From 9c79e269cbd63b53281c343b34749b6f07b4a610 Mon Sep 17 00:00:00 2001 From: FrancescoFioraEst Date: Tue, 22 Feb 2022 13:12:19 +0000 Subject: [POLICY] Rename from TOSCA Control Loop to ACM Update CLAMP OOM Configuration for rename from TOSCA Control Loop to ACM Issue-ID: POLICY-3942 Change-Id: I2044dfb68f22dc27d701c7bea1e2a2eab69cb28d Signed-off-by: FrancescoFioraEst --- kubernetes/policy/Chart.yaml | 26 ++-- .../policy-clamp-ac-http-ppnt/Chart.yaml | 36 +++++ .../config/HttpParticipantParameters.yaml | 60 ++++++++ .../resources/config/logback.xml | 103 ++++++++++++++ .../templates/configmap.yaml | 32 +++++ .../templates/deployment.yaml | 113 +++++++++++++++ .../templates/secrets.yaml | 17 +++ .../templates/service.yaml | 21 +++ .../policy-clamp-ac-http-ppnt/values.yaml | 139 ++++++++++++++++++ .../components/policy-clamp-ac-k8s-ppnt/Chart.yaml | 38 +++++ .../config/KubernetesParticipantParameters.yaml | 91 ++++++++++++ .../resources/config/logback.xml | 103 ++++++++++++++ .../templates/configmap.yaml | 32 +++++ .../templates/deployment.yaml | 113 +++++++++++++++ .../templates/secrets.yaml | 17 +++ .../templates/service.yaml | 45 ++++++ .../policy-clamp-ac-k8s-ppnt/values.yaml | 140 ++++++++++++++++++ .../components/policy-clamp-ac-pf-ppnt/Chart.yaml | 36 +++++ .../config/PolicyParticipantParameters.yaml | 81 +++++++++++ .../resources/config/logback.xml | 103 ++++++++++++++ .../templates/configmap.yaml | 32 +++++ .../templates/deployment.yaml | 121 ++++++++++++++++ .../policy-clamp-ac-pf-ppnt/templates/secrets.yaml | 17 +++ .../policy-clamp-ac-pf-ppnt/templates/service.yaml | 21 +++ .../components/policy-clamp-ac-pf-ppnt/values.yaml | 157 +++++++++++++++++++++ .../resources/config/application.properties | 8 +- .../policy/components/policy-clamp-be/values.yaml | 3 +- .../policy-clamp-cl-http-ppnt/Chart.yaml | 37 ----- .../config/HttpParticipantParameters.yaml | 42 ------ .../resources/config/logback.xml | 103 -------------- .../templates/configmap.yaml | 32 ----- .../templates/deployment.yaml | 93 ------------ .../templates/secrets.yaml | 17 --- .../policy-clamp-cl-http-ppnt/values.yaml | 104 -------------- .../components/policy-clamp-cl-k8s-ppnt/Chart.yaml | 38 ----- .../config/KubernetesParticipantParameters.yaml | 85 ----------- .../resources/config/logback.xml | 103 -------------- .../templates/configmap.yaml | 32 ----- .../templates/deployment.yaml | 113 --------------- .../templates/secrets.yaml | 17 --- .../templates/service.yaml | 45 ------ .../policy-clamp-cl-k8s-ppnt/values.yaml | 140 ------------------ .../components/policy-clamp-cl-pf-ppnt/Chart.yaml | 37 ----- .../config/PolicyParticipantParameters.yaml | 62 -------- .../resources/config/logback.xml | 103 -------------- .../templates/configmap.yaml | 32 ----- .../templates/deployment.yaml | 102 ------------- .../policy-clamp-cl-pf-ppnt/templates/secrets.yaml | 17 --- .../components/policy-clamp-cl-pf-ppnt/values.yaml | 125 ---------------- .../components/policy-clamp-cl-runtime/Chart.yaml | 38 ----- .../resources/config/clRuntimeParameters.yaml | 90 ------------ .../resources/config/logback.xml | 103 -------------- .../templates/configmap.yaml | 38 ----- .../templates/deployment.yaml | 131 ----------------- .../policy-clamp-cl-runtime/templates/secrets.yaml | 21 --- .../policy-clamp-cl-runtime/templates/service.yaml | 21 --- .../components/policy-clamp-cl-runtime/values.yaml | 154 -------------------- .../components/policy-clamp-runtime-acm/Chart.yaml | 38 +++++ .../resources/config/acRuntimeParameters.yaml | 88 ++++++++++++ .../resources/config/logback.xml | 103 ++++++++++++++ .../templates/configmap.yaml | 38 +++++ .../templates/deployment.yaml | 131 +++++++++++++++++ .../templates/secrets.yaml | 21 +++ .../templates/service.yaml | 21 +++ .../policy-clamp-runtime-acm/values.yaml | 154 ++++++++++++++++++++ kubernetes/policy/resources/config/db.sh | 2 +- kubernetes/policy/values.yaml | 10 +- 67 files changed, 2287 insertions(+), 2099 deletions(-) create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml delete mode 100644 kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index fb16e824fb..677271c241 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021, 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -59,22 +59,22 @@ dependencies: version: ~10.x-0 repository: 'file://components/policy-clamp-be' condition: policy-clamp-be.enabled - - name: policy-clamp-cl-k8s-ppnt + - name: policy-clamp-ac-k8s-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-k8s-ppnt' - condition: policy-clamp-cl-k8s-ppnt.enabled - - name: policy-clamp-cl-http-ppnt + repository: 'file://components/policy-clamp-ac-k8s-ppnt' + condition: policy-clamp-ac-k8s-ppnt.enabled + - name: policy-clamp-ac-http-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-http-ppnt' - condition: policy-clamp-cl-http-ppnt.enabled - - name: policy-clamp-cl-pf-ppnt + repository: 'file://components/policy-clamp-ac-http-ppnt' + condition: policy-clamp-ac-http-ppnt.enabled + - name: policy-clamp-ac-pf-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-pf-ppnt' - condition: policy-clamp-cl-pf-ppnt.enabled - - name: policy-clamp-cl-runtime + repository: 'file://components/policy-clamp-ac-pf-ppnt' + condition: policy-clamp-ac-pf-ppnt.enabled + - name: policy-clamp-runtime-acm version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-runtime' - condition: policy-clamp-cl-runtime.enabled + repository: 'file://components/policy-clamp-runtime-acm' + condition: policy-clamp-runtime-acm.enabled - name: policy-gui version: ~10.x-0 repository: 'file://components/policy-gui' diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml new file mode 100644 index 0000000000..00cbd28181 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -0,0 +1,36 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop Http Participant +name: policy-clamp-ac-http-ppnt +version: 10.0.0 + +dependencies: + - name: common + version: ~10.x-0 + repository: '@local' + - name: certInitializer + version: ~10.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~10.x-0 + repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 0000000000..249aaaebda --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,60 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: HttpParticipant0 + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.HttpParticipant + version: 2.3.4 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus +server: + port: 8084 + servlet: + context-path: /onap/httpparticipant diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..b6a853d0a0 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/http-participant/error.log + + /var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/http-participant/debug.log + + /var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/http-participant/network.log + + /var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..3a5b8b199f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -0,0 +1,113 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: ac-http-ppnt-config + - mountPath: /config + name: ac-http-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-http-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-http-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..0bddc8dfbc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +#Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml new file mode 100644 index 0000000000..e676ff13d7 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml new file mode 100644 index 0000000000..8eafa463c5 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -0,0 +1,139 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-ac-http-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-http-ppnt:6.2.1 +pullPolicy: Always + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-http-ppnt + useNodePortExt: true + ports: + - name: http-api + port: 8084 + nodePort: 42 + + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-http-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml new file mode 100644 index 0000000000..b55cb35649 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -0,0 +1,38 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Modifications Copyright © 2021 Orange +# Modifications Copyright © 2021-2022 Nordix Foundation +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop K8s Participant +name: policy-clamp-ac-k8s-ppnt +version: 10.0.0 + +dependencies: + - name: common + version: ~10.x-0 + repository: '@local' + - name: certInitializer + version: ~10.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~10.x-0 + repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml new file mode 100644 index 0000000000..0b7e2ab22d --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -0,0 +1,91 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +security: + enable-csrf: false + +participant: + localChartDirectory: /home/policy/local-charts + infoFileName: CHART_INFO.json + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: K8sParticipant0 + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.KubernetesParticipant + version: 2.3.4 + clampAutomationCompositionTopics: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + +server: + # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. + # See springboot documentation. + port: 8083 + servlet: + context-path: /onap/policy/clamp/acm/k8sparticipant + +logging: + # Configuration of logging + level: + ROOT: INFO + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.onap.policy.clamp.controlloop.participant.kubernetes: INFO + + file: + name: /var/log/onap/policy/clamp/application.log + +chart: + api: + enabled: false + +# Sample Permitted list of helm repositories. Before deployment update the repositories where the helm charts are located. +# The Kubernetes participant accept only HTTPS Address +helm: + repos: + - + repoName: bitnami + address: https://charts.bitnami.com/bitnami diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..a09b4783c3 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/k8s-participant/error.log + + /var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/k8s-participant/debug.log + + /var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/k8s-participant/network.log + + /var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..14cb6d3f4e --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -0,0 +1,113 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: ac-k8s-ppnt-config + - mountPath: /config + name: ac-k8s-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-k8s-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-k8s-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-k8s-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..f0f3c5e993 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml new file mode 100644 index 0000000000..73381c9e3b --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml @@ -0,0 +1,45 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.namespace" . }}-policy-clamp-cl-k8s-ppnt-binding + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} + diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml new file mode 100644 index 0000000000..a3fb19f1bc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -0,0 +1,140 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-k8s-ppnt:6.2.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-k8s-ppnt + useNodePortExt: true + ports: + - name: http-api + port: 8083 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-k8s-ppnt + roles: + - create diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml new file mode 100644 index 0000000000..ae8d03bc13 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -0,0 +1,36 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop Policy Participant +name: policy-clamp-ac-pf-ppnt +version: 10.0.0 + +dependencies: + - name: common + version: ~10.x-0 + repository: '@local' + - name: certInitializer + version: ~10.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~10.x-0 + repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml new file mode 100644 index 0000000000..0160ff45df --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -0,0 +1,81 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +security: + enable-csrf: false + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + useHttps: true + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + useHttps: true + allowSelfSignedCerts: true + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: org.onap.PM_Policy + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.PolicyParticipant + version: 2.3.1 + clampAutomationCompositionTopics: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + +server: + port: 8085 + servlet: + context-path: /onap/policyparticipant diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..1447eb49fc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pf-participant/error.log + + /var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/debug.log + + /var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/network.log + + /var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..b13e013f47 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -0,0 +1,121 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: ac-pf-ppnt-config + - mountPath: /config + name: ac-pf-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-pf-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-pf-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-pf-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..f0f3c5e993 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml new file mode 100644 index 0000000000..e676ff13d7 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml new file mode 100644 index 0000000000..c825ab1a0c --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -0,0 +1,157 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.participantppnt.user }}' + password: '{{ .Values.restServer.participantppnt.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' + login: '{{ .Values.restServer.api.user }}' + password: '{{ .Values.restServer.api.password }}' + passwordPolicy: required + - uid: pap-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' + login: '{{ .Values.restServer.pap.user }}' + password: '{{ .Values.restServer.pap.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-pf-ppnt:6.2.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +# application configuration +restServer: + api: + user: policyadmin + password: none + pap: + user: policyadmin + password: none + participantppnt: + user: participantUser + password: none + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-pf-ppnt + useNodePortExt: true + ports: + - name: http-api + port: 8085 + nodePort: 42 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-pf-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index b9a4ed33a8..03e55e15f5 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -7,6 +7,7 @@ # reserved. # ================================================================================ # Modifications copyright (c) 2019 Nokia +# Modifications Copyright (c) 2022 Nordix Foundation # ================================================================================\ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -71,7 +72,6 @@ clamp.config.dcae.deployment.password=none clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 # Configuration settings for ControlLoop Runtime Rest API -clamp.config.controlloop.runtime.url=https://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 -clamp.config.controlloop.runtime.userName=${RUNTIME_USER} -clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD} - +clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969 +clamp.config.acm.runtime.userName=${RUNTIME_USER} +clamp.config.acm.runtime.password=${RUNTIME_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 85e97b9af3..2016b14043 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2021 AT&T +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -70,7 +71,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.2.0 +image: onap/policy-clamp-backend:6.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml deleted file mode 100644 index 4cf7c40590..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# Modifications Copyright © 2021 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v2 -description: ONAP Policy Clamp Controlloop Http Participant -name: policy-clamp-cl-http-ppnt -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - repository: '@local' - - name: certInitializer - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml deleted file mode 100644 index fd3c1d4438..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -participant: - intermediaryParameters: - reportingTimeIntervalMs: 120000 - description: Participant Description - participantId: - name: HttpParticipant0 - version: 1.0.0 - participantType: - name: org.onap.k8s.controlloop.HttpControlLoopParticipant - version: 2.3.4 - clampControlLoopTopics: - topicSources: - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: true - topicSinks: - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml deleted file mode 100644 index b6a853d0a0..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - /var/log/onap/policy/http-participant/error.log - - /var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - WARN - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/http-participant/debug.log - - /var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/http-participant/network.log - - /var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n - - - - - - - - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml deleted file mode 100644 index 09cc8cd48f..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml deleted file mode 100644 index 80eaf761e8..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - volumeMounts: - - mountPath: /config-input - name: cl-http-ppnt-config - - mountPath: /config - name: cl-http-ppnt-config-processed - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] -{{- else }} - command: ["/opt/app/policy/clamp/bin/http-participant.sh"] - args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} - volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-http-ppnt-config-processed - resources: -{{ include "common.resources" . }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: cl-http-ppnt-config - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: cl-http-ppnt-config-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml deleted file mode 100644 index 0bddc8dfbc..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -#Copyright (C) 2021 Nordix Foundation. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml deleted file mode 100644 index 44535c99e2..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-cl-http-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/policy-clamp-cl-http-ppnt:6.2.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} -ingress: - enabled: false - -flavor: small -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 100m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 200m - memory: 2Gi - unlimited: {} -#Pods Service Account -serviceAccount: - nameOverride: policy-clamp-cl-http-ppnt - roles: - - read diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml deleted file mode 100644 index 0427a423bc..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v2 -description: ONAP Policy Clamp Controlloop K8s Participant -name: policy-clamp-cl-k8s-ppnt -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - repository: '@local' - - name: certInitializer - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml deleted file mode 100644 index 7227ee8ded..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -spring: - security: - user: - name: ${RESTSERVER_USER} - password: ${RESTSERVER_PASSWORD} -security: - enable-csrf: false - -participant: - localChartDirectory: /home/policy/local-charts - infoFileName: CHART_INFO.json - intermediaryParameters: - reportingTimeIntervalMs: 120000 - description: Participant Description - participantId: - name: K8sParticipant0 - version: 1.0.0 - participantType: - name: org.onap.k8s.controlloop.K8SControlLoopParticipant - version: 2.3.4 - clampControlLoopTopics: - topicSources: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: true - topicSinks: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - useHttps: true - -server: - # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. - # See springboot documentation. - port: 8083 - servlet: - context-path: /onap/policy/clamp/acm/k8sparticipant - -logging: - # Configuration of logging - level: - ROOT: INFO - org.springframework: ERROR - org.springframework.data: ERROR - org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR - org.onap.policy.clamp.controlloop.participant.kubernetes: INFO - - file: - name: /var/log/onap/policy/clamp/application.log - -chart: - api: - enabled: false - -# Sample Permitted list of helm repositories. Before deployment update the repositories where the helm charts are located. -# The Kubernetes participant accept only HTTPS Address -helm: - repos: - - - repoName: bitnami - address: https://charts.bitnami.com/bitnami \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml deleted file mode 100644 index a09b4783c3..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - /var/log/onap/policy/k8s-participant/error.log - - /var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - WARN - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/k8s-participant/debug.log - - /var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/k8s-participant/network.log - - /var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n - - - - - - - - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml deleted file mode 100644 index 09cc8cd48f..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml deleted file mode 100644 index 72a3d0ea27..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: RESTSERVER_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} - - name: RESTSERVER_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: cl-k8s-ppnt-config - - mountPath: /config - name: cl-k8s-ppnt-config-processed - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] -{{- else }} - command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"] - args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-k8s-ppnt-config-processed - resources: -{{ include "common.resources" . }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} - volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: cl-k8s-ppnt-config - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: cl-k8s-ppnt-config-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml deleted file mode 100644 index f0f3c5e993..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml deleted file mode 100644 index 73381c9e3b..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: policy-clamp-cl-k8s-ppnt - namespace: {{ include "common.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "common.namespace" . }}-policy-clamp-cl-k8s-ppnt-binding - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: policy-clamp-cl-k8s-ppnt - namespace: {{ include "common.namespace" . }} - diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml deleted file mode 100644 index 701536a168..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - persistence: {} - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: restserver-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' - login: '{{ .Values.restServer.user }}' - password: '{{ .Values.restServer.password }}' - passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-cl-k8s-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/policy-clamp-cl-k8s-ppnt:6.2.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -restServer: - user: participantUser - password: zb!XztG34 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 20 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: http-api - -readiness: - initialDelaySeconds: 20 - periodSeconds: 10 - port: http-api - -service: - type: ClusterIP - name: policy-clamp-cl-k8s-ppnt - useNodePortExt: true - ports: - - name: http-api - port: 8083 - nodePort: 42 - -ingress: - enabled: false - -flavor: small -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 100m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 200m - memory: 2Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: policy-clamp-cl-k8s-ppnt - roles: - - create diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml deleted file mode 100644 index d80fa4d2da..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# Modifications Copyright © 2021 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v2 -description: ONAP Policy Clamp Controlloop Policy Participant -name: policy-clamp-cl-pf-ppnt -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - repository: '@local' - - name: certInitializer - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml deleted file mode 100644 index 16d41131a1..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -participant: - pdpGroup: defaultGroup - pdpType: apex - policyApiParameters: - clientName: api - hostname: policy-api - port: 6969 - userName: ${API_USER} - password: ${API_PASSWORD} - useHttps: true - allowSelfSignedCerts: true - policyPapParameters: - clientName: pap - hostname: policy-pap - port: 6969 - userName: ${PAP_USER} - password: ${PAP_PASSWORD} - useHttps: true - allowSelfSignedCerts: true - intermediaryParameters: - reportingTimeIntervalMs: 120000 - description: Participant Description - participantId: - name: org.onap.PM_Policy - version: 1.0.0 - participantType: - name: org.onap.policy.controlloop.PolicyControlLoopParticipant - version: 2.3.1 - clampControlLoopTopics: - topicSources: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - fetchTimeout: 15000 - useHttps: true - topicSinks: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml deleted file mode 100644 index 1447eb49fc..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - /var/log/onap/policy/pf-participant/error.log - - /var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - WARN - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/pf-participant/debug.log - - /var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/pf-participant/network.log - - /var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n - - - - - - - - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml deleted file mode 100644 index 09cc8cd48f..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml deleted file mode 100644 index 2317194e96..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: API_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} - - name: API_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} - - name: PAP_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} - - name: PAP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: cl-pf-ppnt-config - - mountPath: /config - name: cl-pf-ppnt-config-processed - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] -{{- else }} - command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] - args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} - volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-pf-ppnt-config-processed - resources: -{{ include "common.resources" . }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: cl-pf-ppnt-config - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: cl-pf-ppnt-config-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml deleted file mode 100644 index f0f3c5e993..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml deleted file mode 100644 index ef8a7c0745..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: api-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' - login: '{{ .Values.restServer.api.user }}' - password: '{{ .Values.restServer.api.password }}' - passwordPolicy: required - - uid: pap-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' - login: '{{ .Values.restServer.pap.user }}' - password: '{{ .Values.restServer.pap.password }}' - passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/policy-clamp-cl-pf-ppnt:6.2.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# default number of instances -replicaCount: 1 - -# application configuration -restServer: - api: - user: policyadmin - password: none - pap: - user: policyadmin - password: none - -nodeSelector: {} - -affinity: {} -ingress: - enabled: false - -flavor: small -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 100m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 200m - memory: 2Gi - unlimited: {} -#Pods Service Account -serviceAccount: - nameOverride: policy-clamp-cl-pf-ppnt - roles: - - read diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml deleted file mode 100644 index 0adfd34a7c..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v2 -description: ONAP Policy Clamp Controlloop Runtime -name: policy-clamp-cl-runtime -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - repository: '@local' - - name: certInitializer - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml deleted file mode 100644 index 157db833b2..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -spring: - security: - user: - name: ${RUNTIME_USER} - password: ${RUNTIME_PASSWORD} - http: - converters: - preferred-json-mapper: gson - datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop - driverClassName: org.mariadb.jdbc.Driver - username: ${SQL_USER} - password: ${SQL_PASSWORD} - hikari: - connectionTimeout: 30000 - idleTimeout: 600000 - maxLifetime: 1800000 - maximumPoolSize: 10 - -security: - enable-csrf: false - -server: - port: 6969 - servlet: - context-path: /onap/controlloop - error: - path: /error - - -runtime: - supervisionScannerIntervalSec: 1000 - participantClUpdateIntervalSec: 1000 - participantClStateChangeIntervalSec: 1000 - participantParameters: - heartBeatMs: 120000 - maxMessageAgeMs: 600000 - maxStatusWaitMs: 100000 - updateParameters: - maxRetryCount: 3 - maxWaitMs: 100000 - databasePlatform: org.eclipse.persistence.platform.database.MySQLPlatform - databaseProviderParameters: - name: PolicyProviderParameterGroup - implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl - databaseDriver: org.mariadb.jdbc.Driver - databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop - databaseUser: ${SQL_USER} - databasePassword: ${SQL_PASSWORD} - persistenceUnit: CommissioningMariaDb - topicParameterGroup: - topicSources: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - useHttps: true - fetchTimeout: 15000 - topicSinks: - - - topic: POLICY-CLRUNTIME-PARTICIPANT - servers: - - ${topicServer:message-router} - topicCommInfrastructure: dmaap - useHttps: true - -management: - endpoints: - web: - exposure: - include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml deleted file mode 100644 index 43cea65306..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - /var/log/onap/policy/pap/error.log - - /var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - WARN - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/pap/debug.log - - /var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/policy-clamp-cl-runtime/network.log - - /var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n - - - - - - - - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml deleted file mode 100644 index 66c096d439..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -{{- with .Files.Glob "resources/config/*store" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml deleted file mode 100644 index 92e5c9e6c8..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: RUNTIME_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - - name: RUNTIME_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: cl-runtime-config - - mountPath: /config - name: cl-runtime-config-processed - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"] -{{- else }} - command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"] - args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-runtime-config-processed - resources: -{{ include "common.resources" . }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: cl-runtime-config - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: cl-runtime-config-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml deleted file mode 100644 index abbfa3fdba..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml deleted file mode 100644 index be2449f890..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml deleted file mode 100644 index 59d7d313a8..0000000000 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml +++ /dev/null @@ -1,154 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - persistence: {} - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - - uid: runtime-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' - login: '{{ .Values.config.policyAppUserName }}' - password: '{{ .Values.config.policyAppUserPassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-cl-runtime-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/policy-clamp-cl-runtime:6.2.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - policyAppUserName: runtimeUser - policyAppUserPassword: none - -db: - user: policy_user - password: policy_user - service: - name: policy-mariadb - internalPort: 3306 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 20 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: http-api - -readiness: - initialDelaySeconds: 20 - periodSeconds: 10 - port: http-api - -service: - type: ClusterIP - name: policy-clamp-cl-runtime - useNodePortExt: true - ports: - - name: http-api - port: 6969 - nodePort: 42 - -ingress: - enabled: false - -flavor: small -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 100m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 200m - memory: 2Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: policy-clamp-cl-runtime - roles: - - read diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml new file mode 100644 index 0000000000..90e9293f56 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -0,0 +1,38 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Modifications Copyright © 2021 Orange +# Modifications Copyright © 2021-2022 Nordix Foundation +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop Runtime +name: policy-clamp-runtime-acm +version: 10.0.0 + +dependencies: + - name: common + version: ~10.x-0 + repository: '@local' + - name: certInitializer + version: ~10.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~10.x-0 + repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml new file mode 100644 index 0000000000..2b52a2b892 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -0,0 +1,88 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RUNTIME_USER} + password: ${RUNTIME_PASSWORD} + http: + converters: + preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm + driverClassName: org.mariadb.jdbc.Driver + username: ${SQL_USER} + password: ${SQL_PASSWORD} + hikari: + connectionTimeout: 30000 + idleTimeout: 600000 + maxLifetime: 1800000 + maximumPoolSize: 10 + jpa: + hibernate: + ddl-auto: update + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + format_sql: true + +security: + enable-csrf: false + +server: + port: 6969 + servlet: + context-path: /onap/policy/clamp/acm + error: + path: /error + + +runtime: + participantParameters: + heartBeatMs: 120000 + maxMessageAgeMs: 600000 + maxStatusWaitMs: 100000 + updateParameters: + maxRetryCount: 3 + maxWaitMs: 100000 + topicParameterGroup: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + fetchTimeout: 15000 + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml new file mode 100644 index 0000000000..206b19b049 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pap/error.log + + /var/log/onap/policy/policy-clamp-runtime-acm/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pap/debug.log + + /var/log/onap/policy/policy-clamp-runtime-acm/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/policy-clamp-runtime-acm/network.log + + /var/log/onap/policy/policy-clamp-runtime-acm/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml new file mode 100644 index 0000000000..66c096d439 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml new file mode 100644 index 0000000000..e302704201 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -0,0 +1,131 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RUNTIME_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} + - name: RUNTIME_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: ac-runtime-config + - mountPath: /config + name: ac-runtime-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-runtime-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-runtime-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-runtime-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/secrets.yaml new file mode 100644 index 0000000000..abbfa3fdba --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/service.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/service.yaml new file mode 100644 index 0000000000..be2449f890 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml new file mode 100644 index 0000000000..1b571fc502 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -0,0 +1,154 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: runtime-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-runtime-acm-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-runtime-acm:6.2.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + policyAppUserName: runtimeUser + policyAppUserPassword: none + +db: + user: policy_user + password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-runtime-acm + useNodePortExt: true + ports: + - name: http-api + port: 6969 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-runtime-acm + roles: + - read diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 787ec0adbe..866d422c14 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -19,7 +19,7 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; -for db in migration pooling policyadmin policyclamp operationshistory controlloop +for db in migration pooling policyadmin policyclamp operationshistory clampacm do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 77d3c3f83e..759ba56b02 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2021-2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -98,18 +98,18 @@ policy-clamp-be: db: *dbSecretsHook config: appUserExternalSecret: *policyAppCredsSecret -policy-clamp-cl-k8s-ppnt: +policy-clamp-ac-k8s-ppnt: enabled: true -policy-clamp-cl-pf-ppnt: +policy-clamp-ac-pf-ppnt: enabled: true restServer: apiUserExternalSecret: *policyApiCredsSecret papUserExternalSecret: *policyPapCredsSecret -policy-clamp-cl-http-ppnt: +policy-clamp-ac-http-ppnt: enabled: true policy-nexus: enabled: false -policy-clamp-cl-runtime: +policy-clamp-runtime-acm: enabled: true db: *dbSecretsHook config: -- cgit 1.2.3-korg