From d425867ae1c52a9b31a06f1dea8810c1c7a0af65 Mon Sep 17 00:00:00 2001 From: jhh Date: Sun, 9 Aug 2020 12:08:08 -0500 Subject: [POLICY] certInit support + refactoring Several changes are including in this patch: - certInitializer support (POLICY-2615, REQ-361) - renamed policy objects to start with "policy-" prefix (POLICY-1000) - add resources section to components that did not have or had it incorrectly set up rendering null (POLICY-2502) - Removal of legacy policy-engine components (POLICY-2743) - Miscellaneous refactoring of charts (POLICY-2745) - update pdp legacy reference to policy-xacml-pdp from pdp (legacy) Issue-ID: POLICY-2615 Signed-off-by: jhh Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7 Signed-off-by: jhh --- .../policy/components/policy-nexus/Chart.yaml | 19 +++++ .../components/policy-nexus/requirements.yaml | 22 +++++ .../policy-nexus/templates/deployment.yaml | 96 +++++++++++++++++++++ .../components/policy-nexus/templates/pv.yaml | 41 +++++++++ .../components/policy-nexus/templates/pvc.yaml | 40 +++++++++ .../components/policy-nexus/templates/service.yaml | 40 +++++++++ .../policy/components/policy-nexus/values.yaml | 99 ++++++++++++++++++++++ 7 files changed, 357 insertions(+) create mode 100755 kubernetes/policy/components/policy-nexus/Chart.yaml create mode 100755 kubernetes/policy/components/policy-nexus/requirements.yaml create mode 100755 kubernetes/policy/components/policy-nexus/templates/deployment.yaml create mode 100755 kubernetes/policy/components/policy-nexus/templates/pv.yaml create mode 100755 kubernetes/policy/components/policy-nexus/templates/pvc.yaml create mode 100755 kubernetes/policy/components/policy-nexus/templates/service.yaml create mode 100755 kubernetes/policy/components/policy-nexus/values.yaml (limited to 'kubernetes/policy/components/policy-nexus') diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml new file mode 100755 index 0000000000..09103ed352 --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Policy Nexus +name: policy-nexus +version: 6.0.0 diff --git a/kubernetes/policy/components/policy-nexus/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml new file mode 100755 index 0000000000..d3c442d32e --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml new file mode 100755 index 0000000000..95b4cb187f --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -0,0 +1,96 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: ["sh", "-c", "chown -R 200:200 /share"] + image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-init + volumeMounts: + - mountPath: /share + name: nexus-data + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.externalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.service.externalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /sonatype-work + name: nexus-data + resources: +{{- if eq .Values.resources.flavor "large" }} +{{ toYaml .Values.resources.large | indent 12 }} +{{- else }} +{{ toYaml .Values.resources.small | indent 12 }} +{{- end -}} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: nexus-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-nexus/templates/pv.yaml b/kubernetes/policy/components/policy-nexus/templates/pv.yaml new file mode 100755 index 0000000000..62e66f1602 --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/templates/pv.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/policy/components/policy-nexus/templates/pvc.yaml b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml new file mode 100755 index 0000000000..1cadcc51d5 --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end -}} diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml new file mode 100755 index 0000000000..7883651a2e --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml @@ -0,0 +1,40 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml new file mode 100755 index 0000000000..126c4d38ac --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -0,0 +1,99 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + ubuntuInitRepository: oomk8s + ubuntuInitImage: ubuntu-init:1.0.0 + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: sonatype/nexus:2.14.13-01 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 180 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + path: /nexus/service/local/status + +service: + type: ClusterIP + name: policy-nexus + portName: policy-nexus + externalPort: 8081 + internalPort: 8081 + nodePort: 36 + +ingress: + enabled: false + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: policy/nexus/data + +# Segregation for Different environment (Small and Large) +# Resource Limit flavor - By Default using small +resources: + flavor: small + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1m + memory: 0.5Gi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 2m + memory: 1Gi + unlimited: {} -- cgit 1.2.3-korg