summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy')
-rwxr-xr-xkubernetes/policy/scripts/update-vfw-op-policy.sh93
-rw-r--r--kubernetes/policy/templates/all-services.yaml3
-rw-r--r--kubernetes/policy/templates/dep-brmsgw.yaml6
-rw-r--r--kubernetes/policy/templates/dep-drools.yaml10
-rw-r--r--kubernetes/policy/templates/dep-maria.yaml5
-rw-r--r--kubernetes/policy/templates/dep-pap.yaml5
-rw-r--r--kubernetes/policy/templates/dep-pdp.yaml4
-rw-r--r--kubernetes/policy/templates/policy-pv-pvc.yaml32
-rw-r--r--kubernetes/policy/values.yaml5
9 files changed, 108 insertions, 55 deletions
diff --git a/kubernetes/policy/scripts/update-vfw-op-policy.sh b/kubernetes/policy/scripts/update-vfw-op-policy.sh
new file mode 100755
index 0000000000..39483a0fb7
--- /dev/null
+++ b/kubernetes/policy/scripts/update-vfw-op-policy.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+if [ "$#" -ne 4 ]; then
+ echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>"
+ exit 1
+fi
+
+K8S_HOST=$1
+POLICY_PDP_PORT=$2
+POLICY_DROOLS_PORT=$3
+RESOURCE_ID=$4
+
+echo
+echo
+echo "Removing the vFW Policy from PDP.."
+echo
+echo
+
+curl -v -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyComponent" : "PDP",
+ "policyName": "com.BRMSParamvFirewall",
+ "policyType": "BRMS_Param"
+}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy
+
+sleep 20
+
+echo
+
+echo
+echo "Updating vFW Operational Policy .."
+echo
+
+curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "policyConfigType": "BRMS_PARAM",
+ "policyName": "com.BRMSParamvFirewall",
+ "policyDescription": "BRMS Param vFirewall policy",
+ "policyScope": "com",
+ "attributes": {
+ "MATCHING": {
+ "controller": "amsterdam"
+ },
+ "RULE": {
+ "templateName": "ClosedLoopControlName",
+ "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
+ "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
+ }
+ }
+}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy
+
+sleep 5
+
+echo
+echo
+echo "Pushing the vFW Policy .."
+echo
+echo
+
+curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "com.BRMSParamvFirewall",
+ "policyType": "BRMS_Param"
+}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy
+
+sleep 20
+
+echo
+echo
+echo "Restarting PDP-D .."
+echo
+echo
+
+POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools)
+kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
+
+sleep 20
+
+echo
+echo
+echo "PDP-D amsterdam maven coordinates .."
+echo
+echo
+
+curl -vvv --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool
+
+
+echo
+echo
+echo "PDP-D control loop updated .."
+echo
+echo
+
+curl -v --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool
diff --git a/kubernetes/policy/templates/all-services.yaml b/kubernetes/policy/templates/all-services.yaml
index a1c480458d..5c5f683e88 100644
--- a/kubernetes/policy/templates/all-services.yaml
+++ b/kubernetes/policy/templates/all-services.yaml
@@ -45,6 +45,9 @@ spec:
- name: "drools-port"
port: 6969
nodePort: {{ .Values.nodePortPrefix }}17
+ - name: "drools-port2"
+ port: 9696
+ nodePort: {{ .Values.nodePortPrefix }}21
selector:
app: drools
type: NodePort
diff --git a/kubernetes/policy/templates/dep-brmsgw.yaml b/kubernetes/policy/templates/dep-brmsgw.yaml
index 7a1bcdec49..89752aece7 100644
--- a/kubernetes/policy/templates/dep-brmsgw.yaml
+++ b/kubernetes/policy/templates/dep-brmsgw.yaml
@@ -20,13 +20,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - mariadb
- - --container-name
- - nexus
- - --container-name
- pap
- - --container-name
- - pdp
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml
index 48ef16e3b2..83179fafc9 100644
--- a/kubernetes/policy/templates/dep-drools.yaml
+++ b/kubernetes/policy/templates/dep-drools.yaml
@@ -23,12 +23,6 @@ spec:
- mariadb
- --container-name
- nexus
- - --container-name
- - pap
- - --container-name
- - pdp
- - --container-name
- - brmsgw
env:
- name: NAMESPACE
valueFrom:
@@ -38,6 +32,10 @@ spec:
image: "{{ .Values.image.readiness }}:{{ .Values.image.readinessVersion }}"
imagePullPolicy: {{ .Values.pullPolicy }}
name: drools-readiness
+ hostAliases:
+ - ip: "{{ .Values.aaiServiceClusterIp }}"
+ hostnames:
+ - "aai.api.simpledemo.openecomp.org"
containers:
- command:
- /bin/bash
diff --git a/kubernetes/policy/templates/dep-maria.yaml b/kubernetes/policy/templates/dep-maria.yaml
index c0f5060884..c921e8c890 100644
--- a/kubernetes/policy/templates/dep-maria.yaml
+++ b/kubernetes/policy/templates/dep-maria.yaml
@@ -24,8 +24,6 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /var/lib/mysql
- name: policy-mariadb-data
readinessProbe:
tcpSocket:
port: 3306
@@ -35,9 +33,6 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: policy-mariadb-data
- persistentVolumeClaim:
- claimName: policy-db
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
#{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/templates/dep-pap.yaml b/kubernetes/policy/templates/dep-pap.yaml
index 523cfd35ff..a19fd24778 100644
--- a/kubernetes/policy/templates/dep-pap.yaml
+++ b/kubernetes/policy/templates/dep-pap.yaml
@@ -19,8 +19,6 @@ spec:
- /root/ready.py
args:
- --container-name
- - nexus
- - --container-name
- mariadb
env:
- name: NAMESPACE
@@ -52,6 +50,9 @@ spec:
image: "{{ .Values.image.policyPe }}:{{ .Values.image.policyPeVersion }}"
imagePullPolicy: {{ .Values.pullPolicy }}
name: pap
+ env:
+ - name: PRELOAD_POLICIES
+ value: "true"
ports:
- containerPort: 8443
- containerPort: 9091
diff --git a/kubernetes/policy/templates/dep-pdp.yaml b/kubernetes/policy/templates/dep-pdp.yaml
index 3763b95bb2..1f66396a1c 100644
--- a/kubernetes/policy/templates/dep-pdp.yaml
+++ b/kubernetes/policy/templates/dep-pdp.yaml
@@ -20,10 +20,6 @@ spec:
- /root/ready.py
args:
- --container-name
- - mariadb
- - --container-name
- - nexus
- - --container-name
- pap
env:
- name: NAMESPACE
diff --git a/kubernetes/policy/templates/policy-pv-pvc.yaml b/kubernetes/policy/templates/policy-pv-pvc.yaml
deleted file mode 100644
index 5dc0c61c43..0000000000
--- a/kubernetes/policy/templates/policy-pv-pvc.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#{{ if not .Values.disablePolicyMariadb }}
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: "{{ .Values.nsPrefix }}-policy-db"
- namespace: "{{ .Values.nsPrefix }}-policy"
- labels:
- name: "{{ .Values.nsPrefix }}-policy-db"
-spec:
- capacity:
- storage: 2Gi
- accessModes:
- - ReadWriteMany
- persistentVolumeReclaimPolicy: Retain
- hostPath:
- path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/mariadb/data/
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: policy-db
- namespace: "{{ .Values.nsPrefix }}-policy"
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 2Gi
- selector:
- matchLabels:
- name: "{{ .Values.nsPrefix }}-policy-db"
-#{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index ce037d896d..f52dc445e6 100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,11 @@
nsPrefix: onap
pullPolicy: Always
nodePortPrefix: 302
+
+# POLICY hotfix - Note this must be temporary
+# See https://jira.onap.org/browse/POLICY-510
+aaiServiceClusterIp: 10.43.255.254
+
image:
readiness: oomk8s/readiness-check
readinessVersion: 1.0.0