diff options
Diffstat (limited to 'kubernetes/policy')
51 files changed, 939 insertions, 120 deletions
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 9b631c7af5..6a2e819718 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 14.0.5 +version: 15.0.2 dependencies: - name: common @@ -28,57 +28,61 @@ dependencies: - name: mariadb-galera version: ~13.x-0 repository: '@local' - condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster + condition: global.mariadbGalera.localCluster - name: policy-nexus - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-nexus' condition: policy-nexus.enabled - name: policy-api - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-api' condition: policy-api.enabled - name: policy-pap - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-pap' condition: policy-pap.enabled - name: policy-xacml-pdp - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-xacml-pdp' condition: policy-xacml-pdp.enabled - name: policy-apex-pdp - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-apex-pdp' condition: policy-apex-pdp.enabled - name: policy-drools-pdp - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-drools-pdp' condition: policy-drools-pdp.enabled + - name: policy-opa-pdp + version: ~15.x-0 + repository: 'file://components/policy-opa-pdp' + condition: policy-opa-pdp.enabled - name: policy-distribution - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-distribution' condition: policy-distribution.enabled - name: policy-clamp-ac-k8s-ppnt - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-ac-k8s-ppnt' condition: policy-clamp-ac-k8s-ppnt.enabled - name: policy-clamp-ac-http-ppnt - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-ac-http-ppnt' condition: policy-clamp-ac-http-ppnt.enabled - name: policy-clamp-ac-a1pms-ppnt - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-ac-a1pms-ppnt' condition: policy-clamp-ac-a1pms-ppnt.enabled - name: policy-clamp-ac-kserve-ppnt - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-ac-kserve-ppnt' condition: policy-clamp-ac-kserve-ppnt.enabled - name: policy-clamp-ac-pf-ppnt - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-ac-pf-ppnt' condition: policy-clamp-ac-pf-ppnt.enabled - name: policy-clamp-runtime-acm - version: ~14.x-0 + version: ~15.x-0 repository: 'file://components/policy-clamp-runtime-acm' condition: policy-clamp-runtime-acm.enabled - name: repositoryGenerator @@ -93,4 +97,4 @@ dependencies: - name: postgres version: ~13.x-0 repository: '@local' - condition: global.postgres.useInPolicy,global.postgres.localCluster + condition: global.postgres.localCluster diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index 4ec4725860..3cd9ef8e59 100755 --- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2021,2024 Nordix Foundation # Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy APEX PDP name: policy-apex-pdp -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 0c83a55651..9cf89b4c79 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -47,7 +47,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:3.1.3 +image: onap/policy-apex-pdp:4.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index f5c876646b..6c3351a5df 100755 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Design API name: policy-api -version: 14.0.2 +version: 15.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index c39a27bdeb..3e357a66e7 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -40,9 +40,6 @@ spring: hikari: maximumPoolSize: 20 jpa: - properties: - hibernate: - dialect: org.hibernate.dialect.MariaDB103Dialect hibernate: ddl-auto: none naming: @@ -64,10 +61,6 @@ spring: naming: physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy - properties: - hibernate: - dialect: org.hibernate.dialect.PostgreSQLDialect - format_sql: true {{ end }} policy-api: diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 902268f41a..3e86ed1894 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -51,7 +51,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:3.1.3 +image: onap/policy-api:4.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index a9d27d60a8..a89c614c4f 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp A1PMS Participant name: policy-clamp-ac-a1pms-ppnt -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 5bfa825e18..0404a8a68c 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# Copyright (C) 2022,2024 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,6 +32,9 @@ security: participant: intermediaryParameters: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} reportingTimeIntervalMs: 120000 description: Participant Description participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 @@ -40,7 +43,7 @@ participant: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -50,11 +53,23 @@ participant: security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} topicSinks: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index a23e732c8b..b882829ae3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2022-2023 Nordix Foundation. +# Copyright (C) 2022-2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,8 +23,10 @@ global: persistence: {} kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -41,7 +43,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-a1pms-ppnt:7.1.3 +image: onap/policy-clamp-ac-a1pms-ppnt:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-ac-a1pms-ppnt @@ -147,6 +149,9 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index 979aa4f598..1c3abbbc97 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Http Participant name: policy-clamp-ac-http-ppnt -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index d447360dd9..8b877ffc0d 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,6 +32,9 @@ security: participant: intermediaryParameters: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} reportingTimeIntervalMs: 120000 description: Participant Description participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01 @@ -40,7 +43,7 @@ participant: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -50,11 +53,23 @@ participant: security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} topicSinks: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 8593a3d316..e7d317e9af 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -24,8 +24,10 @@ global: persistence: {} #Strimzi Kafka properties kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -42,7 +44,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-http-ppnt:7.1.3 +image: onap/policy-clamp-ac-http-ppnt:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-ac-http-ppnt @@ -138,6 +140,9 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index 5a1cb6e80b..09dadf2806 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop K8s Participant name: policy-clamp-ac-k8s-ppnt -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 14deab557b..4616d6643a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022,2024 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,6 +34,9 @@ participant: localChartDirectory: /home/policy/local-charts infoFileName: CHART_INFO.json intermediaryParameters: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} reportingTimeIntervalMs: 120000 description: Participant Description participantId: 101c62b3-8918-41b9-a747-d21eb79c6c02 @@ -42,7 +45,7 @@ participant: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -52,11 +55,23 @@ participant: security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} topicSinks: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 5e43b94965..ea00a34dad 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,8 +25,10 @@ global: persistence: {} #Strimzi Kafka properties kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -43,7 +45,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:7.1.3 +image: onap/policy-clamp-ac-k8s-ppnt:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-ac-k8s-ppnt @@ -153,6 +155,9 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml index 863d07952f..2982043dab 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Kserve Participant name: policy-clamp-ac-kserve-ppnt -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml index 6613235050..55aa8eb641 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -39,6 +39,9 @@ security: participant: intermediaryParameters: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} reportingTimeIntervalMs: 120000 description: Participant Description participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04 @@ -47,7 +50,7 @@ participant: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -57,11 +60,23 @@ participant: security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} topicSinks: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index 6f9868bc0d..2221ce83ba 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -24,8 +24,10 @@ global: persistence: {} #Strimzi Kafka properties kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -42,7 +44,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-kserve-ppnt:7.1.3 +image: onap/policy-clamp-ac-kserve-ppnt:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-ac-kserve-ppnt @@ -137,6 +139,9 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index 4460c18fcd..49d7522eaf 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Policy Participant name: policy-clamp-ac-pf-ppnt -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 729a455d07..1e7edea091 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -50,6 +50,9 @@ participant: useHttps: "false" allowSelfSignedCerts: true intermediaryParameters: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} reportingTimeIntervalMs: 120000 description: Participant Description participantId: 101c62b3-8918-41b9-a747-d21eb79c6c03 @@ -58,7 +61,7 @@ participant: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -68,11 +71,23 @@ participant: security.protocol: SASL_PLAINTEXT sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} topicSinks: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 97bebd00d2..e7fbbb1f84 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,8 +24,10 @@ global: persistence: {} #Strimzi Kafka properties kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -54,7 +56,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:7.1.3 +image: onap/policy-clamp-ac-pf-ppnt:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-ac-pf-ppnt @@ -159,6 +161,9 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index ef9a7494ec..8b22acd09c 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime name: policy-clamp-runtime-acm -version: 14.0.2 +version: 15.0.0 dependencies: - name: common @@ -33,4 +33,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 2e09397806..f1785acb0f 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -71,6 +71,9 @@ server: enabled: false runtime: + topics: + operationTopic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + syncTopic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} participantParameters: heartBeatMs: 120000 maxMessageAgeMs: 600000 @@ -83,7 +86,7 @@ runtime: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -97,7 +100,19 @@ runtime: - useHttps: false fetchTimeout: 15000 - topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + topic: {{ .Values.global.kafkaTopics.acRuntimeOperationTopic.name }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeSyncTopic.name }} topicCommInfrastructure: kafka servers: - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} @@ -114,4 +129,4 @@ management: endpoints: web: exposure: - include: health, metrics, prometheus
\ No newline at end of file + include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index eb974d6ed2..9f78b29dae 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -29,8 +29,10 @@ global: useInPolicy: true #Strimzi Kafka properties kafkaTopics: - acRuntimeTopic: - name: &acRuntimeTopic policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: &acRuntimeOperationTopic policy-acruntime-participant + acRuntimeSyncTopic: + name: &acRuntimeSyncTopic acm-ppnt-sync ################################################################# # Secrets metaconfig @@ -53,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:7.1.3 +image: onap/policy-clamp-runtime-acm:8.0.1 pullPolicy: Always componentName: &componentName policy-clamp-runtime-acm @@ -78,12 +80,16 @@ kafkaUser: - name: *componentName type: group operations: [Read] - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + type: topic + operations: [Read, Write] + - name: *acRuntimeSyncTopic type: topic operations: [Read, Write] kafkaTopic: - - name: *acRuntimeTopic + - name: *acRuntimeOperationTopic + - name: *acRuntimeSyncTopic db: user: policy-user diff --git a/kubernetes/policy/components/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index b2d1cde724..3ac1d031a3 100755 --- a/kubernetes/policy/components/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Distribution name: policy-distribution -version: 14.0.1 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index f93dffe1ee..f393250045 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -59,7 +59,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:3.1.3 +image: onap/policy-distribution:4.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 25060ae593..37ab25cf88 100755 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Drools Policy Engine (PDP-D) name: policy-drools-pdp -version: 14.0.2 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index dc7f788405..64e8188f2b 100644 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -136,9 +136,9 @@ VFC_CONTEXT_URI=api/nslcm/v1/ SDNC_HOST=sdnc.{{.Release.Namespace}} SDNC_PORT=8282 -SDNC_CONTEXT_URI=restconf/operations/ +SDNC_CONTEXT_URI=rests/operations/ # CDS CDS_GRPC_HOST={{.Values.cds.grpc.svcName}} -CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
\ No newline at end of file +CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index f22d642e95..8fbd6c6446 100644 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -47,7 +47,7 @@ secrets: ################################################################# # application image # The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes -image: onap/policy-pdpd-cl:2.1.3 +image: onap/policy-pdpd-cl:3.0.1 pullPolicy: Always diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index dcb3c3ac72..eb6c92e75b 100755 --- a/kubernetes/policy/components/policy-nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP Policy Nexus name: policy-nexus -version: 14.0.2 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-opa-pdp/Chart.yaml b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml new file mode 100755 index 0000000000..6416e5016e --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/Chart.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy OPA PDP (PDP-O) +name: policy-opa-pdp +version: 15.0.0 + +dependencies: + - name: common + version: ~13.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local' + - name: serviceAccount + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json new file mode 100755 index 0000000000..e978b84186 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/resources/config/config.json @@ -0,0 +1,43 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{ + "logging": { + "level": "debug" + }, + "services": [ + { + "name": "opa-bundle-server", + "url": "http://policy-opa-pdp:8282/opa/bundles" + } + ], + "bundles": { + "opabundle": { + "service": "opa-bundle-server", + "resource": "bundle.tar.gz", + "polling": { + "min_delay_seconds": 60, + "max_delay_seconds": 120 + } + } + }, + "decision_logs": { + "console": true + } +} diff --git a/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz b/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz Binary files differnew file mode 100644 index 0000000000..fa841c0191 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/authorizationpolicy.yaml new file mode 100755 index 0000000000..e2b4537dc8 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/authorizationpolicy.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml new file mode 100755 index 0000000000..cc08af6937 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml @@ -0,0 +1,42 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap-config + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: +{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap-policies-data + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +{{- with .Files.Glob "resources/policies/*" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml new file mode 100755 index 0000000000..6c25bac01c --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml @@ -0,0 +1,137 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + - command: + - /bin/sh + args: + - -c + - | + echo "*** set right permissions to the different folders" + chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /var/log; + chmod -R 755 /var/log + chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /opt/; + chmod -R 755 /opt/* + tar -xvf /tmp/policies/policy-data.tar.gz -C /opt/ + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-readiness + volumeMounts: + - name: logs + mountPath: /var/log + - name: tmp-policies-data + mountPath: /tmp/policies + - name : opa-policies-data + mountPath: /opt/ + + containers: + - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + env: + - name: UseSASLForKAFKA + value: "{{ .Values.kafka.useSASL }}" + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: GROUPID + value: "{{ .Values.kafka.groupid }}" + - name: LOG_LEVEL + value: "{{ .Values.log.loglevel }}" + - name: PAP_TOPIC + value: "{{ .Values.kafka.topic }}" + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + + - name: opa-policies-data + mountPath: /opt + - name: opa-config + mountPath: /app/config + - name: opa-bundles + mountPath: /app/bundles + - name: logs + mountPath: /var/log + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: tmp-policies-data + configMap: + name: {{ include "common.fullname" . }}-configmap-policies-data + defaultMode: 0755 + - name: opa-policies-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-policies-data + - name: opa-config + configMap: + name: {{ include "common.fullname" . }}-configmap-config + defaultMode: 0755 + - name: opa-bundles + emptyDir: + sizeLimit: {{ .Values.dirSizes.bundleDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/kafkauser.yaml new file mode 100755 index 0000000000..faf315356c --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/kafkauser.yaml @@ -0,0 +1,20 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml new file mode 100755 index 0000000000..5a1e9e3450 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "common.fullname" . }}-policies-data + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.logsSize }} + storageClassName: {{ include "common.storageClass" . }} + volumeMode: Filesystem + +{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/secrets.yaml new file mode 100755 index 0000000000..0c47a8bd77 --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/service.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/service.yaml new file mode 100755 index 0000000000..1d45a0baef --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/serviceMonitor.yaml new file mode 100755 index 0000000000..96774208de --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2024 Deutsche Telekom +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.global.prometheusEnabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/values.yaml b/kubernetes/policy/components/policy-opa-pdp/values.yaml new file mode 100755 index 0000000000..20c7e513bc --- /dev/null +++ b/kubernetes/policy/components/policy-opa-pdp/values.yaml @@ -0,0 +1,253 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-opa-pdp:1.0.0 +pullPolicy: Always + +componentName: &componentName policy-opa-pdp + +# flag to enable debugging - application support required +debugEnabled: false + +log: + loglevel: "debug" + + +# application configuration + +permissions: + uid: 100 + gid: 102 + +restServer: + user: healthcheck + password: zb!XztG34 + +apiServer: + user: policyadmin + password: zb!XztG34 + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-opa-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +securityContext: + user_id: 0 + group_id : 0 + runAsNonRoot: false + + +containerSecurityContext: + enabled: true + privileged: false + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + + +kafka: + groupid: "policy-opa-pdp" + topic: "policy-pdp-pap" + useSASL: "true" + brokers: "onap-strimzi-kafka-bootstrap.onap:9092" + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteMany + logsSize: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: policy/opapdp + storageClass: "cinder-os" + enableDefaultStorageclass: false + parameters: {} + storageclassProvisioner: cinder-os + + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + +service: + type: ClusterIP + name: *componentName + internalPort: 8282 + ports: + - name: http + port: 8282 + +ingress: + enabled: false + +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: dcae-datafile-collector-read + - serviceAccount: dcae-datalake-admin-ui-read + - serviceAccount: dcae-datalake-des-read + - serviceAccount: dcae-datalake-feeder-read + - serviceAccount: dcae-heartbeat-read + - serviceAccount: dcae-hv-ves-collector-read + - serviceAccount: dcae-kpi-ms-read + - serviceAccount: dcae-pm-mapper-read + - serviceAccount: dcae-pmsh-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-restconf-collector-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-snmptrap-collector-read + - serviceAccount: dcae-son-handler-read + - serviceAccount: dcae-tcagen2-read + - serviceAccount: dcae-ves-collector-read + - serviceAccount: dcae-ves-mapper-read + - serviceAccount: dcae-ves-openapi-manager-read + - serviceAccount: strimzi-kafka-read + - serviceAccount: oof-read + - serviceAccount: sdnc-read + +flavor: small +resources: + small: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "0.5" + memory: "1Gi" + large: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "1" + memory: "2Gi" + unlimited: {} + + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + policyDir: + sizeLimit: 100Mi + bundleDir: + sizeLimit: 5Gi + + +#Pods Service Account +serviceAccount: + nameOverride: *componentName + roles: + - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + app: '{{ include "common.name" . }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + version: '{{ .Chart.Version | replace "+" "_" }}' + release: prometheus + enabled: true + port: policy-opa-pdp + interval: 60s + isHttps: false + basicAuth: + enabled: true + externalSecretNameSuffix: policy-opa-pdp-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + +config: + # Event consumption (kafka) properties + kafka: + consumer: + groupId: policy-opa-pdp + app: + listener: + policyPdpPapTopic: policy-pdp-pap + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-opa-pdp + type: group + operations: [ Create, Describe, Read, Write ] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 2122e6fb3f..29f9ed3e72 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -23,7 +23,7 @@ apiVersion: v2 description: ONAP Policy Administration (PAP) name: policy-pap -version: 14.0.2 +version: 15.0.0 dependencies: - name: common @@ -34,4 +34,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 4c6f5355e0..2a5d938a01 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -71,7 +71,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:3.1.3 +image: onap/policy-pap:4.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index a02171ef31..f4046126dd 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp -version: 14.0.3 +version: 15.0.0 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index 3df3578fd2..478cf84ca5 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -77,4 +77,4 @@ jakarta.persistence.jdbc.driver=org.postgresql.Driver jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory {{ end }} jakarta.persistence.jdbc.user=${SQL_USER} -jakarta.persistence.jdbc.password=${SQL_PASSWORD}
\ No newline at end of file +jakarta.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index b20ab89370..bdad532b40 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -54,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:3.1.3 +image: onap/policy-xacml-pdp:4.0.1 pullPolicy: Always componentName: &componentName policy-xacml-pdp diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh index 913ccc7728..a7fc088d55 100644 --- a/kubernetes/policy/resources/config/db-pg.sh +++ b/kubernetes/policy/resources/config/db-pg.sh @@ -20,10 +20,15 @@ export PGPASSWORD=${PG_ADMIN_PASSWORD}; +echo "Create user ${PG_USER} is created in Host ${PG_HOST}" psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'" for db in migration pooling policyadmin policyclamp operationshistory clampacm do + echo "Create DB ${db}" psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};" + echo "Grant privileges to DB ${db} for user ${PG_USER}" psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";" -done
\ No newline at end of file + echo "Grant privileges to SCHEMA public for user ${PG_USER}" + psql -h ${PG_HOST} -p ${PG_PORT} -d ${db} -U postgres --command "GRANT ALL ON SCHEMA public TO \"${PG_USER}\";" +done diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh index a1d8fd89ea..32ccbf18d4 100644 --- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh +++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh @@ -31,4 +31,4 @@ for schema in ${SQL_DB}; do fi done -exit $rc
\ No newline at end of file +exit $rc diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 3886a85d11..ad5b8fbf5a 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -402,4 +402,4 @@ spec: items: - key: db_migrator_pg_policy_init.sh path: db_migrator_pg_policy_init.sh -{{ end }}
\ No newline at end of file +{{ end }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 67f4dbd1e5..26d5e0e31d 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -20,12 +20,13 @@ ################################################################# global: mariadbGalera: + useInPolicy: false + localCluster: true # flag to enable the DB creation via mariadb-operator - useOperator: true + useOperator: false # if useOperator set to "true", set "enableServiceAccount to "false" # as the SA is created by the Operator - enableServiceAccount: false - localCluster: true + enableServiceAccount: true # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig @@ -35,23 +36,29 @@ global: nameOverride: *mariadbService # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> - useInPolicy: true prometheusEnabled: false postgres: - localCluster: false + useInPolicy: true + localCluster: true + # flag to enable the DB creation via pgo-operator + useOperator: false service: name: pgset name2: tcp-pgset-primary name3: tcp-pgset-replica container: name: postgres - useInPolicy: false + nameOverride: "policy-postgres" + # (optional) if localCluster=false and an external secret is used set this variable + #userRootSecret: <secretName> kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user useStrimziKafka: true kafkaTopics: - acRuntimeTopic: - name: policy.clamp-runtime-acm + acRuntimeOperationTopic: + name: policy-acruntime-participant + acRuntimeSyncTopic: + name: acm-ppnt-sync ################################################################# # Secrets metaconfig ################################################################# @@ -59,27 +66,57 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary ( - ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | - ternary - "" - (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) - ) - ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) | - ternary + externalSecret: '{{ .Values.global.mariadbGalera.useInPolicy | ternary + ( .Values.global.mariadbGalera.localCluster | ternary + ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret") | ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) + ) + ( not (empty (default "" .Values.global.mariadbGalera.userRootSecret)) | ternary .Values.global.mariadbGalera.userRootSecret (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride) ) + ) + ) + ( .Values.global.postgres.localCluster | ternary + ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .) + ) + ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary + .Values.global.postgres.userRootSecret + (include "common.postgres.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.postgres.nameOverride) + ) + ) ) }}' - password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' + password: '{{ .Values.global.mariadbGalera.useInPolicy | ternary + (index .Values "mariadb-galera" "rootUser" "password") + (index .Values "postgres" "config" "pgRootPassword") + }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "db" "user" }}' - password: '{{ index .Values "mariadb-galera" "db" "password" }}' + externalSecret: '{{ .Values.global.mariadbGalera.useInPolicy | ternary + ( hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret") | ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) + ) + ( hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .) + ) + }}' + login: '{{ .Values.global.mariadbGalera.useInPolicy | ternary + (index .Values "mariadb-galera" "db" "user") + (index .Values "postgres" "config" "pgUserName") + }}' + password: '{{ .Values.global.mariadbGalera.useInPolicy | ternary + (index .Values "mariadb-galera" "db" "password") + (index .Values "postgres" "config" "pgUserPassword") + }}' passwordPolicy: generate - uid: policy-app-user-creds name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' @@ -132,10 +169,14 @@ policy-apex-pdp: config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-drools-pdp: - enabled: false + enabled: true db: *dbSecretsHook config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-opa-pdp: + enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-distribution: enabled: true db: *dbSecretsHook @@ -168,7 +209,7 @@ policy-nexus: dbmigrator: # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later. - image: onap/policy-db-migrator:3.1.3 + image: onap/policy-db-migrator:4.0.1 # These schemas will be required with the new version of db-migrator # schemas: "policyadmin clampacm pooling operationshistory" schemas: "policyadmin" @@ -245,10 +286,11 @@ mariadb-galera: persistence: enabled: true mountSubPath: policy/maria/data + size: 3Gi serviceAccount: nameOverride: *mariadbService -postgresImage: library/postgres:latest +postgresImage: library/postgres:17.2 # application configuration override for postgres postgres: nameOverride: &postgresName policy-postgres @@ -256,6 +298,7 @@ postgres: name: *postgresName name2: policy-pg-primary name3: policy-pg-replica + internalPort: 5432 container: name: primary: policy-pg-primary @@ -263,6 +306,7 @@ postgres: persistence: mountSubPath: policy/postgres/data mountInitPath: policy + size: 3Gi config: pgUserName: policy-user pgDatabase: policyadmin @@ -311,4 +355,4 @@ securityContext: serviceAccount: nameOverride: policy roles: - - read
\ No newline at end of file + - read |