aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
AgeCommit message (Collapse)AuthorFilesLines
2020-04-22[POLICY] Remove hardcoded credentials from policy-xacml-pdpDominik Mizyn3-5/+51
This patch remove hardcoded healthcheck credentials from policy-xacml-pdp Issue-ID: OOM-2342 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I49db16a852412bad79f092232bcd2ba97eac7170
2020-04-20Merge "[POLICY] Use common secret template in pdp"Krzysztof Opasiak3-4/+38
2020-04-20Merge "[Policy] Remove hardcoded credentials from pap"Krzysztof Opasiak3-6/+46
2020-04-20[POLICY] Use common secret template in pdpDominik Mizyn3-4/+38
Use common secret template in pdp module instead of hardcoding them For now creds are hardcoded but this will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I091e5390c1ef7d98f0c4fb1cb5f6ca2d099e387f
2020-04-17[POLICY] legacy PDP healtchcheck removedjhh1-1/+1
It may be causing some flakiness with some healthchecks passing in OOM builds. Not sure the root cause, as the problem happens occassionally, may be a race condition or something else (legacy PDP and dependent components may take some time to initialize). Issue-ID: POLICY-2471 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I8ab7c8c563c1db13b2a99aa8cb6f3c022c625642
2020-04-17[Policy] Remove hardcoded credentials from papDominik Mizyn3-6/+46
This patch remove hardcoded healthcheck credentials from pap. Issue-ID: OOM-2342 Change-Id: I8dc2a1b0a84a18215403aabc8ae9b2a25387c3d7 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2020-04-17[POLICY] Fix in brmsgw templateDominik Mizyn1-1/+0
Double volumeMounts in brmsgw template fix Issue-ID: OOM-2342 Change-Id: Ia855d18a636b19ee9aafcc8739b8c52260f611c2 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
2020-04-16[POLICY] Use common secret template in brmsgwDominik Mizyn3-6/+59
Use common secret template in brmsgw module instead of hardcoding them in config map. For now creds are hardcoded but this will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: Ic6ea25004d87d993b40df838dd30a71e25386b2c
2020-04-15[POLICY] legacy pdp health + new image versionsjhh10-10/+10
Issue-ID: POLICY-2471 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ia05d2c52e99757dafff4ac8bbcc7ef4269734707 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2020-04-10[POLICY] Use common secret template in whole policy moduleKrzysztof Opasiak8-29/+110
All subcharts are ready so now we can remove hardcoded mariadb credentials in policy module and depend on common secret chart to generate them for us at the deployment time. Issue-ID: OOM-2342 Change-Id: I84bfc30511312be0b2e614ddff4676f36d85619b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2020-04-07Merge "Add healthcheck for legacy PAP"Krzysztof Opasiak3-0/+61
2020-04-06Add healthcheck for legacy PAPjhh3-0/+61
Issue-ID: POLICY-2473 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ib6c129b2cc9e9c81335da66df6d6d178de0cbc61
2020-04-03[POLICY] Use common secret template in papKrzysztof Opasiak4-3/+56
Use common secret template in pap module instead of hardcoding them in config map. For now db creds are hardcoded but this will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic4a4c175579fdc89de216fc09edd562530ad10cc
2020-04-03[POLICY] Use common secret template in policy-apiKrzysztof Opasiak4-3/+56
Use common secret template in policy-api module instead of hardcoding db credentials in config map. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6219a06ef466e214756302974589fcc27fa0a4cd
2020-04-02Bump chart versionSylvain Desbureaux22-23/+23
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-04-01Merge "[POLICY] Use common secret template in brmsgw"Krzysztof Opasiak3-0/+35
2020-04-01Merge "[POLICY] Use common secret template in pdp"Sylvain Desbureaux3-0/+36
2020-04-01Merge "[POLICY] Allow to override username and password from env"Sylvain Desbureaux1-2/+11
2020-04-01[POLICY] Use common secret template in pdpKrzysztof Opasiak3-0/+36
Use common secret template in pdp module to override DB credentials comming from policy-common. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I7e2304a79e0c92b5e7e32170135fd59769a21899
2020-04-01[POLICY] Use common secret template in brmsgwKrzysztof Opasiak3-0/+35
Use common secret template in brmsgw module to override DB credentials comming from policy-common For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic15afa9d65982d0ae3a535094f1e4b5f21758c82
2020-04-01[POLICY] Allow to override username and password from envKrzysztof Opasiak1-2/+11
To avoid hardcoding password in base.conf let's allow to override DB username and password from the environment variable. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I9fc9506b3908da06d0ad221f63d0a56c783788db
2020-04-01[POLICY] Use common secret template in policy-xacmlKrzysztof Opasiak4-2/+37
Use common secret template in policy-xacml module instead of hardcoding db credentials in config map. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3c78373d1b6cf6cdd94af03645e3d5af8704b942
2020-03-27Merge "policy changes pre-1st policy release in frankfurt"Krzysztof Opasiak19-96/+280
2020-03-26[POLICY] Use common secret template in droolsKrzysztof Opasiak4-3/+17
Use common secret template in drools module instead of putting db credentials in a single secret file to allow usage of external secret mechanism. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I377b71d76b0b37e919ea841586bb6d5c22107952
2020-03-26policy changes pre-1st policy release in frankfurtjhh19-96/+280
Miscellenous changes to keep up with all necessary oom modifications to support first set of released deliveries. PS1,PS6: PDP-D offline support. PS2: PDP-D PDP Group support. When PDPs register with PAP, they now have to specify their PDP group. Added the default group to the config file. PS3: PDP-A config file changes to add PDP group and native policy type. PS4, PS6: API add new preloaded policy types. PS5: Set snapshot versions for current release testing. PS[7-9]: https dmaap support for pap,pdp-x,distribution,pdp-a. PS10: PAP healthcheck configuration. PS11: Update LICENSE headers. PS12: Preload onap.policies.controlloop.operational.Common operational type. PS13: PDP-D drools base.conf remove JAVA_HOME PS14: add preloaded operational policies for apex in api component, and JDK 11 for legacy engine components. PS15: apex updated supported policy types, and remove duplicate preloaded policy type from api (operational Common). PS16: added api preloaded policy. PS17: distribution + more api preloaded policies PS18: amsterdam.pre.sh point to pdpd-cl-entrypoint.sh PS19: rebase and remove references to amsterdam in drools (deprecated) PS21: replace url with host/port for new actor design PS22: add trailing "/" to context URIs PS23: restore SO_URL as it may be needed for old actors/rules PS24: update to released images PS25: updated brmsgw.conf to latest images Issue-ID: POLICY-2296 Change-Id: I52232f65db19a50dd3c9baf052242c6d79675264 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Signed-off-by: Jim Hahn <jrh3@att.com> Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2020-03-10Standardize the pap pod/service name.k.kedron9-2/+2
To fix the bug with connecting to the pap by pdp. Change-Id: I21fb90f151ecace5c10e4def190ed15b15d7c4e5 Issue-ID: OOM-2333 Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak27-66/+66
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
2020-01-08Enabling logback file to be loaded using configmap for policy componentsa.sreekumar5-6/+10
Change-Id: Ic73ad605ac3aca689221afed258eb3673398e425 Issue-ID: POLICY-2308 Signed-off-by: a.sreekumar <ajith.sreekumar@est.tech>
2020-01-03ignore tables case in policy galera mariadbjhh1-0/+3
For compatibility reasons with the legacy pap, console, brmsgw and pdp-x. Issue-ID: POLICY-2320 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I4fa05e1862acccecb468045a5ff58a84d92b1c26
2019-12-09[POLICY] Use global storage templates for PVCSylvain Desbureaux2-10/+4
OOM has now templates in order to create the needed PVC, using: * a PV with a specific class when using a common nfs mount path between nodes (sames as today use) --> is the default behavior today * or a storage class if we want to use dynamic PV. On this case, we use (in order of priority): - persistence.storageClassOverride if set on the chart - global.persistence.storageClass if set globally - persistence.storageClass if set on the chart Change-Id: Iabd5d12196459bb1fce9021857aeab57a757ee12 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-11-27Merge "[Policy] Use common mariadb galera chart"Borislav Glozman31-459/+148
2019-11-21[Policy] Use common mariadb galera chartSylvain Desbureaux31-459/+148
Instead of using "own" galera chart, reuse chart placed in common part of OOM installation. Will ease move to common galera cluster (which is not done by this commit). Change-Id: I2d7c1e5cdc9289cfb55e288b1697373239ef96e3 Issue-ID: POLICY-1467 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-11-15Added 'pdpGroup' to policy-xacml-pdp parameters config fileHOCKLA1-1/+2
Issue-ID: POLICY-2229 Change-Id: Iffb9f40b174eae1e3b714e4ec5e8997c58d01a35 Signed-off-by: HOCKLA <ah999m@att.com>
2019-10-28Add policy update notification topic to OOMJim Hahn1-0/+5
Issue-ID: POLICY-1841 Signed-off-by: Jim Hahn <jrh3@att.com> Change-Id: I2ab0b7f40a9b60531dccd6175c76d0a18726816e
2019-10-27Merge "policy helm changes to override of cert store"Borislav Glozman7-6/+44
2019-10-25Merge "Update policy brmsgw to point to latest versions"Mike Elliott1-2/+2
2019-10-25policy helm changes to override of cert storejhh7-6/+44
Issue-ID: POLICY-2064 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I5d9c6b8ea7e13b43b900f07d394b0bc5fb4b0c9f
2019-10-17Supply CDS GRPC endpoint details for policy (drools) to make use ofRashmi Pujar3-0/+15
Issue-ID: POLICY-2088 Signed-off-by: Rashmi Pujar <rashmi.pujar@bell.ca> Change-Id: Iefcf1ea50cb2d096ff38a0ecf461a2caa6718f22
2019-10-15Update policy brmsgw to point to latest versionsjhh1-2/+2
Issue-ID: POLICY-2171 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Iaff0090a25990612c04d58147d4f9dfd20e4111f
2019-10-11Upgrade drools cl app imagejhh1-1/+1
Issue-ID: POLICY-2156 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Idde12043286d715a1de27d581701a41f7a72739d
2019-09-20Disable AAF for PDP-D telemetry APIjhh1-2/+2
As AAF cadi libraries and Aether libraries (transitively brought in by drools kie-ci functionality seem to interfere with each other, AAF is disabled. There is no side effects to disable AAF for this API as it is not an external API (it is used for diagnostics only). The nexus value change is cosmetic, not really used. Issue-ID: POLICY-2109 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I2ccb3b0f08a4d3020e58ca83bd89d2f614a51dca
2019-09-17Update legacy PAP released imagejhh1-1/+1
Issue-ID: POLICY-1892 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I9fa307bac87fd59156dba7af17a7a8e3c18c4b13
2019-09-17Merge "Update policy/distribution config & image version"Brian Freeman4-5/+29
2019-09-17Update policy/distribution config & image versionramverma4-5/+29
Updating the config file of distribution chart as per the new code changes done in El Alto release. Adding changes for policy-engine as well. Issue-ID: POLICY-1892 Change-Id: I21d971ff76f06dd1d74884481c81801422a3971c Signed-off-by: ramverma <ram.krishna.verma@est.tech>
2019-09-12Merge "Update charts with policy latest released images"Brian Freeman4-4/+4
2019-09-12Merge "refactor drools chart to allow customizations"Mike Elliott13-221/+177
2019-09-11Update charts with policy latest released imagesjhh4-4/+4
Issue-ID: POLICY-2045 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Idb074c7d4239be1c225f9e89f6672288fd658227
2019-09-10refactor drools chart to allow customizationsjhh13-221/+177
- move some values out of .conf files to values to avoid building the chart when deploying policy (drools). - move credentials to a single secret file, this is precursor work to deal with confidential info in a better way in future releases. - delete unused files. - generify mounting of configmaps/secrets as volumes to avoid explicitly having to modify statefulset.yaml. - update amsterdam controller with latest version in nexus at container instantiation. - update to the latest released drools image. Issue-ID: POLICY-1371 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I1497b61cd210ac4c00b957c2832de5acd01ea4d2 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2019-09-03Add policy-api to xacml-pdp config for OOMJim Hahn1-0/+8
Updated xacml-pdp config to add parameters so that it can connect to policy-api to retrieve policy types. Change-Id: Ib2fbd1523936a5b7c080e806b66eb0d31cb50365 Issue-ID: POLICY-2021 Signed-off-by: Jim Hahn <jrh3@att.com>
2019-08-29Move Policy Storage to RWOSylvain Desbureaux2-2/+2
Today when deploying Policy with OOM, the PersistentVolumeClaim needs the "ReadWriteMany" (or "RWX") capability. According to Kubernetes Documentation (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes), ReadWriteMany stands for "the volume can be mounted as read-write by many nodes". That means that a particular PVC needs to be read and written from many pods. That also means that your code takes that into account and do the work to avoid write at the same place at the same time. An issue on RWX mode is that most "official" storage driver from Kubernetes doesn't support it (13 over the 19 drivers doesn't support it, espacially OpenStack, Amazon and Google storage classes). Policy PVC for Nexus and Policy PVC for mariadb are used only for one POD. Thus we don't need RWX. Change-Id: Idf8a6ba8ef14ce7ca397438c2200c11517d0458e Issue-ID: POLICY-2019 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>