summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy')
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml26
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml97
-rwxr-xr-xkubernetes/policy/components/policy-api/resources/config/config.json73
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml16
-rw-r--r--kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml40
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml12
-rw-r--r--kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml26
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/resources/config/config.json101
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml113
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml15
-rw-r--r--kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml36
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml26
-rwxr-xr-xkubernetes/policy/values.yaml2
21 files changed, 503 insertions, 201 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..dbf6a7cd6a
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 48e6802219..6adf0e6609 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.0
+image: onap/policy-apex-pdp:2.7.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -139,3 +139,27 @@ serviceAccount:
nameOverride: policy-apex-pdp
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-apex-pdp
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-apex-pdp-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
new file mode 100644
index 0000000000..c08b035d53
--- /dev/null
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -0,0 +1,97 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Bell Canada. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+server:
+ port: {{ .Values.service.internalPort }}
+
+spring:
+ security.user:
+ name: "${RESTSERVER_USER}"
+ password: "${RESTSERVER_PASSWORD}"
+ mvc.converters.preferred-json-mapper: gson
+ datasource:
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ driverClassName: org.mariadb.jdbc.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ jpa:
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+
+policy-api:
+ name: ApiGroup
+ aaf: false
+
+database:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ driver: org.mariadb.jdbc.Driver
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ user: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ persistenceUnit: PolicyDb
+
+policy-preload:
+ policyTypes:
+ - policytypes/onap.policies.monitoring.tcagen2.yaml
+ - policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml
+ - policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml
+ - policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml
+ - policytypes/onap.policies.monitoring.dcae-pm-mapper.yaml
+ - policytypes/onap.policies.Optimization.yaml
+ - policytypes/onap.policies.optimization.Resource.yaml
+ - policytypes/onap.policies.optimization.Service.yaml
+ - policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.DistancePolicy.yaml
+ - policytypes/onap.policies.optimization.resource.HpaPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.PciPolicy.yaml
+ - policytypes/onap.policies.optimization.service.QueryPolicy.yaml
+ - policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml
+ - policytypes/onap.policies.optimization.resource.Vim_fit.yaml
+ - policytypes/onap.policies.optimization.resource.VnfPolicy.yaml
+ - policytypes/onap.policies.controlloop.guard.Common.yaml
+ - policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml
+ - policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml
+ - policytypes/onap.policies.controlloop.guard.common.MinMax.yaml
+ - policytypes/onap.policies.controlloop.guard.common.Filter.yaml
+ - policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml
+ - policytypes/onap.policies.Naming.yaml
+ - policytypes/onap.policies.Match.yaml
+ - policytypes/onap.policies.native.Drools.yaml
+ - policytypes/onap.policies.native.Xacml.yaml
+ - policytypes/onap.policies.native.Apex.yaml
+ - policytypes/onap.policies.controlloop.operational.Common.yaml
+ - policytypes/onap.policies.controlloop.operational.common.Apex.yaml
+ - policytypes/onap.policies.controlloop.operational.common.Drools.yaml
+ policies:
+ - policies/sdnc.policy.naming.input.tosca.yaml
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health,metrics,prometheus
+ path-mapping.prometheus: metrics
diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json
deleted file mode 100755
index ce59965521..0000000000
--- a/kubernetes/policy/components/policy-api/resources/config/config.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-{
- "name":"ApiGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":6969,
- "userName":"${RESTSERVER_USER}",
- "password":"${RESTSERVER_PASSWORD}",
- "https": true,
- "aaf": false,
- "prometheus": true
- },
- "databaseProviderParameters": {
- "name": "PolicyProviderParameterGroup",
- "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
- "databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
- "databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD}",
- "persistenceUnit": "PolicyMariaDb"
- },
- "preloadPolicyTypes": [
- "policytypes/onap.policies.monitoring.tcagen2.yaml",
- "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
- "policytypes/onap.policies.Optimization.yaml",
- "policytypes/onap.policies.optimization.Resource.yaml",
- "policytypes/onap.policies.optimization.Service.yaml",
- "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
- "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
- "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
- "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
- "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
- "policytypes/onap.policies.controlloop.guard.Common.yaml",
- "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
- "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
- "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
- "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
- "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
- "policytypes/onap.policies.Naming.yaml",
- "policytypes/onap.policies.Match.yaml",
- "policytypes/onap.policies.native.Drools.yaml",
- "policytypes/onap.policies.native.Xacml.yaml",
- "policytypes/onap.policies.native.Apex.yaml",
- "policytypes/onap.policies.controlloop.operational.Common.yaml",
- "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
- "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
- ],
- "preloadPolicies" : [
- "policies/sdnc.policy.naming.input.tosca.yaml"
- ]
-}
diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml
index 0c4e870481..9ab25fe2ac 100755
--- a/kubernetes/policy/components/policy-api/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml
@@ -37,4 +37,4 @@ binaryData:
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index de0558e4cd..f19233e3b4 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -64,10 +64,10 @@ spec:
{{- if .Values.global.aafEnabled }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
- args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
@@ -86,10 +86,18 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: {{ .Values.readiness.api }}
port: {{ .Values.service.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+ scheme: {{ .Values.readiness.scheme }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
@@ -121,4 +129,4 @@ spec:
emptyDir:
medium: Memory
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..dbf6a7cd6a
--- /dev/null
+++ b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index e037c64e15..89608cfb6f 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -78,7 +79,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.0
+image: onap/policy-api:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -94,7 +95,7 @@ db:
restServer:
user: policyadmin
- password: none
+ password: zb!XztG34
# default number of instances
replicaCount: 1
@@ -105,15 +106,20 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
+ initialDelaySeconds: 10
+ periodSeconds: 120
+ api: /policy/api/v1/healthcheck
+ scheme: HTTPS
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
service:
type: ClusterIP
@@ -149,3 +155,27 @@ serviceAccount:
nameOverride: policy-api
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-api-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index 184adb6f0a..7227ee8ded 100644
--- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -63,7 +63,7 @@ server:
logging:
# Configuration of logging
level:
- ROOT: ERROR
+ ROOT: INFO
org.springframework: ERROR
org.springframework.data: ERROR
org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
@@ -74,4 +74,12 @@ logging:
chart:
api:
- enabled: false \ No newline at end of file
+ enabled: false
+
+# Sample Permitted list of helm repositories. Before deployment update the repositories where the helm charts are located.
+# The Kubernetes participant accept only HTTPS Address
+helm:
+ repos:
+ -
+ repoName: bitnami
+ address: https://charts.bitnami.com/bitnami \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..dbf6a7cd6a
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 42caed4163..db271a9c3f 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.0
+image: onap/policy-distribution:2.7.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -161,3 +161,27 @@ serviceAccount:
nameOverride: policy-distribution
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-distribution
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-distribution-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 411855e4b8..2ce7503015 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -35,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.0
+image: onap/policy-pdpd-cl:1.10.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json
deleted file mode 100755
index e5cbd22105..0000000000
--- a/kubernetes/policy/components/policy-pap/resources/config/config.json
+++ /dev/null
@@ -1,101 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-{
- "name":"PapGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":6969,
- "userName":"${RESTSERVER_USER}",
- "password":"${RESTSERVER_PASSWORD}",
- "https": true,
- "aaf": false,
- "prometheus": true
- },
- "pdpParameters": {
- "heartBeatMs": 120000,
- "updateParameters": {
- "maxRetryCount": 1,
- "maxWaitMs": 30000
- },
- "stateChangeParameters": {
- "maxRetryCount": 1,
- "maxWaitMs": 30000
- }
- },
- "databaseProviderParameters": {
- "name": "PolicyProviderParameterGroup",
- "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
- "databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
- "databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD}",
- "persistenceUnit": "PolicyMariaDb"
- },
- "savePdpStatisticsInDb": true,
- "topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps": true,
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
- },
- {
- "topic" : "POLICY-HEARTBEAT",
- "effectiveTopic": "POLICY-PDP-PAP",
- "consumerGroup": "policy-pap",
- "servers" : [ "message-router" ],
- "useHttps": true,
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
- }],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- },
- {
- "topic" : "POLICY-NOTIFICATION",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- }]
- },
- "healthCheckRestClientParameters":[{
- "clientName": "api",
- "hostname": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}",
- "useHttps": true,
- "basePath": "policy/api/v1/healthcheck"
- },
- {
- "clientName": "distribution",
- "hostname": "policy-distribution",
- "port": 6969,
- "userName": "${DISTRIBUTION_USER}",
- "password": "${DISTRIBUTION_PASSWORD}",
- "useHttps": true,
- "basePath": "healthcheck"
- }]
-}
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
new file mode 100644
index 0000000000..6f501b8c21
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -0,0 +1,113 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Bell Canada. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: "${RESTSERVER_USER}"
+ password: "${RESTSERVER_PASSWORD}"
+ http:
+ converters:
+ preferred-json-mapper: gson
+ datasource:
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ driverClassName: org.mariadb.jdbc.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ jpa:
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+
+server:
+ port: 6969
+ ssl:
+ enabled: true
+
+pap:
+ name: PapGroup
+ aaf: false
+ pdpParameters:
+ heartBeatMs: 120000
+ updateParameters:
+ maxRetryCount: 1
+ maxWaitMs: 30000
+ stateChangeParameters:
+ maxRetryCount: 1
+ maxWaitMs: 30000
+ savePdpStatisticsInDb: false
+ topicParameterGroup:
+ topicSources:
+ - topic: POLICY-PDP-PAP
+ servers:
+ - message-router
+ useHttps: true
+ fetchTimeout: 15000
+ topicCommInfrastructure: dmaap
+ - topic: POLICY-HEARTBEAT
+ effectiveTopic: POLICY-PDP-PAP
+ consumerGroup: policy-pap
+ servers:
+ - message-router
+ useHttps: true
+ fetchTimeout: 15000
+ topicCommInfrastructure: dmaap
+ topicSinks:
+ - topic: POLICY-PDP-PAP
+ servers:
+ - message-router
+ useHttps: true
+ topicCommInfrastructure: dmaap
+ - topic: POLICY-NOTIFICATION
+ servers:
+ - message-router
+ useHttps: true
+ topicCommInfrastructure: dmaap
+ healthCheckRestClientParameters:
+ - clientName: api
+ hostname: policy-api
+ port: 6969
+ userName: "${API_USER}"
+ password: "${API_PASSWORD}"
+ useHttps: true
+ basePath: policy/api/v1/healthcheck
+ - clientName: distribution
+ hostname: policy-distribution
+ port: 6969
+ userName: "${DISTRIBUTION_USER}"
+ password: "${DISTRIBUTION_PASSWORD}"
+ useHttps: true
+ basePath: healthcheck
+ - clientName: dmaap
+ hostname: message-router
+ port: 3905
+ useHttps: true
+ basePath: topics
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+ path-mapping.prometheus: metrics
diff --git a/kubernetes/policy/components/policy-pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml
index e1a5360ac2..ee03f70b00 100755
--- a/kubernetes/policy/components/policy-pap/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml
@@ -36,4 +36,4 @@ binaryData:
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 77474a8387..c33b80f4af 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -80,10 +81,10 @@ spec:
{{- if .Values.global.aafEnabled }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"]
{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
@@ -101,10 +102,18 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: {{ .Values.readiness.api }}
port: {{ .Values.readiness.port }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+ scheme: {{ .Values.readiness.scheme }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..dbf6a7cd6a
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index a31de712ef..311653b860 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -1,7 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
-# Modifications Copyright (C) 2020 Bell Canada.
+# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.0
+image: onap/policy-pap:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -109,7 +109,7 @@ db:
restServer:
user: policyadmin
- password: none
+ password: zb!XztG34
healthCheckRestClient:
api:
@@ -128,7 +128,7 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
@@ -136,9 +136,14 @@ liveness:
port: http-api
readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
+ initialDelaySeconds: 10
+ periodSeconds: 120
port: http-api
+ api: /policy/pap/v1/healthcheck
+ scheme: HTTPS
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
service:
type: ClusterIP
@@ -175,3 +180,22 @@ serviceAccount:
nameOverride: policy-pap
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: http-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-pap-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..dbf6a7cd6a
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 718c222307..504313832d 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.0
+image: onap/policy-xacml-pdp:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -158,3 +158,27 @@ serviceAccount:
nameOverride: policy-xacml-pdp
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-xacml-pdp
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 851c8957ae..c544467b53 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -130,7 +130,7 @@ mariadb:
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.3.1
+ image: onap/policy-db-migrator:2.4.1
schema: policyadmin
policy_home: "/opt/app/policy"