Add helm charts for distribution and http-ppnt in CSIT

Issue-ID: POLICY-4542 Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech> Change-Id: I18453af111dff7943c65c8b1113df0ded23b6f99
author: rameshiyer27 <ramesh.murugan.iyer@est.tech> 2023-03-07 01:32:28 +0000
committer: rameshiyer27 <ramesh.murugan.iyer@est.tech> 2023-03-07 15:03:44 +0000
commit: d8f918033221270c1ec4423b36c010da8464c401 (patch)
tree: 96c4b5db631594ec79de59e24e8338639293f95a
parent: 6f8e0a9588483cf4f7abd231c704f7fd84070147 (diff)
25 files changed, 1410 insertions, 4 deletions
diff --git a/csit/resources/scripts/run-test.sh b/csit/resources/scripts/run-test.sh
index 4af5879f..6286e9cf 100755
--- a/csit/resources/scripts/run-test.sh
+++ b/csit/resources/scripts/run-test.sh
@@ -32,16 +32,19 @@ POLICY_PAP_IP=policy-pap:${DEFAULT_PORT}
 APEX_IP=policy-apex-pdp:${DEFAULT_PORT}
 POLICY_PDPX_IP=policy-xacml-pdp:${DEFAULT_PORT}
 POLICY_DROOLS_IP=policy-drools-pdp:9696
-
+DISTRIBUTION_IP=policy-distribution:6969
 DMAAP_IP=message-router:3904
 APEX_EVENTS_IP=policy-apex-pdp:23324
 PROMETHEUS_IP=prometheus:9090
 
+DIST_TEMP_FOLDER=/tmp/distribution
+
 export ROBOT_VARIABLES=
 ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_API_IP:$POLICY_API_IP
 -v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP
 -v APEX_EVENTS_IP:$APEX_EVENTS_IP -v DMAAP_IP:$DMAAP_IP -v PROMETHEUS_IP:${PROMETHEUS_IP}
--v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP"
+-v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP -v TEMP_FOLDER:${DIST_TEMP_FOLDER}
+-v DISTRIBUTION_IP:$DISTRIBUTION_IP"
 
 echo "Run Robot test"
 echo ROBOT_VARIABLES="${ROBOT_VARIABLES}"
diff --git a/csit/run-k8s-csit.sh b/csit/run-k8s-csit.sh
index d84f7318..a987c112 100755
--- a/csit/run-k8s-csit.sh
+++ b/csit/run-k8s-csit.sh
@@ -34,12 +34,17 @@ POLICY_PAP_ROBOT="pap-test.robot"
 POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot"
 POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot"
 POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot"
+POLICY_DISTRIBUTION_ROBOT="distribution-test.robot"
 POLICY_API_CONTAINER="policy-api"
 POLICY_PAP_CONTAINER="policy-pap"
 POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm"
 POLICY_APEX_CONTAINER="policy-apex-pdp"
 POLICY_DROOLS_CONTAINER="policy-drools-pdp"
 POLICY_XACML_CONTAINER="policy-xacml-pdp"
+POLICY_DISTRIBUTION_CONTAINER="policy-distribution"
+
+DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar
+DIST_TEMP_FOLDER=/tmp/distribution
 
 export PROJECT=""
 export ROBOT_FILE=""
@@ -89,6 +94,9 @@ function build_robot_image () {
     echo "Build docker image for robot framework"
     cd ${WORKSPACE}/csit/resources || exit;
     clone_models
+    if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then
+      copy_csar_file
+    fi
     echo "Build robot framework docker image"
     docker login -u docker -p docker nexus3.onap.org:10001
     docker build . --file Dockerfile \
@@ -145,6 +153,15 @@ function clone_models () {
         >tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json
 }
 
+function copy_csar_file () {
+  zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \
+    --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q
+  # Remake temp directory
+  sudo rm -rf "${DIST_TEMP_FOLDER}"
+  sudo mkdir "${DIST_TEMP_FOLDER}"
+  sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar  ${DISTRIBUTION_CSAR}/temp.csar
+  sudo mv ${DISTRIBUTION_CSAR}/temp.csar  ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar
+}
 
 function get_robot_file () {
   case $PROJECT in
@@ -179,6 +196,12 @@ function get_robot_file () {
     export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER)
     ;;
 
+  distribution | policy-distribution)
+    export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT)
+    export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,
+    $POLICY_DISTRIBUTION_CONTAINER)
+    ;;
+
   *)
     echo "unknown project supplied"
     ;;
diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml
index 4f88647e..d7a12da3 100755
--- a/helm/policy/Chart.yaml
+++ b/helm/policy/Chart.yaml
@@ -57,3 +57,11 @@ dependencies:
     version: ~11.x-0
     repository: 'file://components/policy-xacml-pdp'
     condition: policy-xacml-pdp.enabled
+  - name: policy-distribution
+    version: ~11.x-0
+    repository: 'file://components/policy-distribution'
+    condition: policy-distribution.enabled
+  - name: policy-clamp-ac-http-ppnt
+    version: ~11.x-0
+    repository: 'file://components/policy-clamp-ac-http-ppnt'
+    condition: policy-clamp-ac-http-ppnt.enabled
diff --git a/helm/policy/components/mariadb-galera/values.yaml b/helm/policy/components/mariadb-galera/values.yaml
index d2a54a41..8fce8809 100644
--- a/helm/policy/components/mariadb-galera/values.yaml
+++ b/helm/policy/components/mariadb-galera/values.yaml
@@ -323,7 +323,7 @@ mariadbConfiguration: |-
 
 ## Desired number of cluster nodes
 ##
-replicaCount: 3
+replicaCount: 1
 
 ## updateStrategy for MariaDB Master StatefulSet
 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
new file mode 100644
index 00000000..480b3782
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
@@ -0,0 +1,22 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp ACM Http Participant
+name: policy-clamp-ac-http-ppnt
+version: 11.0.0
+\ No newline at end of file
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
new file mode 100644
index 00000000..ffa2bcce
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -0,0 +1,104 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+spring:
+  autoconfigure:
+    exclude: >
+      org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+      org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+      org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+  security:
+    user:
+      name: ${RESTSERVER_USER}
+      password: ${RESTSERVER_PASSWORD}
+{{- if .Values.config.useStrimziKafka }}
+  kafka:
+    consumer:
+      group-id: {{ .Values.config.kafka.consumer.groupId }}
+    bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+    security.protocol: SASL_PLAINTEXT
+    properties.sasl:
+      mechanism: SCRAM-SHA-512
+      jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+  enable-csrf: false
+
+participant:
+  intermediaryParameters:
+    reportingTimeIntervalMs: 120000
+    description: Participant Description
+    participantId:
+      name: HttpParticipant0
+      version: 1.0.0
+    participantType:
+      name: org.onap.policy.clamp.acm.HttpParticipant
+      version: 2.3.4
+    clampAutomationCompositionTopics:
+      topicSources:
+        - topic: POLICY-ACRUNTIME-PARTICIPANT
+          servers:
+            - ${topicServer:message-router}
+          topicCommInfrastructure: dmaap
+          fetchTimeout: 15000
+          useHttps: false
+      topicSinks:
+        - topic: POLICY-ACRUNTIME-PARTICIPANT
+          servers:
+            - ${topicServer:message-router}
+          topicCommInfrastructure: dmaap
+          useHttps: false
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+#    clampAutomationCompositionTopics:
+#      topicSources:
+#        - topic: policy-acruntime-participant
+#          servers:
+#            - {{ .Values.config.kafkaBootstrap }}:9092
+#          topicCommInfrastructure: kafka
+#          fetchTimeout: 15000
+#          useHttps: true
+#          additionalProps:
+#            security.protocol: SASL_PLAINTEXT
+#            sasl.mechanism: SCRAM-SHA-512
+#            sasl.jaas.config: ${JAASLOGIN}
+#      topicSinks:
+#        - topic: policy-acruntime-participant
+#          servers:
+#            - {{ .Values.config.kafkaBootstrap }}:9092
+#          topicCommInfrastructure: kafka
+#          useHttps: true
+#          additionalProps:
+#            security.protocol: SASL_PLAINTEXT
+#            sasl.mechanism: SCRAM-SHA-512
+#            sasl.jaas.config: ${JAASLOGIN}
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health, metrics, prometheus
+server:
+  port: 8084
+  servlet:
+    context-path: /onap/policy/clamp/acm/httpparticipant
+  ssl:
+    enabled: false
+
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml
new file mode 100644
index 00000000..fad71c80
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/http-participant/error.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/http-participant/debug.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/http-participant/network.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml
new file mode 100644
index 00000000..0b755aaf
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
new file mode 100644
index 00000000..f056861a
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
@@ -0,0 +1,130 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    app.kubernetes.io/instance: release
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Chart.Name }}
+      app.kubernetes.io/instance: release
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ .Chart.Name }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+        app.kubernetes.io/instance: release
+        app.kubernetes.io/managed-by: Helm
+        name: {{ .Chart.Name }}
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-secret
+              key: password
+{{- if .Values.config.useStrimziKafka }}
+        - name: JAASLOGIN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-policy-kafka-user
+              key: sasl.jaas.config
+{{- end }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: ac-http-ppnt-config
+        - mountPath: /config
+          name: ac-http-ppnt-config-processed
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
+          args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+          ports:
+            - containerPort: 8084
+              name: http-api
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.liveness.port }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.readiness.port }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/clamp/etc/mounted
+            name: ac-http-ppnt-config-processed
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: ac-http-ppnt-config
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: ac-http-ppnt-config-processed
+          emptyDir:
+            medium: Memory
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml
new file mode 100644
index 00000000..ab9ae5ba
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml
@@ -0,0 +1,33 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-read
+roleRef:
+  kind: Role
+  name: release-read
+  apiGroup: rbac.authorization.k8s.io
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml
new file mode 100644
index 00000000..620849c6
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml
@@ -0,0 +1,48 @@
+{{/*
+#Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-policy-kafka-user
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  sasl.jaas.config: "Tokm6*DaheWaro"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-secret
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.user }}
+  password: {{ .Values.restServer.password }}
+
+
+
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml
new file mode 100644
index 00000000..67d75081
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml
@@ -0,0 +1,25 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
+\ No newline at end of file
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml
new file mode 100644
index 00000000..75099e1a
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml
@@ -0,0 +1,42 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    app.kubernetes.io/instance: release
+    app.kubernetes.io/managed-by: Helm
+spec:
+  ports:
+    - port: {{ .Values.service.ports.port }}
+      targetPort: {{ .Values.service.ports.port }}
+      protocol: TCP
+      name: {{ .Values.service.ports.name }}
+  ipFamilyPolicy: PreferDualStack
+  type: {{ .Values.service.type }}
+  selector:
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/instance: release
+  sessionAffinity: None
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml
new file mode 100644
index 00000000..6ab32a49
--- /dev/null
+++ b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -0,0 +1,114 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence: {}
+  aafEnabled: true
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-ac-http-ppnt:6.3.1
+pullPolicy: Always
+
+# application configuration
+restServer:
+  user: participantUser
+  password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+  enabled: false
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  port: http-api
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  port: http-api
+
+service:
+  type: ClusterIP
+  name: policy-clamp-ac-http-ppnt
+  useNodePortExt: true
+  ports:
+    name: http-api
+    port: 8084
+    nodePort: 42
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  unlimited: {}
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-clamp-ac-http-ppnt
+  roles:
+    - read
+
+config:
+  # Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: policy-group
+  app:
+    listener:
+      acRuntimeTopic: policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+#   spring.config.max-size: 200
+#   spring.config.min-size: 10
+
diff --git a/helm/policy/components/policy-distribution/Chart.yaml b/helm/policy/components/policy-distribution/Chart.yaml
new file mode 100644
index 00000000..d5106335
--- /dev/null
+++ b/helm/policy/components/policy-distribution/Chart.yaml
@@ -0,0 +1,22 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Distribution
+name: policy-distribution
+version: 11.0.0
+\ No newline at end of file
diff --git a/helm/policy/components/policy-distribution/resources/config/config.json b/helm/policy/components/policy-distribution/resources/config/config.json
new file mode 100755
index 00000000..814e106a
--- /dev/null
+++ b/helm/policy/components/policy-distribution/resources/config/config.json
@@ -0,0 +1,95 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+{
+    "name":"SDCDistributionGroup",
+    "restServerParameters":{
+        "host":"0.0.0.0",
+        "port":6969,
+        "userName":"${RESTSERVER_USER}",
+        "password":"${RESTSERVER_PASSWORD}",
+        "https": false,
+        "prometheus": true
+    },
+    "receptionHandlerParameters":{
+        "FileReceptionHandler":{
+            "receptionHandlerType":"File",
+            "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandler",
+            "receptionHandlerConfigurationName":"fileConfiguration",
+            "pluginHandlerParameters":{
+                "policyDecoders":{
+                    "ApexDecoder":{
+                        "decoderType":"ApexDecoder",
+                        "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
+                        "decoderConfigurationName": "apexDecoderConfiguration"
+                    }
+                },
+                "policyForwarders":{
+                    "LifeCycleApiForwarder":{
+                        "forwarderType":"LifeCycleAPI",
+                        "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
+                        "forwarderConfigurationName": "lifecycleApiConfiguration"
+                    }
+                }
+            }
+        }
+    },
+    "receptionHandlerConfigurationParameters":{
+        "fileConfiguration":{
+            "parameterClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandlerConfigurationParameterGroup",
+            "parameters":{
+                "watchPath": "/opt/app/policy/distribution/etc/temp/",
+                "maxThread": 1
+            }
+        }
+    },
+    "policyDecoderConfigurationParameters":{
+        "apexDecoderConfiguration":{
+            "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
+            "parameters":{
+                "policyFileName": "apex_policy.json",
+                "policyTypeFileName": "apex_policy_type.json"
+            }
+        }
+    },
+    "policyForwarderConfigurationParameters":{
+        "lifecycleApiConfiguration":{
+            "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
+            "parameters":{
+                "apiParameters": {
+                    "clientName": "policy-api",
+                    "hostname": "policy-api",
+                    "port": 6969,
+                    "userName": "${API_USER}",
+                    "password": "${API_PASSWORD}",
+                    "useHttps": false
+                },
+                "papParameters": {
+                    "clientName": "policy-pap",
+                    "hostname": "policy-pap",
+                    "port": 6969,
+                    "userName": "${PAP_USER}",
+                    "password": "${PAP_PASSWORD}",
+                    "useHttps": false
+                },
+                "deployPolicies": true
+             }
+        }
+    }
+}
diff --git a/helm/policy/components/policy-distribution/resources/config/logback.xml b/helm/policy/components/policy-distribution/resources/config/logback.xml
new file mode 100755
index 00000000..abaefe6f
--- /dev/null
+++ b/helm/policy/components/policy-distribution/resources/config/logback.xml
@@ -0,0 +1,113 @@
+<!--
+  ============LICENSE_START=======================================================
+   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+  ================================================================================
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  SPDX-License-Identifier: Apache-2.0
+  ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+    <appender name="ErrorOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/error.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>WARN</level>
+        </filter>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncErrorOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="ErrorOut" />
+    </appender>
+
+    <appender name="DebugOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/debug.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncDebugOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="DebugOut" />
+    </appender>
+
+    <appender name="NetworkOut"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/onap/policy/distribution/network.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+            <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+            </fileNamePattern>
+            <maxFileSize>50MB</maxFileSize>
+            <maxHistory>30</maxHistory>
+            <totalSizeCap>10GB</totalSizeCap>
+        </rollingPolicy>
+        <encoder>
+            <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncNetworkOut"
+        class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="NetworkOut" />
+    </appender>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+        </encoder>
+    </appender>
+
+    <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+        <appender-ref ref="STDOUT" />
+    </appender>
+
+    <logger name="network" level="INFO" additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+        additivity="false">
+        <appender-ref ref="AsyncNetworkOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </logger>
+
+    <root level="INFO">
+        <appender-ref ref="AsyncDebugOut" />
+        <appender-ref ref="AsyncErrorOut" />
+        <appender-ref ref="AsyncStdOut" />
+    </root>
+
+</configuration>
diff --git a/helm/policy/components/policy-distribution/templates/configmap.yaml b/helm/policy/components/policy-distribution/templates/configmap.yaml
new file mode 100755
index 00000000..3b1c984d
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-configmap
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
diff --git a/helm/policy/components/policy-distribution/templates/deployment.yaml b/helm/policy/components/policy-distribution/templates/deployment.yaml
new file mode 100755
index 00000000..e8b203ba
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/deployment.yaml
@@ -0,0 +1,154 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+        release: release
+    spec:
+      initContainers:
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: RESTSERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: login
+        - name: RESTSERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-restserver-creds
+              key: password
+        - name: API_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-apiparameters-creds
+              key: login
+        - name: API_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-apiparameters-creds
+              key: password
+        - name: PAP_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-papparameters-creds
+              key: login
+        - name: PAP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-papparameters-creds
+              key: password
+        - name: SDCBE_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-sdcbe-creds
+              key: login
+        - name: SDCBE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Chart.Name }}-sdcbe-creds
+              key: password
+        volumeMounts:
+        - mountPath: /config-input
+          name: distributionconfig-input
+        - mountPath: /config
+          name: distributionconfig
+        image: docker.io/dibi/envsubst:1
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ .Chart.Name }}-update-config
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+          args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{- if eq .Values.liveness.enabled true }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end -}}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - mountPath: /opt/app/policy/distribution/etc/mounted
+            name: distributionconfig
+          - mountPath: /opt/app/policy/distribution/etc/temp
+            name: tmpdir
+            readOnly: true
+          resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-read
+      volumes:
+        - name: localtime
+          hostPath:
+             path: /etc/localtime
+        - name: distributionconfig-input
+          configMap:
+            name: {{ .Chart.Name }}-configmap
+            defaultMode: 0755
+        - name: distributionconfig
+          emptyDir:
+            medium: Memory
+        - name: tmpdir
+          hostPath:
+             path: /tmp/distribution
+      imagePullSecrets:
+      - name: "default-docker-registry-key"
diff --git a/helm/policy/components/policy-distribution/templates/role-binding.yaml b/helm/policy/components/policy-distribution/templates/role-binding.yaml
new file mode 100644
index 00000000..64598900
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/role-binding.yaml
@@ -0,0 +1,32 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-read
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-read
+roleRef:
+  kind: Role
+  name: read
+  apiGroup: rbac.authorization.k8s.io
diff --git a/helm/policy/components/policy-distribution/templates/secrets.yaml b/helm/policy/components/policy-distribution/templates/secrets.yaml
new file mode 100755
index 00000000..ff68f267
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/secrets.yaml
@@ -0,0 +1,82 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-apiparameters-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.apiParameters.user }}
+  password: {{ .Values.apiParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-papparameters-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.papParameters.user }}
+  password: {{ .Values.papParameters.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-restserver-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.restServer.user }}
+  password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-sdcbe-creds
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+type: Opaque
+stringData:
+  login: {{ .Values.sdcBe.user }}
+  password: {{ .Values.sdcBe.user }}
+
diff --git a/helm/policy/components/policy-distribution/templates/service-account.yaml b/helm/policy/components/policy-distribution/templates/service-account.yaml
new file mode 100644
index 00000000..3898bf0c
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/service-account.yaml
@@ -0,0 +1,24 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-read
diff --git a/helm/policy/components/policy-distribution/templates/service.yaml b/helm/policy/components/policy-distribution/templates/service.yaml
new file mode 100755
index 00000000..e9fe8182
--- /dev/null
+++ b/helm/policy/components/policy-distribution/templates/service.yaml
@@ -0,0 +1,38 @@
+{{/*
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation . All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: default
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: release
+    heritage: Helm
+spec:
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName }}
+  selector:
+    app: {{ .Chart.Name }}
+    release: release
diff --git a/helm/policy/components/policy-distribution/values.yaml b/helm/policy/components/policy-distribution/values.yaml
new file mode 100644
index 00000000..63ab8018
--- /dev/null
+++ b/helm/policy/components/policy-distribution/values.yaml
@@ -0,0 +1,118 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence: {}
+  aafEnabled: true
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-distribution:2.9-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+  user: policyadmin
+  password: zb!XztG34
+apiParameters:
+  user: policyadmin
+  password: zb!XztG34
+papParameters:
+  user: policyadmin
+  password: zb!XztG34
+sdcBe:
+  user: policy
+  password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+
+service:
+  type: ClusterIP
+  name: policy-distribution
+  portName: http
+  externalPort: 6969
+  internalPort: 6969
+
+ingress:
+  enabled: false
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-distribution
+  roles:
+    - read
+
+metrics:
+  serviceMonitor:
+    # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+    # The default operator for prometheus enforces the below label.
+    labels:
+      release: prometheus
+    enabled: true
+    port: policy-distribution
+    interval: 60s
+    isHttps: false
+    basicAuth:
+      enabled: true
+      externalSecretNameSuffix: policy-distribution-restserver-creds
+      externalSecretUserKey: login
+      externalSecretPasswordKey: password
+    selector:
+      app: '{{ .Chart.Name }}'
+      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      release: release
+      heritage: Helm
diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml
index 4e8b30f0..97f55758 100755
--- a/helm/policy/values.yaml
+++ b/helm/policy/values.yaml
@@ -49,7 +49,10 @@ policy-drools-pdp:
   enabled: true
 policy-xacml-pdp:
   enabled: true
-
+policy-distribution:
+  enabled: true
+policy-clamp-ac-http-ppnt:
+  enabled: true
 
 #################################################################
 # DB configuration defaults.
author	rameshiyer27 <ramesh.murugan.iyer@est.tech>	2023-03-07 01:32:28 +0000
committer	rameshiyer27 <ramesh.murugan.iyer@est.tech>	2023-03-07 15:03:44 +0000
commit	d8f918033221270c1ec4423b36c010da8464c401 (patch)
tree	96c4b5db631594ec79de59e24e8338639293f95a
parent	6f8e0a9588483cf4f7abd231c704f7fd84070147 (diff)