diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | compose/README.md | 100 | ||||
-rwxr-xr-x | compose/start-compose.sh | 25 | ||||
-rwxr-xr-x | compose/stop-compose.sh | 12 | ||||
-rw-r--r-- | csit/resources/Dockerfile | 13 | ||||
-rwxr-xr-x | csit/run-k8s-csit-enable.sh | 229 | ||||
-rwxr-xr-x | helm/policy/values.yaml | 26 |
7 files changed, 278 insertions, 128 deletions
@@ -14,3 +14,4 @@ models **/*.log **/*/Chart.lock **/*/charts/ +**/*/policy-csit-robot.tar diff --git a/compose/README.md b/compose/README.md new file mode 100644 index 00000000..ada34e1c --- /dev/null +++ b/compose/README.md @@ -0,0 +1,100 @@ +# Policy Framework Docker Compose + +The PF docker compose starts a small instance of docker containers for PF components. + +## Features + +- Starts all components, including Prometheus/Grafana dashboard and GUI (ACM and Apex) +- Can start specific components +- Expose fixed ports so all the REST endpoints can be called with localhost:component_port + +## Tech + +Things to be installed beforehand: + +- Linux VM if using Windows +- Docker +- Docker compose +- Any editor + +## Installation + +Assuming the docker repository has been cloned and workdir is ../docker/compose + +- Install all PF components (excluding GUI) +```sh +./start-compose.sh +``` + +- Install all PF components + GUI + +```sh +./start-compose.sh --gui +``` + +- Install an specific PF component +(accepted options: api pap apex-pdp distribution drools-pdp drools-apps xacml-pdp +policy-clamp-runtime-acm) + + +```sh +./start-compose.sh component + +# that will start apex-pdp and its dependencies (pap, api, db, simulator) +./start-compose.sh apex-pdp +``` + +- Install an specific PF component with Grafana dashboard +(accepted options: api pap apex-pdp distribution drools-pdp drools-apps xacml-pdp +policy-clamp-runtime-acm) + + +```sh +./start-compose.sh component --grafana + +# that will start apex-pdp and its dependencies (pap, api, db, simulator) + grafana and prometheus server +./start-compose.sh apex-pdp --grafana +``` + +## Docker image localization + +The docker images are always downloaded from nexus repository, but if needed to build a local +image, edit the ``export-ports.sh`` script and change the variable ``CONTAINER_LOCATION`` +to be empty. + + +## Docker image versions + +The start-compose script is always looking for the latest SNAPSHOT version available (will +look locally first, then download from nexus if not available). +Note: if latest Policy-API docker image is 2.8-SNAPSHOT-latest, but on nexus it was released +2 days ago and in local environment it's 3 months old - it will use the 3 months old image, +so it's recommended to keep an eye on it. + +If needed, the version can be edited on docker-compose.yml and docker-compose.gui.yml + +i.e: need to change db-migrator version +from docker-compose.yml: +``image: ${CONTAINER_LOCATION}onap/policy-db-migrator:${POLICY_DOCKER_VERSION}`` + +replace the ${POLICY_DOCKER_VERSION} for the specific version needed + + +## Logs + +To collect the docker-compose logs, simply run the following: + +```sh +./start-compose.sh logs +``` +Note: these are logs for installation only, not actual application usage + +It will generate a ``docker-compose.log`` file with the result. + +## Uninstall + +Simply run the ``stop-compose.sh`` script. + +```sh +./stop-compose.sh +``` diff --git a/compose/start-compose.sh b/compose/start-compose.sh index a77b4834..49006f11 100755 --- a/compose/start-compose.sh +++ b/compose/start-compose.sh @@ -57,9 +57,11 @@ do esac done +cd ${COMPOSE_FOLDER} + echo "Configuring docker compose..." -source "${COMPOSE_FOLDER}"/export-ports.sh > /dev/null 2>&1 -source "${COMPOSE_FOLDER}"/get-versions.sh > /dev/null 2>&1 +source export-ports.sh > /dev/null 2>&1 +source get-versions.sh > /dev/null 2>&1 # in case of csit running for PAP (groups should be for pap) but starts apex-pdp for dependencies. if [ -z "$PROJECT" ]; then @@ -67,29 +69,32 @@ if [ -z "$PROJECT" ]; then fi if [ -n "$component" ]; then - if [ "$grafana" = true ]; then + if [ "$component" == "logs" ]; then + echo "Collecting logs..." + docker-compose logs > docker-compose.log + elif [ "$grafana" = true ]; then echo "Starting ${component} application with Grafana" - docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml up -d "${component}" grafana + docker-compose up -d "${component}" grafana echo "Prometheus server: http://localhost:${PROMETHEUS_PORT}" echo "Grafana server: http://localhost:${GRAFANA_PORT}" elif [ "$gui" = true ]; then echo "Starting application with gui..." - docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml \ - -f "${COMPOSE_FOLDER}"/docker-compose.gui.yml up -d "${component}" policy-gui + docker-compose -f docker-compose.yml -f docker-compose.gui.yml up -d "${component}" policy-gui echo "Clamp GUI: https://localhost:2445/clamp" else echo "Starting ${component} application" - docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml up -d "${component}" + docker-compose up -d "${component}" fi else export PROJECT=api # api has groups.json complete with all 3 pdps if [ "$gui" = true ]; then echo "Starting application with gui..." - docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml \ - -f "${COMPOSE_FOLDER}"/docker-compose.gui.yml up -d + docker-compose -f docker-compose.yml -f docker-compose.gui.yml up -d echo "Clamp GUI: https://localhost:2445/clamp" else echo "Starting all components..." - docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml up -d + docker-compose up -d fi fi + +cd ${WORKSPACE} diff --git a/compose/stop-compose.sh b/compose/stop-compose.sh index a8185215..0a7d9af4 100755 --- a/compose/stop-compose.sh +++ b/compose/stop-compose.sh @@ -25,12 +25,16 @@ if [ -z "${WORKSPACE}" ]; then fi COMPOSE_FOLDER="${WORKSPACE}"/compose -source "${COMPOSE_FOLDER}"/export-ports.sh > /dev/null 2>&1 -source "${COMPOSE_FOLDER}"/get-versions.sh > /dev/null 2>&1 +cd ${COMPOSE_FOLDER} + +source export-ports.sh > /dev/null 2>&1 +source get-versions.sh > /dev/null 2>&1 echo "Collecting logs from docker compose containers..." -docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml logs > docker_compose.log +docker-compose logs > docker_compose.log cat docker_compose.log echo "Tearing down containers..." -docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml down -v --remove-orphans +docker-compose down -v --remove-orphans + +cd ${WORKSPACE} diff --git a/csit/resources/Dockerfile b/csit/resources/Dockerfile index 4e68ea3a..50bf4d15 100644 --- a/csit/resources/Dockerfile +++ b/csit/resources/Dockerfile @@ -1,14 +1,11 @@ FROM nexus3.onap.org:10001/library/python:3.10-slim-bullseye ARG CSIT_SCRIPT=${CSIT_SCRIPT} ARG ROBOT_FILE=${ROBOT_FILE} -ENV ROBOT_WORKSPACE /opt/robotworkspace -ENV ROBOT_FILE $ROBOT_FILE -RUN python3 -m pip install --upgrade pip -RUN python3 -m pip install --upgrade --extra-index-url="https://nexus3.onap.org/repository/PyPi.staging/simple" 'robotframework-onap==0.5.1.*' --pre -RUN python3 -m pip freeze +ENV ROBOT_WORKSPACE=/opt/robotworkspace ROBOT_FILE=$ROBOT_FILE +RUN python3 -m pip install --upgrade pip && \ + python3 -m pip install --upgrade --extra-index-url="https://nexus3.onap.org/repository/PyPi.staging/simple" 'robotframework-onap==0.6.0.*' --pre && \ + python3 -m pip freeze RUN mkdir -p ${ROBOT_WORKSPACE} -COPY ${CSIT_SCRIPT} ${ROBOT_WORKSPACE}/ -COPY tests/ ${ROBOT_WORKSPACE}/ +COPY ${CSIT_SCRIPT} tests/ ${ROBOT_WORKSPACE}/ WORKDIR ${ROBOT_WORKSPACE} -RUN chmod +x run-test.sh CMD ["sh", "-c", "./run-test.sh" , "${ROBOT_FILE}"] diff --git a/csit/run-k8s-csit-enable.sh b/csit/run-k8s-csit-enable.sh index c6de8c0e..25bc781c 100755 --- a/csit/run-k8s-csit-enable.sh +++ b/csit/run-k8s-csit-enable.sh @@ -42,6 +42,7 @@ POLICY_APEX_CONTAINER="policy-apex-pdp" POLICY_DROOLS_CONTAINER="policy-drools-pdp" POLICY_XACML_CONTAINER="policy-xacml-pdp" POLICY_DISTRIBUTION_CONTAINER="policy-distribution" +SET_VALUES="" DISTRIBUTION_CSAR=${WORKSPACE}/csit/resources/tests/data/csar DIST_TEMP_FOLDER=/tmp/distribution @@ -51,101 +52,101 @@ export ROBOT_FILE="" export ROBOT_LOG_DIR=${WORKSPACE}/csit/archives export READINESS_CONTAINERS=() -function spin_microk8s_cluster () { +function spin_microk8s_cluster() { echo "Verify if Microk8s cluster is running.." microk8s version exitcode="${?}" - if [ "$exitcode" -ne 0 ]; then + if [ "$exitcode" -ne 0 ]; then echo "Microk8s cluster not available, Spinning up the cluster.." sudo snap install microk8s --classic --channel=1.25/stable - if [ "${?}" -ne 0 ]; then - echo "Failed to install kubernetes cluster. Aborting.." - return 1 + if [ "${?}" -ne 0 ]; then + echo "Failed to install kubernetes cluster. Aborting.." + return 1 fi echo "Microk8s cluster installed successfully" sudo usermod -a -G microk8s $USER echo "Enabling DNS and helm3 plugins" sudo microk8s.enable dns helm3 hostpath-storage echo "Creating configuration file for Microk8s" - sudo mkdir -p $HOME/.kube; + sudo mkdir -p $HOME/.kube sudo chown -R $USER:$USER $HOME/.kube - sudo microk8s kubectl config view --raw > $HOME/.kube/config + sudo microk8s kubectl config view --raw >$HOME/.kube/config sudo chmod 600 $HOME/.kube/config echo "K8s installation completed" echo "----------------------------------------" else echo "K8s cluster is already running" echo "----------------------------------------" - return 0 + return 0 fi } - -function teardown_cluster () { +function teardown_cluster() { echo "Removing k8s cluster and k8s configuration file" - sudo snap remove microk8s;rm -rf $HOME/.kube/config + sudo microk8s helm uninstall csit-policy + sudo microk8s helm uninstall prometheus + sudo microk8s helm uninstall csit-robot + rm -rf ${WORKSPACE}/helm/policy/Chart.lock sudo rm -rf /dockerdata-nfs/mariadb-galera/ echo "K8s Cluster removed" echo "Clean up docker" - docker system prune -af + docker image prune -f } - -function build_robot_image () { +function build_robot_image() { echo "Build docker image for robot framework" - cd ${WORKSPACE}/csit/resources || exit; + cd ${WORKSPACE}/csit/resources || exit clone_models if [ "${PROJECT}" == "distribution" ] || [ "${PROJECT}" == "policy-distribution" ]; then - copy_csar_file + copy_csar_file fi echo "Build robot framework docker image" docker login -u docker -p docker nexus3.onap.org:10001 docker build . --file Dockerfile \ --build-arg CSIT_SCRIPT="$CSIT_SCRIPT" \ - --build-arg ROBOT_FILE="$ROBOT_FILE" \ + --build-arg ROBOT_FILE="$ROBOT_FILE" \ --tag "${ROBOT_DOCKER_IMAGE}" --no-cache echo "---------------------------------------------" - echo "Importing robot image into microk8s registry" - docker save -o policy-csit-robot.tar ${ROBOT_DOCKER_IMAGE}:latest - sudo microk8s ctr image import policy-csit-robot.tar } - -function start_csit () { +function start_csit() { build_robot_image if [ "${?}" -eq 0 ]; then + echo "Importing robot image into microk8s registry" + docker save -o policy-csit-robot.tar ${ROBOT_DOCKER_IMAGE}:latest + sudo microk8s ctr image import policy-csit-robot.tar rm -rf ${WORKSPACE}/csit/resources/policy-csit-robot.tar rm -rf ${WORKSPACE}/csit/resources/tests/models/ echo "---------------------------------------------" echo "Installing Robot framework pod for running CSIT" cd ${WORKSPACE}/helm mkdir -p ${ROBOT_LOG_DIR} - sudo microk8s helm install csit-robot robot --set robot="$ROBOT_FILE" --set "readiness={${READINESS_CONTAINERS[*]}}" --set robotLogDir=$ROBOT_LOG_DIR; + sudo microk8s helm install csit-robot robot --set robot="$ROBOT_FILE" --set "readiness={${READINESS_CONTAINERS[*]}}" --set robotLogDir=$ROBOT_LOG_DIR print_robot_log - fi + teardown_cluster + fi } - -function print_robot_log () { +function print_robot_log() { count_pods=0 while [[ ${count_pods} -eq 0 ]]; do echo "Waiting for pods to come up..." sleep 5 count_pods=$(sudo microk8s kubectl get pods --output name | wc -l) done + sudo microk8s kubectl get po robotpod=$(sudo microk8s kubectl get po | grep policy-csit) podName=$(echo "$robotpod" | awk '{print $1}') echo "The robot tests will begin once the policy components {${READINESS_CONTAINERS[*]}} are up and running..." - sudo microk8s kubectl wait --for=jsonpath='{.status.phase}'=Running --timeout=700s pod/"$podName" + sudo microk8s kubectl wait --for=jsonpath='{.status.phase}'=Running --timeout=10m pod/"$podName" sudo microk8s kubectl logs -f "$podName" echo "Please check the logs of policy-csit-robot pod for the test execution results" } - -function clone_models () { +function clone_models() { GERRIT_BRANCH=$(awk -F= '$1 == "defaultbranch" { print $2 }' "${WORKSPACE}"/.gitreview) echo GERRIT_BRANCH="${GERRIT_BRANCH}" # download models examples @@ -153,87 +154,130 @@ function clone_models () { # create a couple of variations of the policy definitions sed -e 's!Measurement_vGMUX!ADifferentValue!' \ - tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json \ + tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json \ >tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v1_2.json sed -e 's!"version": "1.0.0"!"version": "2.0.0"!' \ - -e 's!"policy-version": 1!"policy-version": 2!' \ - tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json \ + -e 's!"policy-version": 1!"policy-version": 2!' \ + tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json \ >tests/models/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.v2.json } -function copy_csar_file () { - zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \ - --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q - # Remake temp directory - sudo rm -rf "${DIST_TEMP_FOLDER}" - sudo mkdir "${DIST_TEMP_FOLDER}" - sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar - sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar +function copy_csar_file() { + zip -F ${DISTRIBUTION_CSAR}/sample_csar_with_apex_policy.csar \ + --out ${DISTRIBUTION_CSAR}/csar_temp.csar -q + # Remake temp directory + sudo rm -rf "${DIST_TEMP_FOLDER}" + sudo mkdir "${DIST_TEMP_FOLDER}" + sudo cp ${DISTRIBUTION_CSAR}/csar_temp.csar ${DISTRIBUTION_CSAR}/temp.csar + sudo mv ${DISTRIBUTION_CSAR}/temp.csar ${DIST_TEMP_FOLDER}/sample_csar_with_apex_policy.csar } -function get_robot_file () { - case $PROJECT in - - clamp | policy-clamp) - export ROBOT_FILE=$POLICY_CLAMP_ROBOT - export READINESS_CONTAINERS=($POLICY_CLAMP_CONTAINER) - ;; - - api | policy-api) - export ROBOT_FILE=$POLICY_API_ROBOT - export READINESS_CONTAINERS=($POLICY_API_CONTAINER) - ;; - - pap | policy-pap) - export ROBOT_FILE=$POLICY_PAP_ROBOT - export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_PAP_CONTAINER,$POLICY_API_CONTAINER,$POLICY_DROOLS_CONTAINER, - $POLICY_XACML_CONTAINER) - ;; - - apex-pdp | policy-apex-pdp) - export ROBOT_FILE=$POLICY_APEX_PDP_ROBOT - export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER) - ;; - - xacml-pdp | policy-xacml-pdp) - export ROBOT_FILE=($POLICY_XACML_PDP_ROBOT) - export READINESS_CONTAINERS=($POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,$POLICY_XACML_CONTAINER) - ;; - - drools-pdp | policy-drools-pdp) - export ROBOT_FILE=($POLICY_DROOLS_PDP_ROBOT) - export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER) - ;; - - distribution | policy-distribution) - export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT) - export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER, - $POLICY_DISTRIBUTION_CONTAINER) - ;; - - *) - echo "unknown project supplied" - ;; -esac +function get_robot_file() { + case $PROJECT in + + clamp | policy-clamp) + export ROBOT_FILE=$POLICY_CLAMP_ROBOT + export READINESS_CONTAINERS=($POLICY_CLAMP_CONTAINER) + ;; + + api | policy-api) + export ROBOT_FILE=$POLICY_API_ROBOT + export READINESS_CONTAINERS=($POLICY_API_CONTAINER) + ;; + + pap | policy-pap) + export ROBOT_FILE=$POLICY_PAP_ROBOT + export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_PAP_CONTAINER,$POLICY_API_CONTAINER,$POLICY_DROOLS_CONTAINER, + $POLICY_XACML_CONTAINER) + ;; + + apex-pdp | policy-apex-pdp) + export ROBOT_FILE=$POLICY_APEX_PDP_ROBOT + export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER) + ;; + + xacml-pdp | policy-xacml-pdp) + export ROBOT_FILE=($POLICY_XACML_PDP_ROBOT) + export READINESS_CONTAINERS=($POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER,$POLICY_XACML_CONTAINER) + ;; + + drools-pdp | policy-drools-pdp) + export ROBOT_FILE=($POLICY_DROOLS_PDP_ROBOT) + export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER) + ;; + + distribution | policy-distribution) + export ROBOT_FILE=($POLICY_DISTRIBUTION_ROBOT) + export READINESS_CONTAINERS=($POLICY_APEX_CONTAINER,$POLICY_API_CONTAINER,$POLICY_PAP_CONTAINER, + $POLICY_DISTRIBUTION_CONTAINER) + ;; + + *) + echo "unknown project supplied" + ;; + esac + +} + +function set_charts() { + case $PROJECT in + + clamp | policy-clamp) + export SET_VALUES="--set $POLICY_CLAMP_CONTAINER.enabled=true" + ;; + + api | policy-api) + export SET_VALUES="--set $POLICY_API_CONTAINER.enabled=true" + ;; + + pap | policy-pap) + export SET_VALUES="--set $POLICY_APEX_CONTAINER.enabled=true --set $POLICY_PAP_CONTAINER.enabled=true --set $POLICY_API_CONTAINER.enabled=true + --set $POLICY_DROOLS_CONTAINER.enabled=true --set $POLICY_XACML_CONTAINER.enabled=true" + ;; + + apex-pdp | policy-apex-pdp) + export SET_VALUES="--set $POLICY_APEX_CONTAINER.enabled=true --set $POLICY_PAP_CONTAINER.enabled=true --set $POLICY_API_CONTAINER.enabled=true" + ;; + + xacml-pdp | policy-xacml-pdp) + export SET_VALUES="--set $POLICY_PAP_CONTAINER.enabled=true --set $POLICY_API_CONTAINER.enabled=true --set $POLICY_XACML_CONTAINER.enabled=true" + ;; + + drools-pdp | policy-drools-pdp) + export SET_VALUES="--set $POLICY_DROOLS_CONTAINER.enabled=true" + ;; + + distribution | policy-distribution) + export SET_VALUES="--set $POLICY_APEX_CONTAINER.enabled=true --set $POLICY_PAP_CONTAINER.enabled=true --set $POLICY_API_CONTAINER.enabled=true + --set $POLICY_DISTRIBUTION_CONTAINER.enabled=true" + ;; + + *) + echo "all charts to be deployed" + ;; + esac } +OPERATION="$1" +PROJECT="$2" -if [ $1 == "install" ]; then +if [ $OPERATION == "install" ]; then spin_microk8s_cluster - if [ "${?}" -eq 0 ]; then + if [ "${?}" -eq 0 ]; then + set_charts echo "Installing policy helm charts in the default namespace" - cd ${WORKSPACE}/helm || exit; + cd ${WORKSPACE}/helm || exit sudo microk8s helm dependency build policy - sudo microk8s helm install csit-policy policy + sudo microk8s helm install csit-policy policy ${SET_VALUES} sudo microk8s helm install prometheus prometheus echo "Policy chart installation completed" - echo "-------------------------------------------" + echo "-------------------------------------------" fi - if [ "$2" ]; then - export PROJECT=$2 + if [ "$PROJECT" ]; then + export $PROJECT export ROBOT_LOG_DIR=${WORKSPACE}/csit/archives/${PROJECT} get_robot_file echo "CSIT will be invoked from $ROBOT_FILE" @@ -244,9 +288,8 @@ if [ $1 == "install" ]; then echo "No project supplied for running CSIT" fi -elif [ $1 == "uninstall" ]; then +elif [ $OPERATION == "uninstall" ]; then teardown_cluster else echo "Invalid arguments provided. Usage: $0 [option..] {install {project} | uninstall}" fi - diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index a2ad2c40..e007afb6 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -34,29 +34,29 @@ global: policy-models-simulator: enabled: true policy-clamp-ac-k8s-ppnt: - enabled: true + enabled: false policy-clamp-runtime-acm: - enabled: true + enabled: false policy-api: - enabled: true + enabled: false policy-pap: - enabled: true + enabled: false policy-apex-pdp: - enabled: true + enabled: false policy-clamp-ac-pf-ppnt: - enabled: true + enabled: false policy-drools-pdp: - enabled: true + enabled: false policy-xacml-pdp: - enabled: true + enabled: false policy-distribution: - enabled: true + enabled: false policy-clamp-ac-http-ppnt: - enabled: true + enabled: false policy-clamp-ac-kserve-ppnt: - enabled: true + enabled: false policy-clamp-ac-a1pms-ppnt: - enabled: true + enabled: false ################################################################# # DB configuration defaults. @@ -167,4 +167,4 @@ resources: serviceAccount: nameOverride: policy roles: - - read + - read |