version: ~12.x-0 + repository: 'file://components/policy-clamp-ac-a1pms-ppnt' + condition: policy-clamp-ac-a1pms-ppnt.enabled - name: policy-clamp-ac-pf-ppnt version: ~12.x-0 repository: 'file://components/policy-clamp-ac-pf-ppnt' diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml new file mode 100755 index 0000000000..9f9bef2ddf --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp A1PMS Participant +name: policy-clamp-ac-a1pms-ppnt +version: 12.0.0 + +dependencies: + - name: common + version: ~12.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~12.x-0 + repository: '@local' + - name: serviceAccount + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml new file mode 100755 index 0000000000..918f9af6cd --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -0,0 +1,70 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: A1PMSParticipant0 + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.A1PMSParticipant + version: 2.3.4 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus +server: + port: 8086 + servlet: + context-path: /onap/policy/clamp/acm/a1pmsparticipant + ssl: + enabled: false + + diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml new file mode 100755 index 0000000000..b0d310e3de --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2022 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml new file mode 100755 index 0000000000..adb025592d --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} +{{- if .Values.a1pmsconfig }} +{{ tpl (.Files.Glob "resources/config/A1pmsParticipantParameters.yaml").AsConfig . | indent 2 }} +{{ toYaml .Values.a1pmsconfig | indent 4 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }} +{{- end }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml new file mode 100755 index 0000000000..f7b6dbecd9 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -0,0 +1,124 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: +{{- if .Values.config.useStrimziKafka }} + - command: + - /app/ready.py + args: + - --container-name + - message-router + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness +{{- end }} + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-a1pms-ppnt-config + - mountPath: /config + name: ac-a1pms-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-a1pms-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-a1pms-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-a1pms-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secrets.yaml new file mode 100755 index 0000000000..3401d7f01f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml new file mode 100644 index 0000000000..19f522a71e --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml @@ -0,0 +1,21 @@ +{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml new file mode 100755 index 0000000000..7d8ff23433 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -0,0 +1,162 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: false + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: policy-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-a1pms-ppnt:6.4.0 +pullPolicy: Always + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +a1pmsconfig: + a1pms: + baseUrl: http://a1policymanagement.onap:8081 + headers: + content-type: application/json + endpoints: + health: /a1-policy/v2/rics + services: /a1-policy/v2/services + service: /a1-policy/v2/services/{service_id} + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: a1pms-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: a1pms-api + +service: + type: ClusterIP + name: policy-clamp-ac-a1pms-ppnt + ports: + - name: a1pms-api + port: 8086 + nodePort: 42 + + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-a1pms-ppnt + roles: + - create + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 + diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 1aa9044eab..94fc37b4ad 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -56,27 +56,23 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", - "messageBusAddress": [ - "message-router.{{ include "common.namespace" . }}" - ], + "environmentName": "AUTO", + "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, + "keyStorePath": "null", + "keyStorePassword": "null", + "activeserverTlsAuth": false, + "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "user": "${SDCBE_USER}", "password": "${SDCBE_PASSWORD}", + "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}", + "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}", "pollingInterval":20, "pollingTimeout":30, - "consumerId": "policy-id", "artifactTypes": [ "TOSCA_CSAR", "HEAT" ], - "consumerGroup": "policy-group", - "environmentName": "AUTO", - "keyStorePath": "null", - "keyStorePassword": "null", - "activeserverTlsAuth": false, - "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, - "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + "isFilterinEmptyResources": true } } }, diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 4745aac23b..9c71ac1920 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -75,6 +75,13 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SECURITY_PROTOCOL + value: {{ .Values.config.kafka.securityProtocol }} + - name: SASL_MECHANISM + value: {{ .Values.config.kafka.saslMechanism }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-dist-kafka-user" "key" "sasl.jaas.config") | indent 12 }} {{- if .Values.global.aafEnabled }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ diff --git a/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml b/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml new file mode 100644 index 0000000000..eb721b07bb --- /dev/null +++ b/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMechanism | lower }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + operation: Read + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.sdcTopic.pattern }} + operation: All diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index d9df88ce79..5cdda2f0b8 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -55,7 +55,13 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.trustStorePassword }}' passwordPolicy: required - + - uid: policy-dist-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Global configuration defaults. ################################################################# @@ -67,13 +73,24 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.8.2 +image: onap/policy-distribution:2.9.0 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false # application configuration +config: + someConfig: blah + kafka: + bootstrapServer: strimzi-kafka-bootstrap:9092 + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: policy-group + clientId: policy-distribution restServer: user: healthcheck diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index b3297278a9..c9e236a65c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -38,6 +38,7 @@ global: name: postgres kafkaBootstrap: strimzi-kafka-bootstrap policyKafkaUser: policy-kafka-user + policyDistKafkaUser: policy-dist-kafka-user ################################################################# # Secrets metaconfig @@ -128,7 +129,7 @@ policy-distribution: enabled: true db: *dbSecretsHook config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}' policy-clamp-ac-k8s-ppnt: enabled: true config: @@ -144,6 +145,10 @@ policy-clamp-ac-http-ppnt: enabled: true config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-clamp-ac-a1pms-ppnt: + enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-nexus: enabled: false config: |