From 6910bbe1e3f2e44e5e100b8fec34a6da8b8eb231 Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 3 Mar 2023 14:53:16 +0000 Subject: [POLICY-PPNT] Move policy-clamp-ppnt use case to use strimzi kafka Move acm to use strimzi common templates Enabled kafka by default for acm ppnts Update relevant config params Signed-off-by: efiacor Change-Id: Ia23970e59f4ddaa83a07d224293b0155e28d0ab2 Issue-ID: DMAAP-1857 --- .../components/policy-clamp-runtime-acm/Chart.yaml | 3 + .../resources/config/acRuntimeParameters.yaml | 79 +++++++++------------- .../templates/deployment.yaml | 16 +++-- .../templates/kafkatopic.yaml | 18 +++++ .../templates/kafkauser.yaml | 18 +++++ .../policy-clamp-runtime-acm/values.yaml | 63 +++++++++-------- 6 files changed, 115 insertions(+), 82 deletions(-) create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml create mode 100644 kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml (limited to 'kubernetes/policy/components/policy-clamp-runtime-acm') diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 12578aba5c..e08bd4d490 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -36,3 +36,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 4a2bcf3684..e9adad70cb 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,18 +44,6 @@ spring: hibernate: dialect: org.hibernate.dialect.MariaDB103Dialect format_sql: true - kafka: - consumer: - group-id: {{ .Values.config.kafka.consumer.groupId }} -{{- if .Values.config.useStrimziKafka }} - bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 - security.protocol: SASL_PLAINTEXT - properties.sasl: - mechanism: SCRAM-SHA-512 - jaas.config: ${JAASLOGIN} -{{ else }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -69,7 +57,6 @@ server: ssl: enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} - runtime: participantParameters: heartBeatMs: 120000 @@ -81,45 +68,43 @@ runtime: topicParameterGroup: topicSources: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" - fetchTimeout: 15000 + servers: + - ${topicServer:message-router} + {{ end }} topicSinks: - - topic: POLICY-ACRUNTIME-PARTICIPANT + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka servers: - - ${topicServer:message-router} + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} topicCommInfrastructure: dmaap - useHttps: "false" - -# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below -# topicParameterGroup: -# topicSources: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# fetchTimeout: 15000 -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} -# topicSinks: -# - -# topic: policy-acruntime-participant -# servers: -# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 -# topicCommInfrastructure: kafka -# useHttps: true -# additionalProps: -# security.protocol: SASL_PLAINTEXT -# sasl.mechanism: SCRAM-SHA-512 -# sasl.jaas.config: ${JAASLOGIN} + servers: + - ${topicServer:message-router} + {{ end }} management: endpoints: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index bc11e38fe1..5ec20ca7a3 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,6 +28,9 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- end }} - command: - /app/ready.py args: @@ -41,7 +44,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-galera-config-readiness - command: - sh args: @@ -56,9 +59,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} -{{- if .Values.config.useStrimziKafka }} - - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml new file mode 100644 index 0000000000..5601154ddd --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkatopic.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkatopic" . }} +{{ end }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml new file mode 100644 index 0000000000..92184b8e85 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index cefe3651f1..e35a6c00a8 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,12 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true + aafEnabled: false + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -50,13 +55,6 @@ secrets: login: '{{ .Values.config.policyAppUserName }}' password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate certStores: keyStorePassword: Pol1cy_0nap @@ -88,6 +86,8 @@ certInitializer: image: onap/policy-clamp-runtime-acm:6.4.1 pullPolicy: Always +componentName: &componentName policy-clamp-runtime-acm + # flag to enable debugging - application support required debugEnabled: false @@ -95,31 +95,26 @@ debugEnabled: false config: policyAppUserName: runtimeUser policyAppUserPassword: none - -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy.policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +kafkaTopic: + - name: *acRuntimeTopic + db: user: policy_user password: policy_user @@ -150,7 +145,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-runtime-acm + name: *componentName useNodePortExt: true ports: - name: http-api @@ -180,6 +175,14 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-clamp-runtime-acm + nameOverride: *componentName roles: - read + +readinessCheck: + wait_for: + - message-router + +wait_for_job_container: + containers: + - '{{ include "common.release" . }}-policy-galera-config' \ No newline at end of file -- cgit 1.2.3-korg