diff options
25 files changed, 1410 insertions, 4 deletions
diff --git a/csit/resources/scripts/run-test.sh b/csit/resources/scripts/run-test.sh index 4af5879f..6286e9cf 100755 --- a/csit/resources/scripts/run-test.sh +++ b/csit/resources/scripts/run-test.sh @@ -32,16 +32,19 @@ POLICY_PAP_IP=policy-pap:${DEFAULT_PORT} APEX_IP=policy-apex-pdp:${DEFAULT_PORT} POLICY_PDPX_IP=policy-xacml-pdp:${DEFAULT_PORT} POLICY_DROOLS_IP=policy-drools-pdp:9696 - +DISTRIBUTION_IP=policy-distribution:6969 DMAAP_IP=message-router:3904 APEX_EVENTS_IP=policy-apex-pdp:23324 PROMETHEUS_IP=prometheus:9090 +DIST_TEMP_FOLDER=/tmp/distribution + export ROBOT_VARIABLES= ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_API_IP:$POLICY_API_IP -v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v APEX_EVENTS_IP:$APEX_EVENTS_IP -v DMAAP_IP:$DMAAP_IP -v PROMETHEUS_IP:${PROMETHEUS_IP} --v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP" +-v POLICY_PDPX_IP:$POLICY_PDPX_IP -v POLICY_DROOLS_IP:$POLICY_DROOLS_IP -v TEMP_FOLDER:${DIST_TEMP_FOLDER} +-v DISTRIBUTION_IP:$DISTRIBUTION_IP" echo "Run Robot test" echo ROBOT_VARIABLES="${ROBOT_VARIABLES}" diff --git a/csit/run-k8s-csit.sh b/csit/run-k8s-csit.sh index d84f7318..a987c112 100755 --- a/csit/run-k8s-csit.sh +++ b/csit/run-k8s-csit.sh @@ -34,12 +34,17 @@ POLICY_PAP_ROBOT="pap-test.robot" POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot" POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot" POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot" +POLICY_DISTRIBUTION_ROBOT="distribution-test.robot" POLICY_API_CONTAINER="policy-api" POLICY_PAP_CONTAINER="policy-pap" POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm" POLICY_APEX_CONTAINER="policy-apex-pdp" POLICY_DROOLS_CONTAINER="policy-drools-pdp" POLICY_XACML_CONTAINER="policy-xacml-pdp" +POLICY_DISTRIBUTION_CONTAINER="policy-distribution" + +DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar +DIST_TEMP_FOLDER=/tmp/distribution export PROJECT="" export ROBOT_FILE="" @@ -89,6 +94,9 @@ function build_robot_image () { echo "Build docker image for robot framework" cd ${WORKSPACE}/csit/resources || exit; clone_models + if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then + copy_csar_file + fi echo "Build robot framework docker image" docker login -u docker -p docker nexus3.onap.org:10001 docker build . --file Dockerfile \ @@ -145,6 +153,15 @@ function clone_models () { >tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json } +function copy_csar_file () { + zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \ + --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q + # Remake temp directory + sudo rm -rf "${DIST_TEMP_FOLDER}" + sudo mkdir "${DIST_TEMP_FOLDER}" + sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar + sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar +} function get_robot_file () { case $PROJECT in @@ -179,6 +196,12 @@ function get_robot_file () { export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER) ;; + distribution | policy-distribution) + export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT) + export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER, + $POLICY_DISTRIBUTION_CONTAINER) + ;; + *) echo "unknown project supplied" ;; diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index 4f88647e..d7a12da3 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -57,3 +57,11 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-xacml-pdp' condition: policy-xacml-pdp.enabled + - name: policy-distribution + version: ~11.x-0 + repository: 'file://components/policy-distribution' + condition: policy-distribution.enabled + - name: policy-clamp-ac-http-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-http-ppnt' + condition: policy-clamp-ac-http-ppnt.enabled diff --git a/helm/policy/components/mariadb-galera/values.yaml b/helm/policy/components/mariadb-galera/values.yaml index d2a54a41..8fce8809 100644 --- a/helm/policy/components/mariadb-galera/values.yaml +++ b/helm/policy/components/mariadb-galera/values.yaml @@ -323,7 +323,7 @@ mariadbConfiguration: |- ## Desired number of cluster nodes ## -replicaCount: 3 +replicaCount: 1 ## updateStrategy for MariaDB Master StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml new file mode 100644 index 00000000..480b3782 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM Http Participant +name: policy-clamp-ac-http-ppnt +version: 11.0.0
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 00000000..ffa2bcce --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,104 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + autoconfigure: + exclude: > + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration, + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration, + org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +{{- if .Values.config.useStrimziKafka }} + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} + bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: HttpParticipant0 + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.HttpParticipant + version: 2.3.4 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: false + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus +server: + port: 8084 + servlet: + context-path: /onap/policy/clamp/acm/httpparticipant + ssl: + enabled: false + diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml new file mode 100644 index 00000000..fad71c80 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml new file mode 100644 index 00000000..0b755aaf --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml new file mode 100644 index 00000000..f056861a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -0,0 +1,130 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: release + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-http-ppnt-config + - mountPath: /config + name: ac-http-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + ports: + - containerPort: 8084 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-http-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-http-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml new file mode 100644 index 00000000..ab9ae5ba --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: release-read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml new file mode 100644 index 00000000..620849c6 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml @@ -0,0 +1,48 @@ +{{/* +#Copyright (C) 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: "Tokm6*DaheWaro" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + + + diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml new file mode 100644 index 00000000..67d75081 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml new file mode 100644 index 00000000..75099e1a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml @@ -0,0 +1,42 @@ +{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ ipFamilyPolicy: PreferDualStack
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: release
+ sessionAffinity: None
diff --git a/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml new file mode 100644 index 00000000..6ab32a49 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -0,0 +1,114 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-http-ppnt:6.3.1 +pullPolicy: Always + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-http-ppnt + useNodePortExt: true + ports: + name: http-api + port: 8084 + nodePort: 42 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-http-ppnt + roles: + - read + +config: + # Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 + diff --git a/helm/policy/components/policy-distribution/Chart.yaml b/helm/policy/components/policy-distribution/Chart.yaml new file mode 100644 index 00000000..d5106335 --- /dev/null +++ b/helm/policy/components/policy-distribution/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Distribution +name: policy-distribution +version: 11.0.0
\ No newline at end of file diff --git a/helm/policy/components/policy-distribution/resources/config/config.json b/helm/policy/components/policy-distribution/resources/config/config.json new file mode 100755 index 00000000..814e106a --- /dev/null +++ b/helm/policy/components/policy-distribution/resources/config/config.json @@ -0,0 +1,95 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{ + "name":"SDCDistributionGroup", + "restServerParameters":{ + "host":"0.0.0.0", + "port":6969, + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", + "https": false, + "prometheus": true + }, + "receptionHandlerParameters":{ + "FileReceptionHandler":{ + "receptionHandlerType":"File", + "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandler", + "receptionHandlerConfigurationName":"fileConfiguration", + "pluginHandlerParameters":{ + "policyDecoders":{ + "ApexDecoder":{ + "decoderType":"ApexDecoder", + "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy", + "decoderConfigurationName": "apexDecoderConfiguration" + } + }, + "policyForwarders":{ + "LifeCycleApiForwarder":{ + "forwarderType":"LifeCycleAPI", + "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder", + "forwarderConfigurationName": "lifecycleApiConfiguration" + } + } + } + } + }, + "receptionHandlerConfigurationParameters":{ + "fileConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.handling.file.FileSystemReceptionHandlerConfigurationParameterGroup", + "parameters":{ + "watchPath": "/opt/app/policy/distribution/etc/temp/", + "maxThread": 1 + } + } + }, + "policyDecoderConfigurationParameters":{ + "apexDecoderConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup", + "parameters":{ + "policyFileName": "apex_policy.json", + "policyTypeFileName": "apex_policy_type.json" + } + } + }, + "policyForwarderConfigurationParameters":{ + "lifecycleApiConfiguration":{ + "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters", + "parameters":{ + "apiParameters": { + "clientName": "policy-api", + "hostname": "policy-api", + "port": 6969, + "userName": "${API_USER}", + "password": "${API_PASSWORD}", + "useHttps": false + }, + "papParameters": { + "clientName": "policy-pap", + "hostname": "policy-pap", + "port": 6969, + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}", + "useHttps": false + }, + "deployPolicies": true + } + } + } +} diff --git a/helm/policy/components/policy-distribution/resources/config/logback.xml b/helm/policy/components/policy-distribution/resources/config/logback.xml new file mode 100755 index 00000000..abaefe6f --- /dev/null +++ b/helm/policy/components/policy-distribution/resources/config/logback.xml @@ -0,0 +1,113 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-distribution/templates/configmap.yaml b/helm/policy/components/policy-distribution/templates/configmap.yaml new file mode 100755 index 00000000..3b1c984d --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-distribution/templates/deployment.yaml b/helm/policy/components/policy-distribution/templates/deployment.yaml new file mode 100755 index 00000000..e8b203ba --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/deployment.yaml @@ -0,0 +1,154 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: release + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: password + - name: API_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-apiparameters-creds + key: login + - name: API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-apiparameters-creds + key: password + - name: PAP_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-papparameters-creds + key: login + - name: PAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-papparameters-creds + key: password + - name: SDCBE_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-sdcbe-creds + key: login + - name: SDCBE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-sdcbe-creds + key: password + volumeMounts: + - mountPath: /config-input + name: distributionconfig-input + - mountPath: /config + name: distributionconfig + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] + args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/distribution/etc/mounted + name: distributionconfig + - mountPath: /opt/app/policy/distribution/etc/temp + name: tmpdir + readOnly: true + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: distributionconfig-input + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: distributionconfig + emptyDir: + medium: Memory + - name: tmpdir + hostPath: + path: /tmp/distribution + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-distribution/templates/role-binding.yaml b/helm/policy/components/policy-distribution/templates/role-binding.yaml new file mode 100644 index 00000000..64598900 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/role-binding.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-distribution/templates/secrets.yaml b/helm/policy/components/policy-distribution/templates/secrets.yaml new file mode 100755 index 00000000..ff68f267 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/secrets.yaml @@ -0,0 +1,82 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-apiparameters-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.apiParameters.user }} + password: {{ .Values.apiParameters.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-papparameters-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.papParameters.user }} + password: {{ .Values.papParameters.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-sdcbe-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.sdcBe.user }} + password: {{ .Values.sdcBe.user }} + diff --git a/helm/policy/components/policy-distribution/templates/service-account.yaml b/helm/policy/components/policy-distribution/templates/service-account.yaml new file mode 100644 index 00000000..3898bf0c --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/policy-distribution/templates/service.yaml b/helm/policy/components/policy-distribution/templates/service.yaml new file mode 100755 index 00000000..e9fe8182 --- /dev/null +++ b/helm/policy/components/policy-distribution/templates/service.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation . All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ .Chart.Name }} + release: release diff --git a/helm/policy/components/policy-distribution/values.yaml b/helm/policy/components/policy-distribution/values.yaml new file mode 100644 index 00000000..63ab8018 --- /dev/null +++ b/helm/policy/components/policy-distribution/values.yaml @@ -0,0 +1,118 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-distribution:2.9-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +restServer: + user: policyadmin + password: zb!XztG34 +apiParameters: + user: policyadmin + password: zb!XztG34 +papParameters: + user: policyadmin + password: zb!XztG34 +sdcBe: + user: policy + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-distribution + portName: http + externalPort: 6969 + internalPort: 6969 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-distribution + roles: + - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-distribution + interval: 60s + isHttps: false + basicAuth: + enabled: true + externalSecretNameSuffix: policy-distribution-restserver-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ .Chart.Name }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: release + heritage: Helm diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index 4e8b30f0..97f55758 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -49,7 +49,10 @@ policy-drools-pdp: enabled: true policy-xacml-pdp: enabled: true - +policy-distribution: + enabled: true +policy-clamp-ac-http-ppnt: + enabled: true ################################################################# # DB configuration defaults. |