From ef208b0677fca2b5982c5a822c0aec188ffe72d8 Mon Sep 17 00:00:00 2001 From: "saul.gill" Date: Wed, 26 Apr 2023 16:16:05 +0100 Subject: [POLICY] Update docker images to latest versions The image versions in policy values.yaml files have been updated Added native configurable support in pap and api for strimzi Added configurable support in api and pap for postgres *** This commit is generated by a PF release script *** Issue-ID: POLICY-4648 Change-Id: Ia91ea4a8babc850d0854e299eb80541c1d38285d Signed-off-by: saul.gill --- .../policy/components/policy-apex-pdp/Chart.yaml | 3 + .../resources/config/OnapPfConfig.json | 46 +++++-- .../policy-apex-pdp/templates/deployment.yaml | 138 +++++++++++++++++++++ .../policy-apex-pdp/templates/kafkauser.yaml | 18 +++ .../policy-apex-pdp/templates/statefulset.yaml | 111 ----------------- .../policy/components/policy-apex-pdp/values.yaml | 25 +++- 6 files changed, 214 insertions(+), 127 deletions(-) create mode 100755 kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml delete mode 100755 kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml (limited to 'kubernetes/policy/components/policy-apex-pdp') diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index f7f0757558..29c9246ed9 100755 --- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 2fe354e2c0..3a38b88d56 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -8,7 +8,7 @@ "https": "false", "prometheus": true }, - "pdpStatusParameters":{ + "pdpStatusParameters": { "pdpGroup": "defaultGroup", "timeIntervalMs": 120000, "pdpType":"apex", @@ -25,18 +25,38 @@ ] }, "topicParameterGroup": { - "topicSources" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "fetchTimeout": 15000, - "topicCommInfrastructure" : "dmaap" + "topicSources": [{ + "topic": "${PAP_TOPIC}", + "useHttps": false, + "fetchTimeout": 15000, + "servers": [ "${KAFKA_URL}" ], +{{ if .Values.global.useStrimziKafkaPf }} + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id" : "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } +{{ else }} + "topicCommInfrastructure": "dmaap" +{{ end }} }], - "topicSinks" : [{ - "topic" : "POLICY-PDP-PAP", - "servers" : [ "message-router" ], - "useHttps" : "false", - "topicCommInfrastructure" : "dmaap" - }] + "topicSinks" : [{ + "topic": "${PAP_TOPIC}", + "useHttps": false, + "servers": [ "${KAFKA_URL}" ], +{{ if .Values.global.useStrimziKafkaPf }} + "topicCommInfrastructure": "kafka", + "additionalProps": { + "group.id" : "${GROUP_ID}", + "security.protocol": "SASL_PLAINTEXT", + "sasl.mechanism": "${SASL}", + "sasl.jaas.config": "${JAASLOGIN}" + } +{{ else }} + "topicCommInfrastructure": "dmaap" +{{ end }} + }] } } diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml new file mode 100755 index 0000000000..e68c9fd8d9 --- /dev/null +++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml @@ -0,0 +1,138 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright © 2022 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: +{{- if not .Values.global.useStrimziKafkaPf }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- end }} + - command: ["/bin/sh", "-cx"] +{{- if .Values.global.useStrimziKafkaPf }} + args: + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; + cd /config-input && for PFILE in `ls -1`; + do envsubst <${PFILE} >/config/${PFILE}; done +{{ else }} + args: + - cd /config-input && for PFILE in `ls -1`; + do envsubst <${PFILE} >/config/${PFILE}; done +{{ end }} + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafkaPf }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + - name: KAFKA_URL + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} +{{ else }} + - name: KAFKA_URL + value: message-router + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }} +{{- end }} + volumeMounts: + - mountPath: /config-input + name: apexconfig-input + - mountPath: /config + name: apexconfig + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: [ "/bin/sh", "-cx" ] + args: + - id apexuser; + cat /home/apexuser/config/OnapPfConfig.json; + /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: REPLICAS + value: "{{ .Values.replicaCount }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/log/onap + name: policy-logs + - mountPath: /home/apexuser/config + name: apexconfig + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: policy-logs + emptyDir: {} + - name: apexconfig-input + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: apexconfig + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml new file mode 100644 index 0000000000..d2fab9f535 --- /dev/null +++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafkaPf }} +{{ include "common.kafkauser" . }} +{{ end }} diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml deleted file mode 100755 index 6213fecb31..0000000000 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2020 AT&T Intellectual Property. -# Modifications Copyright © 2022 Nordix Foundation -# Modification (C) 2023 Deutsche Telekom. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: RESTSERVER_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - - name: RESTSERVER_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} -{{- end }} - volumeMounts: - - mountPath: /config-input - name: apexconfig-input - - mountPath: /config - name: apexconfig - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["sh","-c"] - args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] - ports: {{ include "common.containerPorts" . | nindent 12 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: REPLICAS - value: "{{ .Values.replicaCount }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /home/apexuser/config - name: apexconfig - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: policy-logs - emptyDir: {} - - name: apexconfig-input - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: apexconfig - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3ea694fb06..46eaca22e1 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -25,6 +25,7 @@ global: nodePortPrefix: 302 persistence: {} + useStrimziKafkaPf: set-via-parent-chart-global-value ################################################################# # Secrets metaconfig @@ -47,7 +48,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.9.1 +image: onap/policy-apex-pdp:2.9.2 pullPolicy: Always # flag to enable debugging - application support required @@ -139,11 +140,11 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafka: true + useStrimziKafkaPf: true kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: - groupId: policy-group + groupId: policy-apex app: listener: policyPdpPapTopic: policy-pdp-pap @@ -158,3 +159,21 @@ config: # # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-apex + type: group + operations: [Create, Describe, Read, Write] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-heartbeat + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + +readinessCheck: + wait_for: + - message-router -- cgit 1.2.3-korg