diff options
55 files changed, 2890 insertions, 149 deletions
diff --git a/compose/config/clamp/KserveParticipantParameters.yaml b/compose/config/clamp/KserveParticipantParameters.yaml new file mode 100755 index 00000000..d83a48f0 --- /dev/null +++ b/compose/config/clamp/KserveParticipantParameters.yaml @@ -0,0 +1,62 @@ +spring:
+ cloud:
+ kubernetes:
+ enabled: false
+ discovery:
+ enabled: false
+ security:
+ user:
+ name: participantUser
+ password: zb!XztG34
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04
+ clampAutomationCompositionTopics:
+ topicSources:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ topicSinks:
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
+ typeVersion: 1.0.1
+
+customresourcedefinition:
+ group: serving.kserve.io
+ version: v1beta1
+ plural: inferenceservices
+ grace-period: 10
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/policy/clamp/acm/kserveparticipant
+ ssl:
+ enabled: false
diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 712b6522..dee7663d 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -325,6 +325,23 @@ services: '-c', './a1pms-participant.sh', 'message-router', '3904' ] + policy-clamp-ac-kserve-ppnt: + image: ${CONTAINER_LOCATION}onap/policy-clamp-ac-kserve-ppnt:${POLICY_CLAMP_VERSION} + container_name: policy-clamp-ac-kserve-ppnt + depends_on: + - simulator + hostname: policy-clamp-ac-kserve-ppnt + ports: + - 30297:6969 + volumes: + - ./config/clamp/KserveParticipantParameters.yaml:/opt/app/policy/clamp/etc/KserveParticipantParameters.yaml:ro + - ./config/clamp/logback.xml:/opt/app/policy/clamp/etc/logback.xml:ro + - ./wait_for_port.sh:/opt/app/policy/bin/wait_for_port.sh:ro + entrypoint: /opt/app/policy/bin/wait_for_port.sh + command: [ + '-c', './kserve-participant.sh', + 'message-router', '3904' + ] prometheus: image: prom/prometheus:v2.32.1 container_name: prometheus diff --git a/csit/resources/scripts/run-test.sh b/csit/resources/scripts/run-test.sh index 4af5879f..6286e9cf 100755 --- a/csit/resources/scripts/run-test.sh +++ b/csit/resources/scripts/run-test.sh @@ -32,16 +32,19 @@ POLICY_PAP_IP=policy-pap:${DEFAULT_PORT} APEX_IP=policy-apex-pdp:${DEFAULT_PORT} POLICY_PDPX_IP=policy-xacml-pdp:${DEFAULT_PORT} POLICY_DROOLS_IP=policy-drools-pdp:9696 - +DISTRIBUTION_IP=policy-distribution:6969 DMAAP_IP=message-router:3904 APEX_EVENTS_IP=policy-apex-pdp:23324 PROMETHEUS_IP=prometheus:9090 +DIST_TEMP_FOLDER=/tmp/distribution + export ROBOT_VARIABLES= ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_API_IP:$POLICY_API_IP -v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v APEX_EVENTS_IP:$APEX_EVENTS_IP -v DMAAP_IP:$DMAAP_IP -v PROMETHEUS_IP:${PROMETHEUS_IP} --v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP" +-v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP -v TEMP_FOLDER:${DIST_TEMP_FOLDER} +-v DISTRIBUTION_IP:$DISTRIBUTION_IP" echo "Run Robot test" echo ROBOT_VARIABLES="${ROBOT_VARIABLES}" diff --git a/csit/run-k8s-csit.sh b/csit/run-k8s-csit.sh index d84f7318..a987c112 100755 --- a/csit/run-k8s-csit.sh +++ b/csit/run-k8s-csit.sh @@ -34,12 +34,17 @@ POLICY_PAP_ROBOT="pap-test.robot" POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot" POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot" POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot" +POLICY_DISTRIBUTION_ROBOT="distribution-test.robot" POLICY_API_CONTAINER="policy-api" POLICY_PAP_CONTAINER="policy-pap" POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm" POLICY_APEX_CONTAINER="policy-apex-pdp" POLICY_DROOLS_CONTAINER="policy-drools-pdp" POLICY_XACML_CONTAINER="policy-xacml-pdp" +POLICY_DISTRIBUTION_CONTAINER="policy-distribution" + +DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar +DIST_TEMP_FOLDER=/tmp/distribution export PROJECT="" export ROBOT_FILE="" @@ -89,6 +94,9 @@ function build_robot_image () { echo "Build docker image for robot framework" cd ${WORKSPACE}/csit/resources || exit; clone_models + if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then + copy_csar_file + fi echo "Build robot framework docker image" docker login -u docker -p docker nexus3.onap.org:10001 docker build . --file Dockerfile \ @@ -145,6 +153,15 @@ function clone_models () { >tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json } +function copy_csar_file () { + zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \ + --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q + # Remake temp directory + sudo rm -rf "${DIST_TEMP_FOLDER}" + sudo mkdir "${DIST_TEMP_FOLDER}" + sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar + sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar +} function get_robot_file () { case $PROJECT in @@ -179,6 +196,12 @@ function get_robot_file () { export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER) ;; + distribution | policy-distribution) + export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT) + export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER, + $POLICY_DISTRIBUTION_CONTAINER) + ;; + *) echo "unknown project supplied" ;; diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index 4f88647e..3b83cd9a 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -57,3 +57,19 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-xacml-pdp' condition: policy-xacml-pdp.enabled + - name: policy-distribution + version: ~11.x-0 + repository: 'file://components/policy-distribution' + condition: policy-distribution.enabled + - name: policy-clamp-ac-http-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-http-ppnt' + condition: policy-clamp-ac-http-ppnt.enabled + - name: policy-clamp-ac-kserve-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-kserve-ppnt' + condition: policy-clamp-ac-kserve-ppnt.enabled + - name: policy-clamp-ac-a1pms-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-a1pms-ppnt' + condition: policy-clamp-ac-a1pms-ppnt.enabled diff --git a/helm/policy/components/mariadb-galera/values.yaml b/helm/policy/components/mariadb-galera/values.yaml index d2a54a41..8fce8809 100644 --- a/helm/policy/components/mariadb-galera/values.yaml +++ b/helm/policy/components/mariadb-galera/values.yaml @@ -323,7 +323,7 @@ mariadbConfiguration: |- ## Desired number of cluster nodes ## -replicaCount: 3 +replicaCount: 1 ## updateStrategy for MariaDB Master StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies diff --git a/helm/policy/components/policy-apex-pdp/resources/config/groups.json b/helm/policy/components/policy-apex-pdp/resources/config/groups.json deleted file mode 100644 index bd5c2868..00000000 --- a/helm/policy/components/policy-apex-pdp/resources/config/groups.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "groups": [ - { - "name": "defaultGroup", - "version": "1.0.0", - "description": "The default group that registers all supported policy types and pdps.", - "pdpGroupState": "ACTIVE", - "pdpSubgroups": [ - { - "pdpType": "apex", - "supportedPolicyTypes": [ - { - "name": "onap.policies.controlloop.operational.common.Apex", - "version": "1.0.0" - }, - { - "name": "onap.policies.native.Apex", - "version": "1.0.0" - } - ], - "currentInstanceCount": 0, - "desiredInstanceCount": 1, - "policies": [] - } - ] - } - ] -} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml new file mode 100755 index 00000000..e6c8a42d --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM A1PMS Participant +name: policy-clamp-ac-a1pms-ppnt +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml new file mode 100755 index 00000000..8d98d867 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -0,0 +1,76 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: participantUser + password: zb!XztG34 + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration +security: + enable-csrf: false + +a1pms: + baseUrl: http://a1policymanagement.onap:8081 + headers: + content-type: application/json + endpoints: + health: /a1-policy/v2/rics + services: /a1-policy/v2/services + service: /a1-policy/v2/services/{service_id} + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement + typeVersion: 1.0.1 + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus +server: + port: 8086 + servlet: + context-path: /onap/policy/clamp/acm/a1pmsparticipant + ssl: + enabled: false + + diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml new file mode 100755 index 00000000..110131c9 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml new file mode 100755 index 00000000..619906af --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml new file mode 100755 index 00000000..3b7678b8 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -0,0 +1,134 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password + +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config + +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-a1pms-ppnt-config + - mountPath: /config + name: ac-a1pms-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"] + ports: + - containerPort: 8086 + name: a1pms-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-a1pms-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-create + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-a1pms-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-a1pms-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml new file mode 100755 index 00000000..87c58afe --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-binding + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-create + namespace: default + diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml new file mode 100755 index 00000000..d9ab84c1 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml @@ -0,0 +1,48 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: {{ .Values.config.jaas }} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml new file mode 100755 index 00000000..af142603 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-create diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml new file mode 100755 index 00000000..231db790 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + protocol: TCP + name: {{ .Values.service.ports.name }} + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml new file mode 100755 index 00000000..9abca5bf --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -0,0 +1,107 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-a1pms-ppnt:6.4-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: a1pms-api + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + port: a1pms-api + +service: + type: ClusterIP + name: policy-clamp-ac-a1pms-ppnt + useNodePortExt: true + ports: + name: a1pms-api + port: 8086 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-a1pms-ppnt + roles: + - create + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant + jaas: KuldHochQipa7, +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml new file mode 100644 index 00000000..480b3782 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM Http Participant +name: policy-clamp-ac-http-ppnt +version: 11.0.0
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 00000000..a228e97a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,103 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + autoconfigure: + exclude: > + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration, + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration, + org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +{{- if .Values.config.useStrimziKafka }} + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} + bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: false + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement + typeVersion: 1.0.0 +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus +server: + port: 8084 + servlet: + context-path: /onap/policy/clamp/acm/httpparticipant + ssl: + enabled: false + diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml new file mode 100644 index 00000000..fad71c80 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml new file mode 100644 index 00000000..0b755aaf --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml new file mode 100644 index 00000000..f056861a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -0,0 +1,130 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: release + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-http-ppnt-config + - mountPath: /config + name: ac-http-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + ports: + - containerPort: 8084 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-http-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-http-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml new file mode 100644 index 00000000..ab9ae5ba --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: release-read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml new file mode 100644 index 00000000..620849c6 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml @@ -0,0 +1,48 @@ +{{/* +#Copyright (C) 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: "Tokm6*DaheWaro" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + + + diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml new file mode 100644 index 00000000..67d75081 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml new file mode 100644 index 00000000..75099e1a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml @@ -0,0 +1,42 @@ +{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ ipFamilyPolicy: PreferDualStack
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: release
+ sessionAffinity: None
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml new file mode 100644 index 00000000..9cf80fc5 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -0,0 +1,114 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-http-ppnt:6.4-SNAPSHOT-latest +pullPolicy: Always + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-http-ppnt + useNodePortExt: true + ports: + name: http-api + port: 8084 + nodePort: 42 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-http-ppnt + roles: + - read + +config: + # Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 + diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 9a0a8fdc..5b059987 100644 --- a/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -48,12 +48,7 @@ participant: intermediaryParameters: reportingTimeIntervalMs: 120000 description: Participant Description - participantId: - name: K8sParticipant0 - version: 1.0.0 - participantType: - name: org.onap.policy.clamp.acm.KubernetesParticipant - version: 2.3.4 + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c02 clampAutomationCompositionTopics: topicSources: - @@ -70,6 +65,10 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: false + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement + typeVersion: 1.0.0 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 98349d28..d158d2a2 100644 --- a/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -20,7 +20,7 @@ # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:6.4.0 +image: nexus3.onap.org:10001/onap/policy-clamp-ac-k8s-ppnt:6.4-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml new file mode 100755 index 00000000..04b3ffa6 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM Kserve Participant +name: policy-clamp-ac-kserve-ppnt +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml new file mode 100755 index 00000000..25852680 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -0,0 +1,119 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + cloud: + kubernetes: + enabled: false + discovery: + enabled: false + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration + - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} + bootstrap-servers: release-{{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement + typeVersion: 1.0.1 + +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - release-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - release-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +customresourcedefinition: + group: serving.kserve.io + version: v1beta1 + plural: inferenceservices + grace-period: 10 + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus +server: + port: 8087 + servlet: + context-path: /onap/policy/clamp/acm/kserveparticipant + ssl: + enabled: false + + diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml new file mode 100755 index 00000000..897d62a4 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml new file mode 100755 index 00000000..619906af --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml new file mode 100755 index 00000000..2b02d9ac --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -0,0 +1,134 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password + +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config + +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-kserve-ppnt-config + - mountPath: /config + name: ac-kserve-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"] + ports: + - containerPort: 8087 + name: kserve-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-kserve-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-create + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-kserve-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-kserve-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/role-binding.yaml new file mode 100755 index 00000000..87c58afe --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/role-binding.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-binding + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-create + namespace: default + diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/secret.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/secret.yaml new file mode 100755 index 00000000..d9ab84c1 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/secret.yaml @@ -0,0 +1,48 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: {{ .Values.config.jaas }} diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service-account.yaml new file mode 100755 index 00000000..af142603 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-create diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml new file mode 100755 index 00000000..231db790 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + protocol: TCP + name: {{ .Values.service.ports.name }} + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} diff --git a/helm/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml new file mode 100755 index 00000000..7bc601b1 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -0,0 +1,107 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-kserve-ppnt:6.4-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: kserve-api + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + port: kserve-api + +service: + type: ClusterIP + name: policy-clamp-ac-kserve-ppnt + useNodePortExt: true + ports: + name: kserve-api + port: 8087 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-kserve-ppnt + roles: + - create + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant + jaas: KuldHochQipa7, +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index be8a3550..3d0a0a5a 100644 --- a/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -64,12 +64,7 @@ participant: intermediaryParameters: reportingTimeIntervalMs: 120000 description: Participant Description - participantId: - name: org.onap.PM_Policy - version: 1.0.0 - participantType: - name: org.onap.policy.clamp.acm.PolicyParticipant - version: 2.3.1 + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c03 clampAutomationCompositionTopics: topicSources: - @@ -86,6 +81,10 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: false + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement + typeVersion: 1.0.0 # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index e9288ad8..14ba8aed 100644 --- a/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -69,7 +69,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Chart.Name }}-pap-secret - key: login + key: password - name: RESTSERVER_USER valueFrom: secretKeyRef: @@ -79,7 +79,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Chart.Name }}-restserver-secret - key: login + key: password {{- if .Values.config.useStrimziKafka }} - name: JAASLOGIN valueFrom: diff --git a/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index f1f0919d..16bd6ad9 100644 --- a/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/helm/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.3.1 +image: nexus3.onap.org:10001/onap/policy-clamp-ac-pf-ppnt:6.4-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/helm/policy/components/policy-distribution/Chart.yaml b/helm/policy/components/policy-distribution/Chart.yaml new file mode 100644 index 00000000..d5106335 --- /dev/null +++ b/helm/policy/components/policy-distribution/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Distribution +name: policy-distribution +version: 11.0.0
\ No newline at end of file diff --git a/helm/policy/components/policy-distribution/resources/config/config.json b/helm/policy/components/policy-distribution/resources/config/config.json new file mode 100755 index 00000000..814e106a --- /dev/null +++ b/helm/policy/components/policy-distribution/resources/config/config.json @@ -0,0 +1,95 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{ + "name":"SDCDistributionGroup", + "restServerParameters":{ + "host":"0.0.0.0", + "port":6969, + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", + "https": false, + "prometheus": true + }, + "receptionHandlerParameters":{ + "FileReceptionHandler":{ + "receptionHandlerType":"File", + "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandler", + "receptionHandlerConfigurationName":"fileConfiguration", + "pluginHandlerParameters":{ + "policyDecoders":{ + "ApexDecoder":{ + "decoderType":"ApexDecoder", + "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy", + "decoderConfigurationName": "apexDecoderConfiguration" + } + }, + "policyForwarders":{ + "LifeCycleApiForwarder":{ + "forwarderType":"LifeCycleAPI", + "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder", + "forwarderConfigurationName": "lifecycleApiConfiguration" + } + } + } + } + }, + "receptionHandlerConfigurationParameters":{ + "fileConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandlerConfigurationParameterGroup", + "parameters":{ + "watchPath": "/opt/app/policy/distribution/etc/temp/", + "maxThread": 1 + } + } + }, + "policyDecoderConfigurationParameters":{ + "apexDecoderConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup", + "parameters":{ + "policyFileName": "apex_policy.json", + "policyTypeFileName": "apex_policy_type.json" + } + } + }, + "policyForwarderConfigurationParameters":{ + "lifecycleApiConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters", + "parameters":{ + "apiParameters": { + "clientName": "policy-api", + "hostname": "policy-api", + "port": 6969, + "userName": "${API_USER}", + "password": "${API_PASSWORD}", + "useHttps": false + }, + "papParameters": { + "clientName": "policy-pap", + "hostname": "policy-pap", + "port": 6969, + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}", + "useHttps": false + }, + "deployPolicies": true + } + } + } +} diff --git a/helm/policy/components/policy-distribution/resources/config/logback.xml b/helm/policy/components/policy-distribution/resources/config/logback.xml new file mode 100755 index 00000000..abaefe6f --- /dev/null +++ b/helm/policy/components/policy-distribution/resources/config/logback.xml @@ -0,0 +1,113 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-distribution/templates/configmap.yaml b/helm/policy/components/policy-distribution/templates/configmap.yaml new file mode 100755 index 00000000..3b1c984d --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-distribution/templates/deployment.yaml b/helm/policy/components/policy-distribution/templates/deployment.yaml new file mode 100755 index 00000000..e8b203ba --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/deployment.yaml @@ -0,0 +1,154 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: release + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: password + - name: API_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-apiparameters-creds + key: login + - name: API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-apiparameters-creds + key: password + - name: PAP_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-papparameters-creds + key: login + - name: PAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-papparameters-creds + key: password + - name: SDCBE_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-sdcbe-creds + key: login + - name: SDCBE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-sdcbe-creds + key: password + volumeMounts: + - mountPath: /config-input + name: distributionconfig-input + - mountPath: /config + name: distributionconfig + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] + args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/distribution/etc/mounted + name: distributionconfig + - mountPath: /opt/app/policy/distribution/etc/temp + name: tmpdir + readOnly: true + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: distributionconfig-input + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: distributionconfig + emptyDir: + medium: Memory + - name: tmpdir + hostPath: + path: /tmp/distribution + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-distribution/templates/role-binding.yaml b/helm/policy/components/policy-distribution/templates/role-binding.yaml new file mode 100644 index 00000000..64598900 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/role-binding.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-distribution/templates/secrets.yaml b/helm/policy/components/policy-distribution/templates/secrets.yaml new file mode 100755 index 00000000..ff68f267 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/secrets.yaml @@ -0,0 +1,82 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-apiparameters-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.apiParameters.user }} + password: {{ .Values.apiParameters.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-papparameters-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.papParameters.user }} + password: {{ .Values.papParameters.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-sdcbe-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.sdcBe.user }} + password: {{ .Values.sdcBe.user }} + diff --git a/helm/policy/components/policy-distribution/templates/service-account.yaml b/helm/policy/components/policy-distribution/templates/service-account.yaml new file mode 100644 index 00000000..3898bf0c --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/policy-distribution/templates/service.yaml b/helm/policy/components/policy-distribution/templates/service.yaml new file mode 100755 index 00000000..e9fe8182 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/service.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation . All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ .Chart.Name }} + release: release diff --git a/helm/policy/components/policy-distribution/values.yaml b/helm/policy/components/policy-distribution/values.yaml new file mode 100644 index 00000000..63ab8018 --- /dev/null +++ b/helm/policy/components/policy-distribution/values.yaml @@ -0,0 +1,118 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-distribution:2.9-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +restServer: + user: policyadmin + password: zb!XztG34 +apiParameters: + user: policyadmin + password: zb!XztG34 +papParameters: + user: policyadmin + password: zb!XztG34 +sdcBe: + user: policy + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-distribution + portName: http + externalPort: 6969 + internalPort: 6969 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-distribution + roles: + - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-distribution + interval: 60s + isHttps: false + basicAuth: + enabled: true + externalSecretNameSuffix: policy-distribution-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: release + heritage: Helm diff --git a/helm/policy/components/policy-pap/resources/config/groups.json b/helm/policy/components/policy-pap/resources/config/groups.json index bd5c2868..3f62ee52 100644 --- a/helm/policy/components/policy-pap/resources/config/groups.json +++ b/helm/policy/components/policy-pap/resources/config/groups.json @@ -21,6 +21,95 @@ "currentInstanceCount": 0, "desiredInstanceCount": 1, "policies": [] + }, + { + "pdpType": "xacml", + "supportedPolicyTypes": [ + { + "name": "onap.policies.controlloop.guard.common.FrequencyLimiter", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.MinMax", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.Blacklist", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.Filter", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", + "version": "1.0.0" + }, + { + "name": "onap.policies.monitoring.*", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.*", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.AffinityPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.DistancePolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.HpaPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.OptimizationPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.PciPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.service.QueryPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.service.SubscriberPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.Vim_fit", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.VnfPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.native.Xacml", + "version": "1.0.0" + }, + { + "name": "onap.policies.Naming", + "version": "1.0.0" + }, + { + "name": "onap.policies.match.*", + "version": "1.0.0" + } + ], + "currentInstanceCount": 0, + "desiredInstanceCount": 1, + "policies": [ + { + "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP", + "version": "1.0.0" + } + ] } ] } diff --git a/helm/policy/components/policy-xacml-pdp/resources/config/groups.json b/helm/policy/components/policy-xacml-pdp/resources/config/groups.json deleted file mode 100644 index 0a7e5fe3..00000000 --- a/helm/policy/components/policy-xacml-pdp/resources/config/groups.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "groups": [ - { - "name": "defaultGroup", - "version": "1.0.0", - "description": "The default group that registers all supported policy types and pdps.", - "pdpGroupState": "ACTIVE", - "pdpSubgroups": [ - { - "pdpType": "xacml", - "supportedPolicyTypes": [ - { - "name": "onap.policies.controlloop.guard.common.FrequencyLimiter", - "version": "1.0.0" - }, - { - "name": "onap.policies.controlloop.guard.common.MinMax", - "version": "1.0.0" - }, - { - "name": "onap.policies.controlloop.guard.common.Blacklist", - "version": "1.0.0" - }, - { - "name": "onap.policies.controlloop.guard.common.Filter", - "version": "1.0.0" - }, - { - "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", - "version": "1.0.0" - }, - { - "name": "onap.policies.monitoring.*", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.*", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.AffinityPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.DistancePolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.HpaPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.OptimizationPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.PciPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.service.QueryPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.service.SubscriberPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.Vim_fit", - "version": "1.0.0" - }, - { - "name": "onap.policies.optimization.resource.VnfPolicy", - "version": "1.0.0" - }, - { - "name": "onap.policies.native.Xacml", - "version": "1.0.0" - }, - { - "name": "onap.policies.Naming", - "version": "1.0.0" - }, - { - "name": "onap.policies.match.*", - "version": "1.0.0" - } - ], - "currentInstanceCount": 0, - "desiredInstanceCount": 1, - "policies": [ - { - "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP", - "version": "1.0.0" - } - ] - } - ] - } - ] -} diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index 4e8b30f0..a2ad2c40 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -49,7 +49,14 @@ policy-drools-pdp: enabled: true policy-xacml-pdp: enabled: true - +policy-distribution: + enabled: true +policy-clamp-ac-http-ppnt: + enabled: true +policy-clamp-ac-kserve-ppnt: + enabled: true +policy-clamp-ac-a1pms-ppnt: + enabled: true ################################################################# # DB configuration defaults. |