From 010965911185b9a1ef2008246fabc37f193baf2b Mon Sep 17 00:00:00 2001 From: jhh Date: Wed, 4 Sep 2019 07:47:25 -0500 Subject: refactor drools chart to allow customizations - move some values out of .conf files to values to avoid building the chart when deploying policy (drools). - move credentials to a single secret file, this is precursor work to deal with confidential info in a better way in future releases. - delete unused files. - generify mounting of configmaps/secrets as volumes to avoid explicitly having to modify statefulset.yaml. - update amsterdam controller with latest version in nexus at container instantiation. - update to the latest released drools image. Issue-ID: POLICY-1371 Signed-off-by: jhh Change-Id: I1497b61cd210ac4c00b957c2832de5acd01ea4d2 Signed-off-by: jhh --- .../config/opt/policy/config/drools/base.conf | 118 --------------------- .../config/drools/feature-pooling-dmaap.conf | 16 --- .../config/drools/keys/feature-healthcheck.conf | 16 --- .../opt/policy/config/drools/keys/policy-keystore | Bin 5640 -> 0 bytes .../policy/config/drools/policy-management.conf | 19 ---- .../drools/resources/configmaps/amsterdam.pre.sh | 21 ++++ .../charts/drools/resources/configmaps/base.conf | 92 ++++++++++++++++ .../configmaps/feature-pooling-dmaap.conf | 16 +++ .../drools/resources/configmaps/status.post.sh | 20 ++++ .../resources/scripts/update-vfw-op-policy.sh | 107 ------------------- .../drools/resources/secrets/credentials.conf | 56 ++++++++++ .../policy/charts/drools/templates/NOTES.txt | 33 ------ .../policy/charts/drools/templates/configmap.yaml | 2 +- .../policy/charts/drools/templates/secrets.yaml | 8 +- .../charts/drools/templates/statefulset.yaml | 30 +++--- kubernetes/policy/charts/drools/values.yaml | 66 +++++++++++- 16 files changed, 288 insertions(+), 332 deletions(-) delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore delete mode 100644 kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf create mode 100644 kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh create mode 100644 kubernetes/policy/charts/drools/resources/configmaps/base.conf create mode 100644 kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf create mode 100644 kubernetes/policy/charts/drools/resources/configmaps/status.post.sh delete mode 100644 kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh create mode 100644 kubernetes/policy/charts/drools/resources/secrets/credentials.conf delete mode 100644 kubernetes/policy/charts/drools/templates/NOTES.txt (limited to 'kubernetes/policy') diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf deleted file mode 100644 index e7c6928b0a..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM options - -JVM_OPTIONS=-server -Xms1024m -Xmx2048m - -# SYSTEM software configuration - -POLICY_HOME=/opt/app/policy -POLICY_LOGS=/var/log/onap/policy/pdpd -JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap - -# Telemetry credentials - -TELEMETRY_PORT=9696 -TELEMETRY_HOST=0.0.0.0 -TELEMETRY_USER=demo@people.osaaf.org -TELEMETRY_PASSWORD=demo123456! - -# nexus repository - -SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ -RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ -REPOSITORY_USERNAME=admin -REPOSITORY_PASSWORD=admin123 - -# Relational (SQL) DB access - -SQL_HOST={{.Values.global.mariadb.nameOverride}} -SQL_USER=policy_user -SQL_PASSWORD=policy_user - -# AAF - -AAF=true -AAF_NAMESPACE=org.onap.policy -AAF_HOST=aaf-locate.{{.Release.Namespace}} - -# PDP-D DMaaP configuration channel - -PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION -PDPD_CONFIGURATION_SERVERS=message-router -PDPD_CONFIGURATION_API_KEY= -PDPD_CONFIGURATION_API_SECRET= -PDPD_CONFIGURATION_CONSUMER_GROUP= -PDPD_CONFIGURATION_CONSUMER_INSTANCE= -PDPD_CONFIGURATION_PARTITION_KEY= - -# PAP-PDP configuration channel - -POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP -POLICY_PDP_PAP_API_KEY= -POLICY_PDP_PAP_API_SECRET= - -# PAP - -PAP_HOST=policy-pap -PAP_USERNAME=healthcheck -PAP_PASSWORD=zb!XztG34 - -# PDP-X - -PDP_HOST=policy-xacml-pdp -PDP_USERNAME=healthcheck -PDP_PASSWORD=zb!XztG34 -PDP_CLIENT_USERNAME=python -PDP_CLIENT_PASSWORD=test -PDP_ENVIRONMENT=TEST - -# DCAE DMaaP - -DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT -DCAE_SERVERS=message-router -DCAE_CONSUMER_GROUP=dcae.policy.shared - -# Open DMaaP - -DMAAP_SERVERS=message-router - -# AAI - -AAI_URL=https://aai.{{.Release.Namespace}}:8443 -AAI_USERNAME=policy@policy.onap.org -AAI_PASSWORD=demo123456! - -# MSO - -SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra -SO_USERNAME=InfraPortalClient -SO_PASSWORD=password1$ - -# VFC - -VFC_URL= -VFC_USERNAME= -VFC_PASSWORD= - -# SDNC - -SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations -SDNC_USERNAME=admin -SDNC_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf deleted file mode 100644 index 7b95e79b4d..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2018 AT&T Intellectual Property. All rights reserved -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -POOLING_TOPIC=POOLING diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf deleted file mode 100644 index 20d8298472..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -HEALTHCHECK_USER=demo@people.osaaf.org -HEALTHCHECK_PASSWORD=demo123456! diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore deleted file mode 100644 index ab25c3a341..0000000000 Binary files a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore and /dev/null differ diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf deleted file mode 100644 index c2ccefe4e3..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -CONTROLLER_ARTIFACT_ID=policy-management -CONTROLLER_NAME=policy-management-controller -CONTROLLER_PORT=9696 -RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT -UEB_TOPIC=policyengine-develop diff --git a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh new file mode 100644 index 0000000000..5949db4dc4 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + + +docker-entrypoint.sh nexus \ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/charts/drools/resources/configmaps/base.conf new file mode 100644 index 0000000000..ba39b0b5ad --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/base.conf @@ -0,0 +1,92 @@ +# Copyright © 2017-2018 Amdocs, Bell Canada. +# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# JVM options + +JVM_OPTIONS={{.Values.server.jvmOpts}} + +# SYSTEM software configuration + +POLICY_HOME=/opt/app/policy +POLICY_LOGS=/var/log/onap/policy/pdpd +JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk + +# Telemetry credentials + +TELEMETRY_PORT=9696 +TELEMETRY_HOST=0.0.0.0 + +# nexus repository + +SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots +SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +RELEASE_REPOSITORY_ID=policy-nexus-releases +RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ + +# Relational (SQL) DB access + +SQL_HOST={{.Values.global.mariadb.nameOverride}} + +# AAF + +AAF={{.Values.aaf.enabled}} +AAF_NAMESPACE=org.onap.policy +AAF_HOST=aaf-locate.{{.Release.Namespace}} + +# PDP-D DMaaP configuration channel + +PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION +PDPD_CONFIGURATION_SERVERS=message-router +PDPD_CONFIGURATION_CONSUMER_GROUP= +PDPD_CONFIGURATION_CONSUMER_INSTANCE= +PDPD_CONFIGURATION_PARTITION_KEY= + +# PAP-PDP configuration channel + +POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP + +# PAP + +PAP_HOST=policy-pap + +# PDP-X + +PDP_HOST=policy-xacml-pdp + +# DCAE DMaaP + +DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT +DCAE_SERVERS=message-router +DCAE_CONSUMER_GROUP=dcae.policy.shared + +# Open DMaaP + +DMAAP_SERVERS=message-router + +# AAI + +AAI_URL=https://aai.{{.Release.Namespace}}:8443 + +# MSO + +SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra + +# VFC + +VFC_URL= + +# SDNC + +SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf new file mode 100644 index 0000000000..44d0bf18ce --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf @@ -0,0 +1,16 @@ +# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +POOLING_TOPIC=POOLING diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh new file mode 100644 index 0000000000..e2d7381689 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +policy status diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh deleted file mode 100644 index ff7a64bdb9..0000000000 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash - -if [ "$#" -ne 4 ]; then - echo "Usage: $(basename $0) " - exit 1 -fi - -K8S_HOST=$1 -POLICY_PDP_PORT=$2 -POLICY_DROOLS_PORT=$3 -RESOURCE_ID=$4 - -echo -echo -echo "Removing the vFW Policy from PDP.." -echo -echo - -curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyComponent" : "PDP", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy - -sleep 20 - -echo - -echo -echo "Updating vFW Operational Policy .." -echo - -curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller": "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy - -sleep 5 - -echo -echo -echo "Pushing the vFW Policy .." -echo -echo - -curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy - -sleep 20 - -echo -echo -echo "Restarting PDP-D .." -echo -echo - -POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools) -kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" - -sleep 20 - -echo -echo -echo "PDP-D amsterdam maven coordinates .." -echo -echo - -curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool - - -echo -echo -echo "PDP-D control loop updated .." -echo -echo - -curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf new file mode 100644 index 0000000000..36d3c3b376 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -0,0 +1,56 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +KEYSTORE_PASSWD={{.Values.keystore.password}} +TRUSTSTORE_PASSWD={{.Values.truststore.password}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +SQL_USER={{.Values.db.user}} +SQL_PASSWORD={{.Values.db.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} diff --git a/kubernetes/policy/charts/drools/templates/NOTES.txt b/kubernetes/policy/charts/drools/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/drools/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/charts/drools/templates/configmap.yaml index 1f9503130c..7daf473db2 100644 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/charts/drools/templates/configmap.yaml @@ -19,4 +19,4 @@ metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index e21084fe5d..31ba543c0e 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }} type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index beacbabd06..bb21ae14aa 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -78,15 +78,16 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-secret - subPath: feature-healthcheck.conf - - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf - name: drools-config - subPath: feature-pooling-dmaap.conf - - mountPath: /tmp/policy-install/config/base.conf + subPath: {{ base $path }} + {{- end }} + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-config - subPath: base.conf + subPath: {{ base $path }} + {{- end }} - mountPath: /var/log/onap name: policy-logs resources: @@ -125,18 +126,19 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap items: - - key: base.conf - path: base.conf - mode: 0755 - - key: feature-pooling-dmaap.conf - path: feature-pooling-dmaap.conf + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0755 + {{- end }} - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret items: - - key: feature-healthcheck.conf - path: feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0644 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 21f9169462..74e0fe8e1c 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -23,21 +23,18 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.1 +image: onap/policy-pdpd-cl:1.5.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - nexusPort: 8081 - # default number of instances replicaCount: 1 @@ -71,6 +68,65 @@ service: ingress: enabled: false +# Default installation values to be overridden + +server: + jvmOpts: -server -Xms1024m -Xmx2048m + +aaf: + enabled: "true" + +keystore: + password: Pol1cy_0nap + +truststore: + password: Pol1cy_0nap + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + nexus: admin + password: admin123 + port: 8081 + +db: + user: policy_user + password: policy_user + +pap: + user: healthcheck + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) -- cgit 1.2.3-korg