diff options
Diffstat (limited to 'kubernetes/policy')
21 files changed, 503 insertions, 201 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 48e6802219..6adf0e6609 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.7.0 +image: onap/policy-apex-pdp:2.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -139,3 +139,27 @@ serviceAccount: nameOverride: policy-apex-pdp roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-apex-pdp + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-apex-pdp-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml new file mode 100644 index 0000000000..c08b035d53 --- /dev/null +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -0,0 +1,97 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Bell Canada. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +server: + port: {{ .Values.service.internalPort }} + +spring: + security.user: + name: "${RESTSERVER_USER}" + password: "${RESTSERVER_PASSWORD}" + mvc.converters.preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + driverClassName: org.mariadb.jdbc.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + +policy-api: + name: ApiGroup + aaf: false + +database: + name: PolicyProviderParameterGroup + implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl + driver: org.mariadb.jdbc.Driver + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + user: "${SQL_USER}" + password: "${SQL_PASSWORD}" + persistenceUnit: PolicyDb + +policy-preload: + policyTypes: + - policytypes/onap.policies.monitoring.tcagen2.yaml + - policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml + - policytypes/onap.policies.monitoring.dcae-restconfcollector.yaml + - policytypes/onap.policies.monitoring.dcae-pm-subscription-handler.yaml + - policytypes/onap.policies.monitoring.dcae-pm-mapper.yaml + - policytypes/onap.policies.Optimization.yaml + - policytypes/onap.policies.optimization.Resource.yaml + - policytypes/onap.policies.optimization.Service.yaml + - policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml + - policytypes/onap.policies.optimization.resource.DistancePolicy.yaml + - policytypes/onap.policies.optimization.resource.HpaPolicy.yaml + - policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml + - policytypes/onap.policies.optimization.resource.PciPolicy.yaml + - policytypes/onap.policies.optimization.service.QueryPolicy.yaml + - policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml + - policytypes/onap.policies.optimization.resource.Vim_fit.yaml + - policytypes/onap.policies.optimization.resource.VnfPolicy.yaml + - policytypes/onap.policies.controlloop.guard.Common.yaml + - policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml + - policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml + - policytypes/onap.policies.controlloop.guard.common.MinMax.yaml + - policytypes/onap.policies.controlloop.guard.common.Filter.yaml + - policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml + - policytypes/onap.policies.Naming.yaml + - policytypes/onap.policies.Match.yaml + - policytypes/onap.policies.native.Drools.yaml + - policytypes/onap.policies.native.Xacml.yaml + - policytypes/onap.policies.native.Apex.yaml + - policytypes/onap.policies.controlloop.operational.Common.yaml + - policytypes/onap.policies.controlloop.operational.common.Apex.yaml + - policytypes/onap.policies.controlloop.operational.common.Drools.yaml + policies: + - policies/sdnc.policy.naming.input.tosca.yaml + +management: + endpoints: + web: + base-path: / + exposure: + include: health,metrics,prometheus + path-mapping.prometheus: metrics diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json deleted file mode 100755 index ce59965521..0000000000 --- a/kubernetes/policy/components/policy-api/resources/config/config.json +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -{ - "name":"ApiGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":6969, - "userName":"${RESTSERVER_USER}", - "password":"${RESTSERVER_PASSWORD}", - "https": true, - "aaf": false, - "prometheus": true - }, - "databaseProviderParameters": { - "name": "PolicyProviderParameterGroup", - "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", - "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", - "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD}", - "persistenceUnit": "PolicyMariaDb" - }, - "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.tcagen2.yaml", - "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", - "policytypes/onap.policies.Optimization.yaml", - "policytypes/onap.policies.optimization.Resource.yaml", - "policytypes/onap.policies.optimization.Service.yaml", - "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml", - "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml", - "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml", - "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml", - "policytypes/onap.policies.optimization.resource.PciPolicy.yaml", - "policytypes/onap.policies.optimization.service.QueryPolicy.yaml", - "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml", - "policytypes/onap.policies.optimization.resource.Vim_fit.yaml", - "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml", - "policytypes/onap.policies.controlloop.guard.Common.yaml", - "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", - "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", - "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", - "policytypes/onap.policies.controlloop.guard.common.Filter.yaml", - "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.Naming.yaml", - "policytypes/onap.policies.Match.yaml", - "policytypes/onap.policies.native.Drools.yaml", - "policytypes/onap.policies.native.Xacml.yaml", - "policytypes/onap.policies.native.Apex.yaml", - "policytypes/onap.policies.controlloop.operational.Common.yaml", - "policytypes/onap.policies.controlloop.operational.common.Apex.yaml", - "policytypes/onap.policies.controlloop.operational.common.Drools.yaml" - ], - "preloadPolicies" : [ - "policies/sdnc.policy.naming.input.tosca.yaml" - ] -} diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index 0c4e870481..9ab25fe2ac 100755 --- a/kubernetes/policy/components/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -37,4 +37,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index de0558e4cd..f19233e3b4 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -64,10 +64,10 @@ spec: {{- if .Values.global.aafEnabled }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] + /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"] {{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] - args: ["/opt/app/policy/api/etc/mounted/config.json"] + args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"] env: - name: KEYSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} @@ -86,10 +86,18 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: + path: {{ .Values.readiness.api }} port: {{ .Values.service.internalPort }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: {{ .Values.readiness.scheme }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime @@ -121,4 +129,4 @@ spec: emptyDir: medium: Memory imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index e037c64e15..89608cfb6f 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -78,7 +79,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.6.0 +image: onap/policy-api:2.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -94,7 +95,7 @@ db: restServer: user: policyadmin - password: none + password: zb!XztG34 # default number of instances replicaCount: 1 @@ -105,15 +106,20 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 20 - periodSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 120 + api: /policy/api/v1/healthcheck + scheme: HTTPS + successThreshold: 1 + failureThreshold: 3 + timeout: 60 service: type: ClusterIP @@ -149,3 +155,27 @@ serviceAccount: nameOverride: policy-api roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-api + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-api-user-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 184adb6f0a..7227ee8ded 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -63,7 +63,7 @@ server: logging: # Configuration of logging level: - ROOT: ERROR + ROOT: INFO org.springframework: ERROR org.springframework.data: ERROR org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR @@ -74,4 +74,12 @@ logging: chart: api: - enabled: false
\ No newline at end of file + enabled: false + +# Sample Permitted list of helm repositories. Before deployment update the repositories where the helm charts are located. +# The Kubernetes participant accept only HTTPS Address +helm: + repos: + - + repoName: bitnami + address: https://charts.bitnami.com/bitnami
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 42caed4163..db271a9c3f 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.7.0 +image: onap/policy-distribution:2.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -161,3 +161,27 @@ serviceAccount: nameOverride: policy-distribution roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-distribution + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-distribution-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 411855e4b8..2ce7503015 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.10.0 +image: onap/policy-pdpd-cl:1.10.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json deleted file mode 100755 index e5cbd22105..0000000000 --- a/kubernetes/policy/components/policy-pap/resources/config/config.json +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -{ - "name":"PapGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":6969, - "userName":"${RESTSERVER_USER}", - "password":"${RESTSERVER_PASSWORD}", - "https": true, - "aaf": false, - "prometheus": true - }, - "pdpParameters": { - "heartBeatMs": 120000, - "updateParameters": { - "maxRetryCount": 1, - "maxWaitMs": 30000 - }, - "stateChangeParameters": { - "maxRetryCount": 1, - "maxWaitMs": 30000 - } - }, - "databaseProviderParameters": { - "name": "PolicyProviderParameterGroup", - "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", - "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", - "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD}", - "persistenceUnit": "PolicyMariaDb" - }, - "savePdpStatisticsInDb": true, - "topicParameterGroup": { - "topicSources" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps": true, - "fetchTimeout": 15000, - "topicCommInfrastructure" : "dmaap" - }, - { - "topic" : "POLICY-HEARTBEAT", - "effectiveTopic": "POLICY-PDP-PAP", - "consumerGroup": "policy-pap", - "servers" : [ "message-router" ], - "useHttps": true, - "fetchTimeout": 15000, - "topicCommInfrastructure" : "dmaap" - }], - "topicSinks" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : true, - "topicCommInfrastructure" : "dmaap" - }, - { - "topic" : "POLICY-NOTIFICATION", - "servers" : [ "message-router" ], - "useHttps" : true, - "topicCommInfrastructure" : "dmaap" - }] - }, - "healthCheckRestClientParameters":[{ - "clientName": "api", - "hostname": "policy-api", - "port": 6969, - "userName": "${API_USER}", - "password": "${API_PASSWORD}", - "useHttps": true, - "basePath": "policy/api/v1/healthcheck" - }, - { - "clientName": "distribution", - "hostname": "policy-distribution", - "port": 6969, - "userName": "${DISTRIBUTION_USER}", - "password": "${DISTRIBUTION_PASSWORD}", - "useHttps": true, - "basePath": "healthcheck" - }] -} diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml new file mode 100644 index 0000000000..6f501b8c21 --- /dev/null +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -0,0 +1,113 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Bell Canada. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: "${RESTSERVER_USER}" + password: "${RESTSERVER_PASSWORD}" + http: + converters: + preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + driverClassName: org.mariadb.jdbc.Driver + username: "${SQL_USER}" + password: "${SQL_PASSWORD}" + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + hibernate: + ddl-auto: none + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + +server: + port: 6969 + ssl: + enabled: true + +pap: + name: PapGroup + aaf: false + pdpParameters: + heartBeatMs: 120000 + updateParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + stateChangeParameters: + maxRetryCount: 1 + maxWaitMs: 30000 + savePdpStatisticsInDb: false + topicParameterGroup: + topicSources: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: true + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + - topic: POLICY-HEARTBEAT + effectiveTopic: POLICY-PDP-PAP + consumerGroup: policy-pap + servers: + - message-router + useHttps: true + fetchTimeout: 15000 + topicCommInfrastructure: dmaap + topicSinks: + - topic: POLICY-PDP-PAP + servers: + - message-router + useHttps: true + topicCommInfrastructure: dmaap + - topic: POLICY-NOTIFICATION + servers: + - message-router + useHttps: true + topicCommInfrastructure: dmaap + healthCheckRestClientParameters: + - clientName: api + hostname: policy-api + port: 6969 + userName: "${API_USER}" + password: "${API_PASSWORD}" + useHttps: true + basePath: policy/api/v1/healthcheck + - clientName: distribution + hostname: policy-distribution + port: 6969 + userName: "${DISTRIBUTION_USER}" + password: "${DISTRIBUTION_PASSWORD}" + useHttps: true + basePath: healthcheck + - clientName: dmaap + hostname: message-router + port: 3905 + useHttps: true + basePath: topics + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus + path-mapping.prometheus: metrics diff --git a/kubernetes/policy/components/policy-pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml index e1a5360ac2..ee03f70b00 100755 --- a/kubernetes/policy/components/policy-pap/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml @@ -36,4 +36,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 77474a8387..c33b80f4af 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,10 +81,10 @@ spec: {{- if .Values.global.aafEnabled }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"] {{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] - args: ["/opt/app/policy/pap/etc/mounted/config.json"] + args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] env: - name: KEYSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} @@ -101,10 +102,18 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: + path: {{ .Values.readiness.api }} port: {{ .Values.readiness.port }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: {{ .Values.readiness.scheme }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index a31de712ef..311653b860 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. -# Modifications Copyright (C) 2020 Bell Canada. +# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.6.0 +image: onap/policy-pap:2.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,7 +109,7 @@ db: restServer: user: policyadmin - password: none + password: zb!XztG34 healthCheckRestClient: api: @@ -128,7 +128,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -136,9 +136,14 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 - periodSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 120 port: http-api + api: /policy/pap/v1/healthcheck + scheme: HTTPS + successThreshold: 1 + failureThreshold: 3 + timeout: 60 service: type: ClusterIP @@ -175,3 +180,22 @@ serviceAccount: nameOverride: policy-pap roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: http-api + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-pap-user-creds + externalSecretUserKey: login + externalSecretPasswordKey: password diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..dbf6a7cd6a --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.prometheus.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 718c222307..504313832d 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.6.0 +image: onap/policy-xacml-pdp:2.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -158,3 +158,27 @@ serviceAccount: nameOverride: policy-xacml-pdp roles: - read + +prometheus: + enabled: true + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-xacml-pdp + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-xacml-pdp-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 851c8957ae..c544467b53 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -130,7 +130,7 @@ mariadb: image: mariadb:10.5.8 dbmigrator: - image: onap/policy-db-migrator:2.3.1 + image: onap/policy-db-migrator:2.4.1 schema: policyadmin policy_home: "/opt/app/policy" |