summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy')
-rwxr-xr-xkubernetes/policy/Chart.yaml7
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-be/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml3
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml3
-rw-r--r--kubernetes/policy/resources/config/db-pg.sh29
-rw-r--r--kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh21
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/templates/job.yaml71
-rwxr-xr-xkubernetes/policy/values.yaml49
25 files changed, 198 insertions, 43 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 677271c241..d3b3c7b245 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -85,3 +85,10 @@ dependencies:
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~10.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~10.x-0
+ repository: '@local'
+ condition: global.postgres.localCluster
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 6adf0e6609..ad2d954088 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.1
+image: onap/policy-apex-pdp:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -140,9 +140,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index c08b035d53..e6cf2b3571 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -29,6 +29,8 @@ spring:
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
diff --git a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 89608cfb6f..72c5c498ba 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -79,7 +79,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.1
+image: onap/policy-api:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -156,9 +156,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 8eafa463c5..844b3d78c2 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -71,7 +71,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.1
+image: onap/policy-clamp-ac-http-ppnt:6.2.2
pullPolicy: Always
# application configuration
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index a3fb19f1bc..5592edcc3c 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -72,7 +72,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index c825ab1a0c..70f2a0fa75 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.1
+image: onap/policy-clamp-ac-pf-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
index 2016b14043..d40a2a9695 100644
--- a/kubernetes/policy/components/policy-clamp-be/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -71,7 +71,7 @@ secrets:
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.1
+image: onap/policy-clamp-backend:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 1b571fc502..f989715c41 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -78,7 +78,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.1
+image: onap/policy-clamp-runtime-acm:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index db271a9c3f..9e0b11d3a2 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.1
+image: onap/policy-distribution:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -162,9 +162,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml
index 1c04296e4f..f8c450cb7e 100644
--- a/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 344a600afe..e15ce66359 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -203,9 +203,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 6f501b8c21..00f7b9b8ee 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -29,6 +29,8 @@ spring:
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 311653b860..41978331a4 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -92,7 +92,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.1
+image: onap/policy-pap:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -181,9 +181,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 308b5a78af..4b97dbb01d 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -159,9 +159,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
new file mode 100644
index 0000000000..f26a80fad7
--- /dev/null
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+#psql() { /usr/bin/psql -h ${PG_HOST} -p ${PG_PORT} "$@"; };
+
+export PGPASSWORD=${PG_ADMIN_PASSWORD};
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
new file mode 100644
index 0000000000..53921ab751
--- /dev/null
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 17558f86ea..c8b01ccb81 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index d59b5fe770..9fea669c37 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,9 +33,9 @@ spec:
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
@@ -71,6 +71,33 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-config
+ image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db-pg.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /docker-entrypoint-initdb.d/db-pg.sh
+ env:
+ - name: PG_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ - name: PG_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_USER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: PG_PORT
+ value: "{{ .Values.postgres.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
containers:
- name: {{ include "common.release" . }}-policy-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
@@ -95,8 +122,41 @@ spec:
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -108,3 +168,8 @@ spec:
path: db.sh
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - key: db-pg.sh
+ path: db-pg.sh
+ - key: db_migrator_pg_policy_init.sh
+ path: db_migrator_pg_policy_init.sh
+
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 759ba56b02..a315bc251c 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -27,6 +27,15 @@ global:
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
#################################################################
# Secrets metaconfig
@@ -66,6 +75,19 @@ secrets:
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -128,7 +150,7 @@ mariadb:
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.1
+ image: onap/policy-db-migrator:2.4.2
schema: policyadmin
policy_home: "/opt/app/policy"
@@ -180,6 +202,31 @@ mariadb-galera:
serviceAccount:
nameOverride: *policy-mariadb
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy_user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34