diff options
Diffstat (limited to 'kubernetes/policy')
124 files changed, 1537 insertions, 3017 deletions
diff --git a/kubernetes/policy/.helmignore b/kubernetes/policy/.helmignore index f0c1319444..f0c1319444 100644..100755 --- a/kubernetes/policy/.helmignore +++ b/kubernetes/policy/.helmignore diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index f98bcd6fdd..57dd77ec37 100644..100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy Administration Point +description: ONAP Policy name: policy version: 6.0.0 diff --git a/kubernetes/policy/Makefile b/kubernetes/policy/Makefile new file mode 100755 index 0000000000..8af301d7ae --- /dev/null +++ b/kubernetes/policy/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh deleted file mode 100644 index d7b27a071c..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -PROPS_BUILD="${POLICY_HOME}/etc/build.info" - -PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties" -PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties" - - -if [ ! -f "${PROPS_BUILD}" ]; then - echo "error: version information does not exist: ${PROPS_BUILD}" - exit 1 -fi - -source "${POLICY_HOME}/etc/build.info" - -if [ -z "${version}" ]; then - echo "error: no version information present" - exit 1 -fi - -for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do - if [ ! -f "${CONFIG}" ]; then - echo "warning: configuration does not exist: ${CONFIG}" - else - sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}" - fi -done diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf deleted file mode 100644 index a0e5d1ec87..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# BRMSpep component installation configuration parameters -BRMSGW_JMX_PORT=9989 - -COMPONENT_X_MX_MB=1024 -COMPONENT_X_MS_MB=1024 - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ - -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -M2_HOME=/usr/share/java/maven-3 -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryName=Snapshots -snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots -releaseRepositoryID=policy-nexus-releases -releaseRepositoryName=Releases -releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=${REPOSITORY_USERNAME} -repositoryPassword=${REPOSITORY_PASSWORD} -UEB_URL=message-router -UEB_TOPIC=PDPD-CONFIGURATION -UEB_API_KEY= -UEB_API_SECRET= - -groupID=org.onap.policy-engine -artifactID=drlPDPGroup -AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam -AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules - -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=brmsgw_1 -node_type=brms_gateway - -#Environment should be Set either DEV, TEST or PROD -ENVIRONMENT=TEST - -#Notification Properties... type can be either websocket, ueb, or dmaap -BRMS_NOTIFICATION_TYPE=websocket -BRMS_UEB_URL=message-router -BRMS_UEB_TOPIC=PDPD-CONFIGURATION -BRMS_UEB_DELAY= -BRMS_CLIENT_ID=python -BRMS_CLIENT_KEY=dGVzdA== -BRMS_UEB_API_KEY= -BRMS_UEB_API_SECRET= - -#Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.4 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.6 diff --git a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt b/kubernetes/policy/charts/brmsgw/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml b/kubernetes/policy/charts/brmsgw/templates/configmap.yaml deleted file mode 100644 index 9e515917a0..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} - diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml deleted file mode 100644 index 8d9863784f..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-brmsgw - name: pe-brmsgw-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-brmsgw - name: pe-brmsgw - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - brmsgw - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh - name: pe-brmsgw - subPath: brmsgw-tweaks.sh - - mountPath: /tmp/policy-install/config/brmsgw.conf - name: pe-brmsgw - subPath: brmsgw.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-brmsgw-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-brmsgw - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml deleted file mode 100644 index 70a2e3e855..0000000000 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - envsubstImage: dibi/envsubst - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - - uid: nexus-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' - login: '{{ .Values.nexus.repositoryUsername }}' - password: '{{ .Values.nexus.repositoryPassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - papPort: 9091 - pdpPort: 8081 - nexusPort: 8081 - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 -nexus: - repositoryUsername: admin - repositoryPassword: admin123 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - -service: - type: ClusterIP - name: brmsgw - portName: brmsgw - externalPort: 9989 - internalPort: 9989 - nodePort: 16 - - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 0.5Gi - large: - limits: - cpu: 2 - memory: 4Gi - requests: - cpu: 20m - memory: 1Gi - unlimited: {} diff --git a/kubernetes/policy/charts/drools/Chart.yaml b/kubernetes/policy/charts/drools/Chart.yaml deleted file mode 100644 index 3cc791d36b..0000000000 --- a/kubernetes/policy/charts/drools/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Drools Policy Engine -name: drools -version: 6.0.0 diff --git a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml b/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt b/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt deleted file mode 100644 index 5d0107eb99..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml b/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml deleted file mode 100644 index 7883651a2e..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties deleted file mode 100644 index 189248ffb3..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties +++ /dev/null @@ -1,47 +0,0 @@ -### -# ============LICENSE_START======================================================= -# feature-healthcheck -# ================================================================================ -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -http.server.services=HEALTHCHECK -http.server.services.HEALTHCHECK.host=0.0.0.0 -http.server.services.HEALTHCHECK.port=6969 -http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck -http.server.services.HEALTHCHECK.managed=false -http.server.services.HEALTHCHECK.swagger=true -http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER} -http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD} -http.server.services.HEALTHCHECK.https=true -http.server.services.HEALTHCHECK.aaf=${envd:AAF:false} -http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler - -http.client.services=PAP - -http.client.services.PAP.host={{ .Values.global.pap.nameOverride }} -http.client.services.PAP.port=9091 -http.client.services.PAP.contextUriPath=pap/test -http.client.services.PAP.https=true -http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME} -http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD} - -http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }} -http.client.services.PDP.port=8081 -http.client.services.PDP.contextUriPath=pdp/test -http.client.services.PDP.https=true -http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME} -http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD} diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh deleted file mode 100644 index e2d7381689..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -policy status diff --git a/kubernetes/policy/charts/pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt deleted file mode 100644 index 170b03e6db..0000000000 --- a/kubernetes/policy/charts/pap/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/Chart.yaml b/kubernetes/policy/charts/pdp/Chart.yaml deleted file mode 100644 index 25301ee483..0000000000 --- a/kubernetes/policy/charts/pdp/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Policy PDP -name: pdp -version: 6.0.0 diff --git a/kubernetes/policy/charts/pdp/requirements.yaml b/kubernetes/policy/charts/pdp/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/pdp/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml b/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml deleted file mode 100644 index daa4112e51..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pdp-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger name="com.att.eelf.error" level="info" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger name="com.att.eelf.debug" level="debug" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh b/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh deleted file mode 100644 index 6060fe9b6f..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf deleted file mode 100644 index bb12880ca7..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pdp component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9991 -TOMCAT_SHUTDOWN_PORT=8087 -SSL_HTTP_CONNECTOR_PORT=8081 -SSL_AJP_CONNECTOR_PORT=8381 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pdp properties - -UEB_CLUSTER=message-router - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ -REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config -REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps -REST_PDP_REGISTER=true -REST_PDP_REGISTER_SLEEP=15 -REST_PDP_REGISTER_RETRIES=-1 -REST_PDP_MAXCONTENT=999999999 - -# PDP related properties -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -node_type=pdp_xacml -resource_name=pdp_1 -dependency_groups=brmsgw_1 -test_via_jmx=true - -# -# Notification Properties -# Notification type: websocket, ueb or dmaap... if left blank websocket is the default -PDP_NOTIFICATION_TYPE=websocket -PDP_UEB_CLUSTER= -PDP_UEB_TOPIC= -PDP_UEB_DELAY= -PDP_UEB_API_KEY= -PDP_UEB_API_SECRET= -PDP_DMAAP_AAF_LOGIN= -PDP_DMAAP_AAF_PASSWORD= - -#AAF Policy Name space -#Required only, when we use AAF -POLICY_AAF_NAMESPACE= -POLICY_AAF_RESOURCE= - -# Indeterminate resolution -DECISION_INDETERMINATE_RESPONSE=PERMIT diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf deleted file mode 100644 index e7171c280e..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9997 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ -LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log -PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=pdplp_1 diff --git a/kubernetes/policy/charts/pdp/templates/NOTES.txt b/kubernetes/policy/charts/pdp/templates/NOTES.txt deleted file mode 100644 index 868bb33d2b..0000000000 --- a/kubernetes/policy/charts/pdp/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ - -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/templates/configmap.yaml b/kubernetes/policy/charts/pdp/templates/configmap.yaml deleted file mode 100644 index 79c4d38c68..0000000000 --- a/kubernetes/policy/charts/pdp/templates/configmap.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/pdp/templates/service.yaml b/kubernetes/policy/charts/pdp/templates/service.yaml deleted file mode 100644 index 864676ad6f..0000000000 --- a/kubernetes/policy/charts/pdp/templates/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/pdp", - "protocol": "REST", - "port": "{{ .Values.service.externalPort }}", - "visualRange":"1" - }, - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - sessionAffinity: None - clusterIP: None diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml deleted file mode 100644 index b70b04b023..0000000000 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-pdp - name: pe-pdp-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-pdp - name: pe-pdp - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pdp - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp-input - subPath: pdp-tweaks.sh - - mountPath: /tmp/policy-install/config/pdplp.conf - name: pe-pdp - subPath: pdplp.conf - - mountPath: /tmp/policy-install/config/pdp.conf - name: pe-pdp - subPath: pdp.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pdp-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-pdp - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml deleted file mode 100644 index 8921eabf81..0000000000 --- a/kubernetes/policy/charts/pdp/values.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018,2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 - -config: - papPort: 9091 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: pdp - portName: pdp - internalPort: 8081 - externalPort: 8081 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/policy/charts/policy-common/Chart.yaml b/kubernetes/policy/charts/policy-common/Chart.yaml deleted file mode 100644 index 0af8e01b51..0000000000 --- a/kubernetes/policy/charts/policy-common/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Policy Common -name: policy-common -version: 6.0.0 diff --git a/kubernetes/policy/charts/policy-common/requirements.yaml b/kubernetes/policy/charts/policy-common/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/policy-common/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 258b654f6f..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf deleted file mode 100644 index 810b090069..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -JAVA_HOME=/usr/local/openjdk-11 -POLICY_HOME=/opt/app/policy -POLICY_LOGS=/var/log/onap -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap - -JDBC_DRIVER=org.mariadb.jdbc.Driver -JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 - -JDBC_USER=${JDBC_USER} -JDBC_PASSWORD=${JDBC_PASSWORD} - -site_name=site_1 -fp_monitor_interval=30 -failed_counter_threshold=3 -test_trans_interval=20 -write_fpc_interval=5 -max_fpc_update_interval=60 -test_via_jmx=false -jmx_fqdn= - -AAF_NAMESPACE=org.onap.policy -AAF_HOST=aaf-locate.{{.Release.Namespace}} - -ENVIRONMENT=TEST - -#Micro Service Model Properties -policy_msOnapName= -policy_msPolicyName= diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh deleted file mode 100644 index ee427af678..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash - -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Script to configure and start the Policy components that are to run in the designated container, -# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the -# script just goes into a long sleep so that the script does not exit (which would cause the -# container to be torn down). - -container=$1 - -case $container in -pap) - comps="base pap paplp console mysql elk" - ;; -pdp) - comps="base pdp pdplp" - ;; -brmsgw) - comps="base brmsgw" - ;; -*) - echo "Usage: do-start.sh pap|pdp|brmsgw" >&2 - exit 1 -esac - - -# skip installation if build.info file is present (restarting an existing container) -if [[ -f /opt/app/policy/etc/build.info ]]; then - echo "Found existing installation, will not reinstall" - . /opt/app/policy/etc/profile.d/env.sh - -else - if [[ -d config ]]; then - cp config/*.conf . - fi - - for comp in $comps; do - echo "Installing component: $comp" - ./docker-install.sh --install $comp - done - for comp in $comps; do - echo "Configuring component: $comp" - ./docker-install.sh --configure $comp - done - - . /opt/app/policy/etc/profile.d/env.sh - - # install keystore - # override the policy keystore and truststore if present - if [[ -f config/policy-keystore ]]; then - cp config/policy-keystore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/$container-tweaks.sh ]] ; then - # file may not be executable; running it as an - # argument to bash avoids needing execute perms. - bash config/$container-tweaks.sh - fi - - if [[ $container == pap ]]; then - # wait for DB up - # now that DB is up, invoke database upgrade - # (which does nothing if the db is already up-to-date) - if [[ -v JDBC_USER ]]; then - dbuser=${JDBC_USER}; - else - dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) - fi - - if [[ -v JDBC_PASSWORD ]]; then - dbpw=${JDBC_PASSWORD} - else - dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) - fi - db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}} - fi - -fi - -policy.sh start -sleep 1000d diff --git a/kubernetes/policy/charts/policy-common/templates/NOTES.txt b/kubernetes/policy/charts/policy-common/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-common/templates/configmap.yaml b/kubernetes/policy/charts/policy-common/templates/configmap.yaml deleted file mode 100644 index 4aed50976c..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-scripts-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-common/values.yaml b/kubernetes/policy/charts/policy-common/values.yaml deleted file mode 100644 index 57eacc56f0..0000000000 --- a/kubernetes/policy/charts/policy-common/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: <onap-app> - externalPort: <8080> - #Example internal target port if required - #internalPort: <80> - nodePort: <replace with unused node port suffix eg. 23> - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt b/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt deleted file mode 100644 index c882c3385e..0000000000 --- a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml deleted file mode 100644 index f70a3630c3..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/Makefile b/kubernetes/policy/components/Makefile new file mode 100755 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/policy/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index d63683ed62..d63683ed62 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml index 95b3b6deac..86751eae3c 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 767d1452cc..767d1452cc 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json index 5df0a26596..5df0a26596 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml new file mode 100755 index 0000000000..83261220c9 --- /dev/null +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt index c882c3385e..c882c3385e 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt +++ b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt diff --git a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml index 23fd1b56d0..d5184bb50f 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml index adbd5ed986..adbd5ed986 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 35f8aacb40..4deb21a79b 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,7 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -47,6 +48,8 @@ spec: env: - name: TRUSTSTORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD @@ -59,14 +62,15 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: - - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh - - -c - - /home/apexuser/config/OnapPfConfig.json imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -84,7 +88,14 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" +{{- if not .Values.global.aafEnabled }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }} +{{- end }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -93,7 +104,7 @@ spec: - mountPath: /home/apexuser/config name: apexconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -103,6 +114,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 35b2711b04..e149aa596a 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -22,6 +22,9 @@ ################################################################# global: nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + envsubstImage: dibi/envsubst + aafEnabled: true persistence: {} ################################################################# @@ -35,16 +38,21 @@ secrets: password: '{{ .Values.restServer.password }}' - uid: truststore-pass type: password - externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' - password: '{{ .Values.truststore.password }}' - policy: required + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: keystore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.0 +image: onap/policy-apex-pdp:2.4.1 pullPolicy: Always # flag to enable debugging - application support required @@ -57,6 +65,30 @@ restServer: password: zb!XztG34 truststore: password: Pol1cy_0nap +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-apex-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 101 + gid: 102 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -89,8 +121,8 @@ ingress: enabled: false # Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +flavor: small resources: small: limits: diff --git a/kubernetes/policy/charts/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index 021263a1fc..676a647e9a 100644..100755 --- a/kubernetes/policy/charts/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml index f70a3630c3..c9502372be 100644..100755 --- a/kubernetes/policy/charts/policy-api/requirements.yaml +++ b/kubernetes/policy/components/policy-api/requirements.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +20,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index fba7e6ce12..8db1f5a99f 100644..100755 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -29,7 +29,7 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" diff --git a/kubernetes/policy/components/policy-api/resources/config/logback.xml b/kubernetes/policy/components/policy-api/resources/config/logback.xml new file mode 100755 index 0000000000..7298e4cc14 --- /dev/null +++ b/kubernetes/policy/components/policy-api/resources/config/logback.xml @@ -0,0 +1,159 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/metric.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/audit.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty" level="ERROR" /> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index e2a3de7756..77b7aed22b 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index e1f699eccf..5774344fd3 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -9,6 +9,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -18,20 +21,19 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: @@ -54,13 +56,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - +{{ include "common.certInitializer.initContainer" . | indent 8 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] args: ["/opt/app/policy/api/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -78,13 +91,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted name: apiconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -94,6 +108,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/components/policy-api/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/pap/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-api/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml index fba02c84b9..fba02c84b9 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/service.yaml +++ b/kubernetes/policy/components/policy-api/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 35700d9f9c..a94031ac95 100644..100755 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -23,6 +23,8 @@ global: nodePortPrefix: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -40,13 +42,49 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-api-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 +image: onap/policy-api:2.3.1 pullPolicy: Always # flag to enable debugging - application support required @@ -56,6 +94,10 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 @@ -90,4 +132,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index db04d7cc6d..db04d7cc6d 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml diff --git a/kubernetes/policy/charts/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml index 95b3b6deac..12ce3e0067 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/requirements.yaml +++ b/kubernetes/policy/components/policy-distribution/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 4c42ed2353..9b9a7a5a93 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -32,11 +32,6 @@ "receptionHandlerConfigurationName":"sdcConfiguration", "pluginHandlerParameters":{ "policyDecoders":{ - "HpaDecoder":{ - "decoderType":"HpaDecoder", - "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa", - "decoderConfigurationName": "csarToOptimizationPolicyConfiguration" - }, "ToscaPolicyDecoder":{ "decoderType":"ToscaPolicyDecoder", "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy", @@ -81,17 +76,6 @@ } }, "policyDecoderConfigurationParameters":{ - "csarToOptimizationPolicyConfiguration":{ - "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters", - "parameters":{ - "policyNamePrefix": "oofCasablanca", - "onapName": "OOF", - "version": "1.0", - "priority": "3", - "riskType": "Test", - "riskLevel": "2" - } - }, "toscaPolicyDecoderConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup", "parameters":{ diff --git a/kubernetes/policy/components/policy-distribution/resources/config/logback.xml b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml new file mode 100755 index 0000000000..8d63217766 --- /dev/null +++ b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml @@ -0,0 +1,113 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml index 23fd1b56d0..d5184bb50f 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index b3b017acd3..414d617f77 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -1,4 +1,22 @@ -apiVersion: extensions/v1beta1 +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -9,6 +27,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -47,12 +68,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -70,13 +103,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/distribution/etc/mounted name: distributionconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -86,6 +120,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml index 9619d0c834..9619d0c834 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/service.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 5165b16962..9d20941773 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -45,6 +45,16 @@ secrets: login: '{{ .Values.sdcBe.user }}' password: '{{ .Values.sdcBe.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Global configuration defaults. @@ -52,13 +62,15 @@ secrets: global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.0 +image: onap/policy-distribution:2.4.1 pullPolicy: Always # flag to enable debugging - application support required @@ -78,6 +90,30 @@ papParameters: sdcBe: user: policy password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-distribution-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -108,4 +144,20 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/policy/charts/brmsgw/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index b09939d64c..22567af862 100644..100755 --- a/kubernetes/policy/charts/brmsgw/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy BRMS GW -name: brmsgw +description: ONAP Drools Policy Engine (PDP-D) +name: policy-drools-pdp version: 6.0.0 diff --git a/kubernetes/policy/charts/drools/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml index d3c442d32e..ca24480fc8 100644..100755 --- a/kubernetes/policy/charts/drools/requirements.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,7 +16,7 @@ dependencies: - name: common version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~6.x-0 repository: '@local' diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index c996d13e27..a0f5ceb777 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -30,14 +30,14 @@ TELEMETRY_HOST=0.0.0.0 # nexus repository SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.global.mariadb.service.name }} +SQL_HOST={{ .Values.db.name }} # AAF @@ -57,6 +57,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools # Symmetric Key for encoded sensitive data diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf index 44d0bf18ce..44d0bf18ce 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml new file mode 100755 index 0000000000..9cd92da7fa --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -0,0 +1,162 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/metric.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricStdOut" /> + </appender> + + <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionStdOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="AsyncMetricStdOut" /> + <appender-ref ref="AsyncTransactionStdOut" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml index 3777d27044..3777d27044 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..17efdbc44e 100644..100755 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -16,7 +16,10 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +{{- if not .Values.global.aafEnabled }} KEYSTORE_PASSWD={{.Values.keystore.password}} +{{- end }} + TRUSTSTORE_PASSWD={{.Values.truststore.password}} TELEMETRY_USER={{.Values.telemetry.user}} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml index 9a92ad9769..90d75cc409 100644..100755 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/configmaps/*{.zip,store}" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..29f2ef2215 100644..100755 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/charts/drools/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index 9f4ad9bed4..9f4ad9bed4 100644..100755 --- a/kubernetes/policy/charts/drools/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index e2463aa2c2..1498d273b2 100644..100755 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -37,25 +37,45 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-readiness +{{- if not .Values.nexus.offline }} + - command: + - /app/ready.py args: - --container-name - - {{ include "common.release" . }}-galera-config - - --container-name - - {{ .Values.global.nexus.nameOverride }} + - {{ .Values.nexus.name }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} - containerPort: {{ .Values.service.externalPort2 }} @@ -75,10 +95,11 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" - name: SQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -92,22 +113,9 @@ spec: name: drools-config subPath: {{ base $path }} {{- end }} - - mountPath: /var/log/onap - name: policy-logs resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} @@ -116,16 +124,10 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 292305fa43..5e8c8be179 100644..100755 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,8 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 @@ -40,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.0 +image: onap/policy-pdpd-cl:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -67,8 +66,8 @@ readiness: service: type: ClusterIP - name: drools - portName: drools + name: policy-drools-pdp + portName: policy-drools-pdp internalPort: 6969 externalPort: 6969 nodePort: 17 @@ -81,6 +80,27 @@ ingress: # Default installation values to be overridden +certInitializer: + nameOverride: policy-drools-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 1000 + gid: 1000 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + server: jvmOpts: -server -XshowSettings:vm @@ -98,12 +118,14 @@ telemetry: password: demo123456! nexus: + name: policy-nexus + port: 8081 user: admin password: admin123 - port: 8081 offline: true db: + name: policy-mariadb user: policy_user password: policy_user @@ -155,8 +177,8 @@ cds: svcPort: 9111 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: diff --git a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index faf8a38748..09103ed352 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,5 +15,5 @@ apiVersion: v1 description: ONAP Policy Nexus -name: nexus +name: policy-nexus version: 6.0.0 diff --git a/kubernetes/policy/charts/brmsgw/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml index d3c442d32e..d3c442d32e 100644..100755 --- a/kubernetes/policy/charts/brmsgw/requirements.yaml +++ b/kubernetes/policy/components/policy-nexus/requirements.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index a9157f4bfa..95b4cb187f 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +24,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -65,7 +68,11 @@ spec: - mountPath: /sonatype-work name: nexus-data resources: -{{ include "common.resources" . | indent 12 }} +{{- if eq .Values.resources.flavor "large" }} +{{ toYaml .Values.resources.large | indent 12 }} +{{- else }} +{{ toYaml .Values.resources.small | indent 12 }} +{{- end -}} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml b/kubernetes/policy/components/policy-nexus/templates/pv.yaml index 62e66f1602..62e66f1602 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pv.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml index 1cadcc51d5..1cadcc51d5 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml diff --git a/kubernetes/policy/charts/brmsgw/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 7883651a2e..7883651a2e 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index 2024bca973..69be914bd4 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,8 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 persistence: {} @@ -60,8 +59,8 @@ readiness: service: type: ClusterIP - name: nexus - portName: nexus + name: policy-nexus + portName: policy-nexus externalPort: 8081 internalPort: 8081 nodePort: 36 @@ -76,12 +75,12 @@ persistence: accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs - mountSubPath: nexus/data + mountSubPath: policy/nexus/data -# Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +# Resource Limit flavor - By Default using small resources: + flavor: small small: limits: cpu: 1 diff --git a/kubernetes/policy/charts/pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 9133e8685a..6affa3432d 100644..100755 --- a/kubernetes/policy/charts/pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,5 +19,5 @@ apiVersion: v1 description: ONAP Policy Administration (PAP) -name: pap +name: policy-pap version: 6.0.0 diff --git a/kubernetes/policy/charts/pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml index a6c2f0a42a..aa47b48548 100644..100755 --- a/kubernetes/policy/charts/pap/requirements.yaml +++ b/kubernetes/policy/components/policy-pap/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json index aba167708c..72c318042f 100644..100755 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/components/policy-pap/resources/config/config.json @@ -40,7 +40,7 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" diff --git a/kubernetes/policy/components/policy-pap/resources/config/logback.xml b/kubernetes/policy/components/policy-pap/resources/config/logback.xml new file mode 100755 index 0000000000..6038e20b84 --- /dev/null +++ b/kubernetes/policy/components/policy-pap/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml index 372bf4dcca..3265fbb220 100644..100755 --- a/kubernetes/policy/charts/pap/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 Nordix Foundation. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +22,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index e8c96cee77..f07ed4a7ba 100644..100755 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,4 +1,22 @@ -apiVersion: extensions/v1beta1 +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: @@ -9,20 +27,19 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ .Values.global.mariadb.service.name }} + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: @@ -53,12 +70,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -75,13 +104,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted name: papconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -91,6 +121,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-pap/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-pap/templates/secrets.yaml diff --git a/kubernetes/policy/charts/pap/templates/service.yaml b/kubernetes/policy/components/policy-pap/templates/service.yaml index 5c4061e831..5c4061e831 100644..100755 --- a/kubernetes/policy/charts/pap/templates/service.yaml +++ b/kubernetes/policy/components/policy-pap/templates/service.yaml diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 3eba5564ac..008fefd1a9 100644..100755 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,6 +25,8 @@ global: nodePortPrefixExt: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -54,13 +56,49 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-pap-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.0 +image: onap/policy-pap:2.3.1 pullPolicy: Always # flag to enable debugging - application support required @@ -71,9 +109,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + healthCheckRestClient: api: user: healthcheck @@ -115,4 +158,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index ab79a68745..fda3fde208 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # ============LICENSE_END========================================================= apiVersion: v1 -description: ONAP Policy XACML PDP +description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp version: 6.0.0 diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml new file mode 100755 index 0000000000..c9502372be --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml @@ -0,0 +1,25 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 1598ca4afa..1598ca4afa 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml new file mode 100755 index 0000000000..ae0beaade8 --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index c7e4ad197e..b53200be9a 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -48,6 +48,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # JPA Properties # javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver -javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml index 3ca4f82963..85ce86c338 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,6 +22,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index bd126b810b..a4d060ccfe 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -1,4 +1,22 @@ -apiVersion: extensions/v1beta1 +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -9,6 +27,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -18,17 +39,17 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: @@ -57,12 +78,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -80,6 +113,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -88,7 +122,7 @@ spec: emptyDir: medium: Memory resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -98,6 +132,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 33b990f208..aeefe41bca 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 36dd5a57cb..81196e1236 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -22,6 +22,8 @@ global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -45,13 +47,49 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-xacml-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.0 +image: onap/policy-xacml-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required @@ -62,9 +100,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + apiServer: user: healthcheck password: zb!XztG34 @@ -98,4 +141,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 01e41d9d0f..53ab55d047 100644..100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,10 +16,35 @@ dependencies: - name: common version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: policy-nexus + version: ~6.x-0 + repository: 'file://components/policy-nexus' + condition: policy-nexus.enabled + - name: policy-api + version: ~6.x-0 + repository: 'file://components/policy-api' + condition: policy-api.enabled + - name: policy-pap + version: ~6.x-0 + repository: 'file://components/policy-pap' + condition: policy-pap.enabled + - name: policy-xacml-pdp + version: ~6.x-0 + repository: 'file://components/policy-xacml-pdp' + condition: policy-xacml-pdp.enabled + - name: policy-apex-pdp + version: ~6.x-0 + repository: 'file://components/policy-apex-pdp' + condition: policy-apex-pdp.enabled + - name: policy-drools-pdp + version: ~6.x-0 + repository: 'file://components/policy-drools-pdp' + condition: policy-drools-pdp.enabled + - name: policy-distribution + version: ~6.x-0 + repository: 'file://components/policy-distribution' + condition: policy-distribution.enabled diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index ef821a11d4..51157f1a8a 100644..100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -1,5 +1,6 @@ +#!/bin/bash -x # Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,8 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash -xv mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; + for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" diff --git a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml deleted file mode 100644 index bcc6b167fc..0000000000 --- a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml +++ /dev/null @@ -1,186 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!-- - Logback files for the ECOMP SDK Application "ecomp_app" - are created in directory ${catalina.base}/logs/ecomp_app; - e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log - --> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="ep_sdk_app" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="generalLogName" value="application" /> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- - These loggers are not used in code (yet). - <property name="securityLogName" value="security" /> - <property name="policyLogName" value="policy" /> - <property name="performanceLogName" value="performance" /> - <property name="serverLogName" value="server" /> - --> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF"> - <file>${logDirectory}/${generalLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" /> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF"> - <queueSize>${queueSize}</queueSize> - <!-- Class name is part of caller data --> - <includeCallerData>true</includeCallerData> - <appender-ref ref="EELF" /> - </appender> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml deleted file mode 100644 index 9401e54861..0000000000 --- a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pap-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf deleted file mode 100644 index cb170f0802..0000000000 --- a/kubernetes/policy/resources/config/pe/console.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# configs component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9993 -TOMCAT_SHUTDOWN_PORT=8090 -SSL_HTTP_CONNECTOR_PORT=8443 -SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 -SSL_AJP_CONNECTOR_PORT=8383 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=2048 -TOMCAT_X_MX_MB=2048 - -# ------------------ console properties --------------------------- - -# -# Authorization Policy - -ROOT_POLICIES=admin -ADMIN_FILE=Policy-Admin.xml - - -# Set your domain here: - -REST_ADMIN_DOMAIN=com - -# -# Location where the GIT repository is located -# -REST_ADMIN_REPOSITORY=repository - -# -# Location where all the user workspaces are located. -# -REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace - -# -# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE -# container and setup authentication as you please. Setting HttpSession attribute values will override these -# values set in the properties files. -# -# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); -# -# The default policy: Policy-Admin.xml is extremely simple. -# -# You can test authorization within the Admin Console by changing the user id. -# There are 3 supported user ids: -# guest - Read only access -# editor - Read/Write access -# admin - Read/Write/Admin access -# -# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. -# -# This is for development/demonstration purposes only. A production environment should provide authentication which is -# outside the scope of this application. This application can be used to develop a XACML policy for user authorization -# within this application. -# - -REST_ADMIN_USER_NAME=Administrator -REST_ADMIN_USER_ID=super-admin - -# -# -# Property to declare the max time frame for logs. -# -LOG_TIMEFRAME=30 - -# Property to declare the number of visible rows for users in MicroService Policy -COLUMN_COUNT=3 - -# Dashboard refresh rate in miliseconds -REFRESH_RATE=40000 - -# -# URL location for the PAP servlet. -# - - -REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/ - -# -# Config/Action Properties location. -# - -REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/ -REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/ -REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/ -REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/ - -# PAP account information -CONSOLE_PAP_HTTP_USER_ID=testpap -CONSOLE_PAP_HTTP_PASSWORD=alpha123 - - -node_type=pap_admin -resource_name=console_1 - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 - -#Automatic Policy Distribution -automatic_push=false - -#Diff of policies for Firewall feature -FW_GETURL= -FW_AUTHOURL= -FW_PROXY= -FW_PORT= - -#SMTP Server Details for Java Mail -onap_smtp_host= -onap_smtp_port=25 -onap_smtp_userName= -onap_smtp_password= -onap_smtp_emailExtension= -onap_application_name= - -#-----------------------ONAP-PORTAL-Properties---------------------- - -ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm -ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi -ONAP_UEB_URL_LIST= -ONAP_PORTAL_INBOX_NAME= -ONAP_UEB_APP_KEY=ueb_key_5 -ONAP_UEB_APP_SECRET=ueb_key_5 -ONAP_UEB_APP_MAILBOX_NAME= -APP_DISPLAY_NAME=ONAP Policy -ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context diff --git a/kubernetes/policy/resources/config/pe/elk.conf b/kubernetes/policy/resources/config/pe/elk.conf deleted file mode 100644 index 2750bff702..0000000000 --- a/kubernetes/policy/resources/config/pe/elk.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# elasticsearch - -ELK_JMX_PORT=9995 diff --git a/kubernetes/policy/resources/config/pe/mysql.conf b/kubernetes/policy/resources/config/pe/mysql.conf deleted file mode 100644 index d4f83d414e..0000000000 --- a/kubernetes/policy/resources/config/pe/mysql.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# mysql scripts component installation configuration parameters - -# Path to mysql bin -MYSQL_BIN=/usr/local/mysql/bin - diff --git a/kubernetes/policy/resources/config/pe/pap-tweaks.sh b/kubernetes/policy/resources/config/pe/pap-tweaks.sh deleted file mode 100644 index 1930b98f77..0000000000 --- a/kubernetes/policy/resources/config/pe/pap-tweaks.sh +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf deleted file mode 100644 index ee1a492bc2..0000000000 --- a/kubernetes/policy/resources/config/pe/pap.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pap component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9990 -TOMCAT_SHUTDOWN_PORT=9405 -SSL_HTTP_CONNECTOR_PORT=9091 -SSL_AJP_CONNECTOR_PORT=8380 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pap properties - -PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps -PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ - -PAP_INITIATE_PDP=true -PAP_HEARTBEAT_INTERVAL=10000 -PAP_HEARTBEAT_TIMEOUT=10000 - -REST_ADMIN_DOMAIN=com -REST_ADMIN_REPOSITORY=repository -REST_ADMIN_WORKSPACE=workspace - -# PDP related properties -PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/ -PAP_PDP_HTTP_USER_ID=testpdp -PAP_PDP_HTTP_PASSWORD=alpha123 - -PAP_HTTP_USER_ID=testpap -PAP_HTTP_PASSWORD=alpha123 - -#new values added 10-21-2015 -PROP_PAP_TRANS_WAIT=500000 -PROP_PAP_TRANS_TIMEOUT=5000 -PROP_PAP_AUDIT_TIMEOUT=300000 -PROP_PAP_RUN_AUDIT_FLAG=true -PROP_PAP_AUDIT_FLAG=true - -PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 - - -node_type=pap -resource_name=pap_1 -dependency_groups=paplp_1 -test_via_jmx=true - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 diff --git a/kubernetes/policy/resources/config/pe/paplp.conf b/kubernetes/policy/resources/config/pe/paplp.conf deleted file mode 100644 index 34186d5652..0000000000 --- a/kubernetes/policy/resources/config/pe/paplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9996 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ -LOGPATH=/var/log/onap/policy/pap/pap-rest.log -PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=paplp_1 diff --git a/kubernetes/policy/templates/NOTES.txt b/kubernetes/policy/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml index 8c804c35ed..2537e477ea 100644..100755 --- a/kubernetes/policy/templates/configmap.yaml +++ b/kubernetes/policy/templates/configmap.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,31 +16,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-sdk-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ include "common.fullname" . }}-db-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml deleted file mode 100644 index fec565fb59..0000000000 --- a/kubernetes/policy/templates/deployment.yaml +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: pe - - mountPath: /config - name: pe-processed - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.release" . }}-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pap - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PRELOAD_POLICIES - value: "{{ .Values.config.preloadPolicies }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/pap-tweaks.sh - name: pe-pap - subPath: pap-tweaks.sh - - mountPath: /tmp/policy-install/config/paplp.conf - name: pe-pap - subPath: paplp.conf - - mountPath: /tmp/policy-install/config/pap.conf - name: pe-pap - subPath: pap.conf - - mountPath: /tmp/policy-install/config/mysql.conf - name: pe-pap - subPath: mysql.conf - - mountPath: /tmp/policy-install/config/elk.conf - name: pe-pap - subPath: elk.conf - - mountPath: /tmp/policy-install/config/console.conf - name: pe-pap - subPath: console.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/policy-install/logback.xml - name: policy-sdk-logback - subPath: logback.xml - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: policy-sdk-logback - configMap: - name: {{ include "common.fullname" . }}-sdk-log-configmap - - name: pe - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pap - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index f6a1ace3dc..463877b96a 100644..100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +16,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.release" . }}-galera-config + name: {{ include "common.release" . }}-policy-galera-config namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-job @@ -30,10 +31,10 @@ spec: initContainers: #This container checks that all galera instances are up before initializing it. - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py - --container-name - {{ index .Values "mariadb-galera" "service" "name" }} env: @@ -43,7 +44,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - name: {{ include "common.release" . }}-galera-config + - name: {{ include "common.release" . }}-policy-galera-config image: {{ .Values.mariadb_image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -64,6 +65,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: +{{ include "common.resources" . }} restartPolicy: Never volumes: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index c1f98ba3cc..c1f98ba3cc 100644..100755 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml diff --git a/kubernetes/policy/templates/service.yaml b/kubernetes/policy/templates/service.yaml deleted file mode 100644 index 9f4ad9bed4..0000000000 --- a/kubernetes/policy/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 4de13eee2d..714f9d928c 100644..100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,23 +17,8 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst - ubuntuImage: ubuntu:16.04 - pdp: - nameOverride: pdp - pap: - nameOverride: pap - drools: - nameOverride: drools - brmwgw: - nameOverride: brmsgw - nexus: - nameOverride: nexus + readinessImage: onap/oom/readiness:3.0.1 + aafEnabled: true mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -62,49 +47,44 @@ secrets: password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' passwordPolicy: generate -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -mariadb_image: library/mariadb:10 -pullPolicy: Always - -subChartsOnly: - enabled: true - db: &dbSecretsHook credsExternalSecret: *dbSecretName -pap: - nameOverride: pap +policy-api: + enabled: true db: *dbSecretsHook -pdp: - nameOverride: pdp +policy-pap: + enabled: true db: *dbSecretsHook -drools: - nameOverride: drools +policy-xacml-pdp: + enabled: true db: *dbSecretsHook -brmsgw: - nameOverride: brmsgw +policy-apex-pdp: + enabled: true db: *dbSecretsHook -policy-api: +policy-drools-pdp: + enabled: true db: *dbSecretsHook -policy-xacml-pdp: +policy-distribution: + enabled: true db: *dbSecretsHook +policy-nexus: + enabled: false -nexus: - nameOverride: nexus +################################################################# +# DB configuration defaults. +################################################################# + +repository: nexus3.onap.org:10001 +mariadb_image: library/mariadb:10 +pullPolicy: Always + +subChartsOnly: + enabled: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - preloadPolicies: false - pdpPort: 8081 - # default number of instances replicaCount: 1 @@ -124,26 +104,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - name: pap - portName: pap - internalPort: 8443 - externalPort: 8443 - nodePort: 19 - internalPort2: 9091 - externalPort2: 9091 - nodePort2: 18 - -ingress: - enabled: false - service: - - baseaddr: "policy.api" - name: "pap" - port: 8443 - config: - ssl: "redirect" - mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals config: @@ -163,21 +123,22 @@ mariadb-galera: lower_case_table_names = 1 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: cpu: 1 memory: 4Gi requests: - cpu: 10m + cpu: 100m memory: 1Gi large: limits: cpu: 2 memory: 8Gi requests: - cpu: 20m + cpu: 200m memory: 2Gi unlimited: {} + |