From d425867ae1c52a9b31a06f1dea8810c1c7a0af65 Mon Sep 17 00:00:00 2001 From: jhh Date: Sun, 9 Aug 2020 12:08:08 -0500 Subject: [POLICY] certInit support + refactoring Several changes are including in this patch: - certInitializer support (POLICY-2615, REQ-361) - renamed policy objects to start with "policy-" prefix (POLICY-1000) - add resources section to components that did not have or had it incorrectly set up rendering null (POLICY-2502) - Removal of legacy policy-engine components (POLICY-2743) - Miscellaneous refactoring of charts (POLICY-2745) - update pdp legacy reference to policy-xacml-pdp from pdp (legacy) Issue-ID: POLICY-2615 Signed-off-by: jhh Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7 Signed-off-by: jhh --- kubernetes/policy/charts/policy-api/Chart.yaml | 22 --- .../policy/charts/policy-api/requirements.yaml | 22 --- .../charts/policy-api/resources/config/config.json | 69 --------- .../charts/policy-api/resources/config/logback.xml | 159 --------------------- .../charts/policy-api/templates/configmap.yaml | 32 ----- .../charts/policy-api/templates/deployment.yaml | 111 -------------- .../charts/policy-api/templates/secrets.yaml | 15 -- .../charts/policy-api/templates/service.yaml | 43 ------ kubernetes/policy/charts/policy-api/values.yaml | 93 ------------ 9 files changed, 566 deletions(-) delete mode 100644 kubernetes/policy/charts/policy-api/Chart.yaml delete mode 100644 kubernetes/policy/charts/policy-api/requirements.yaml delete mode 100644 kubernetes/policy/charts/policy-api/resources/config/config.json delete mode 100644 kubernetes/policy/charts/policy-api/resources/config/logback.xml delete mode 100644 kubernetes/policy/charts/policy-api/templates/configmap.yaml delete mode 100644 kubernetes/policy/charts/policy-api/templates/deployment.yaml delete mode 100644 kubernetes/policy/charts/policy-api/templates/secrets.yaml delete mode 100644 kubernetes/policy/charts/policy-api/templates/service.yaml delete mode 100644 kubernetes/policy/charts/policy-api/values.yaml (limited to 'kubernetes/policy/charts/policy-api') diff --git a/kubernetes/policy/charts/policy-api/Chart.yaml b/kubernetes/policy/charts/policy-api/Chart.yaml deleted file mode 100644 index 021263a1fc..0000000000 --- a/kubernetes/policy/charts/policy-api/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v1 -description: ONAP Policy Design API -name: policy-api -version: 6.0.0 diff --git a/kubernetes/policy/charts/policy-api/requirements.yaml b/kubernetes/policy/charts/policy-api/requirements.yaml deleted file mode 100644 index f70a3630c3..0000000000 --- a/kubernetes/policy/charts/policy-api/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json deleted file mode 100644 index fba7e6ce12..0000000000 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ /dev/null @@ -1,69 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -{ - "name":"ApiGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":6969, - "userName":"${RESTSERVER_USER}", - "password":"${RESTSERVER_PASSWORD}", - "https": true, - "aaf": false - }, - "databaseProviderParameters": { - "name": "PolicyProviderParameterGroup", - "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", - "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", - "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD_BASE64}", - "persistenceUnit": "PolicyMariaDb" - }, - "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", - "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", - "policytypes/onap.policies.Optimization.yaml", - "policytypes/onap.policies.optimization.Resource.yaml", - "policytypes/onap.policies.optimization.Service.yaml", - "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml", - "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml", - "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml", - "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml", - "policytypes/onap.policies.optimization.resource.PciPolicy.yaml", - "policytypes/onap.policies.optimization.service.QueryPolicy.yaml", - "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml", - "policytypes/onap.policies.optimization.resource.Vim_fit.yaml", - "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml", - "policytypes/onap.policies.controlloop.guard.Common.yaml", - "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", - "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", - "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", - "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.controlloop.Operational.yaml", - "policytypes/onap.policies.Naming.yaml", - "policytypes/onap.policies.native.Drools.yaml", - "policytypes/onap.policies.native.Xacml.yaml", - "policytypes/onap.policies.native.Apex.yaml", - "policytypes/onap.policies.controlloop.operational.Common.yaml", - "policytypes/onap.policies.controlloop.operational.common.Apex.yaml", - "policytypes/onap.policies.controlloop.operational.common.Drools.yaml" - ], - "preloadPolicies" : [ - "policies/sdnc.policy.naming.input.tosca.yaml" - ] -} diff --git a/kubernetes/policy/charts/policy-api/resources/config/logback.xml b/kubernetes/policy/charts/policy-api/resources/config/logback.xml deleted file mode 100644 index 4b73633f26..0000000000 --- a/kubernetes/policy/charts/policy-api/resources/config/logback.xml +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - /var/log/onap/policy/api/error.log - - /var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - WARN - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/api/debug.log - - /var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n - - - - - - - - - /var/log/onap/policy/api/network.log - - /var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n - - - - - - - - - /var/log/onap/policy/api/metric.log - - /var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - %X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n - - - - - - - - - /var/log/onap/policy/api/audit.log - - /var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip - - 50MB - 30 - 10GB - - - %X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n - - - - - - - - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/charts/policy-api/templates/configmap.yaml deleted file mode 100644 index e2a3de7756..0000000000 --- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} -{{- with .Files.Glob "resources/config/*store" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml deleted file mode 100644 index f8da461fb4..0000000000 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.release" . }}-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - - command: - - sh - args: - - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} - - name: RESTSERVER_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} - - name: RESTSERVER_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }} - volumeMounts: - - mountPath: /config-input - name: apiconfig - - mountPath: /config - name: apiconfig-processed - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/opt/app/policy/api/bin/policy-api.sh"] - args: ["/opt/app/policy/api/etc/mounted/config.json"] - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/policy/api/etc/mounted - name: apiconfig-processed - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: apiconfig - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: apiconfig-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-api/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-api/templates/service.yaml b/kubernetes/policy/charts/policy-api/templates/service.yaml deleted file mode 100644 index fba02c84b9..0000000000 --- a/kubernetes/policy/charts/policy-api/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml deleted file mode 100644 index 35700d9f9c..0000000000 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ /dev/null @@ -1,93 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 304 - persistence: {} - envsubstImage: dibi/envsubst - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: restserver-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' - login: '{{ .Values.restServer.user }}' - password: '{{ .Values.restServer.password }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -db: - user: policy_user - password: policy_user -restServer: - user: healthcheck - password: zb!XztG34 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 20 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 20 - periodSeconds: 10 - -service: - type: ClusterIP - name: policy-api - portName: policy-api - externalPort: 6969 - internalPort: 6969 - nodePort: 40 - -ingress: - enabled: false - -resources: {} -- cgit 1.2.3-korg