diff options
Diffstat (limited to 'helm')
22 files changed, 963 insertions, 95 deletions
diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index 5c119f0f..3b83cd9a 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -69,3 +69,7 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-clamp-ac-kserve-ppnt' condition: policy-clamp-ac-kserve-ppnt.enabled + - name: policy-clamp-ac-a1pms-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-a1pms-ppnt' + condition: policy-clamp-ac-a1pms-ppnt.enabled diff --git a/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml b/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml deleted file mode 100644 index 3e7bad66..00000000 --- a/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -# Copyright © 2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: { .Chart.Name }} - namespace: {{ include "common.namespace" . }} - labels: - app.kubernetes.io/name: {{ .Chart.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: Helm - - {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }} -spec: - groups: - - name: {{ .Chart.Name }} - rules: - {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} -{{- end }} - diff --git a/helm/policy/components/mariadb-galera/templates/statefulset.yaml b/helm/policy/components/mariadb-galera/templates/statefulset.yaml index 3644a9bd..c347bef0 100644 --- a/helm/policy/components/mariadb-galera/templates/statefulset.yaml +++ b/helm/policy/components/mariadb-galera/templates/statefulset.yaml @@ -223,52 +223,6 @@ spec: - name: mariadb-galera-actual-config mountPath: /opt/bitnami/mariadb/conf {{- end }} - {{- if default false .Values.global.metrics.enabled }} - - name: {{ .Chart.Name }}-metrics - image: {{ .Values.metrics.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} - env: - - name: MARIADB_METRICS_EXTRA_FLAGS - value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }} - - name: MARIADB_ROOT_USER - value: {{ .Values.rootUser.user | quote }} - - name: MARIADB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mariadb-galera-db-root-password - key: password - command: - - sh - - -c - - | - DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS - ports: - - name: tcp-metrics - containerPort: 9104 - livenessProbe: - httpGet: - path: /metrics - port: tcp-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /metrics - port: tcp-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - fsGroup: 10001 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} imagePullSecrets: - name: default-docker-registry-key {{- if .Values.schedulerName }} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml new file mode 100755 index 00000000..e6c8a42d --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp ACM A1PMS Participant +name: policy-clamp-ac-a1pms-ppnt +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml new file mode 100755 index 00000000..8d98d867 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -0,0 +1,76 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: participantUser + password: zb!XztG34 + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration +security: + enable-csrf: false + +a1pms: + baseUrl: http://a1policymanagement.onap:8081 + headers: + content-type: application/json + endpoints: + health: /a1-policy/v2/rics + services: /a1-policy/v2/services + service: /a1-policy/v2/services/{service_id} + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00 + clampAutomationCompositionTopics: + topicSources: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + topicSinks: + - topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement + typeVersion: 1.0.1 + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus +server: + port: 8086 + servlet: + context-path: /onap/policy/clamp/acm/a1pmsparticipant + ssl: + enabled: false + + diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml new file mode 100755 index 00000000..110131c9 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/a1pms-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/a1pms-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml new file mode 100755 index 00000000..619906af --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml new file mode 100755 index 00000000..3b7678b8 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -0,0 +1,134 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password + +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config + +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-a1pms-ppnt-config + - mountPath: /config + name: ac-a1pms-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"] + ports: + - containerPort: 8086 + name: a1pms-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-a1pms-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-create + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-a1pms-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-a1pms-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml new file mode 100755 index 00000000..87c58afe --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/role-binding.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-binding + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-create + namespace: default + diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml new file mode 100755 index 00000000..d9ab84c1 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/secret.yaml @@ -0,0 +1,48 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: {{ .Values.config.jaas }} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml new file mode 100755 index 00000000..af142603 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-create diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml new file mode 100755 index 00000000..231db790 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + protocol: TCP + name: {{ .Values.service.ports.name }} + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} diff --git a/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml new file mode 100755 index 00000000..9abca5bf --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -0,0 +1,107 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-ac-a1pms-ppnt:6.4-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: a1pms-api + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + port: a1pms-api + +service: + type: ClusterIP + name: policy-clamp-ac-a1pms-ppnt + useNodePortExt: true + ports: + name: a1pms-api + port: 8086 + nodePort: 42 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-a1pms-ppnt + roles: + - create + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant + jaas: KuldHochQipa7, +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index c5e83a3d..a2ad2c40 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -55,6 +55,8 @@ policy-clamp-ac-http-ppnt: enabled: true policy-clamp-ac-kserve-ppnt: enabled: true +policy-clamp-ac-a1pms-ppnt: + enabled: true ################################################################# # DB configuration defaults. diff --git a/helm/prometheus/Chart.yaml b/helm/prometheus/Chart.yaml new file mode 100644 index 00000000..75e5a2b7 --- /dev/null +++ b/helm/prometheus/Chart.yaml @@ -0,0 +1,27 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: v2 +name: prometheus +description: Prometheus server to collect all policy components metrics +keywords: +- prometheus +- metrics +- monitoring +type: application +version: 0.1.0 diff --git a/helm/prometheus/resources/prometheus.yml b/helm/prometheus/resources/prometheus.yml new file mode 100644 index 00000000..70041c97 --- /dev/null +++ b/helm/prometheus/resources/prometheus.yml @@ -0,0 +1,96 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# global config +global: + scrape_interval: 60s + evaluation_interval: 10s + +# Alertmanager configuration +alerting: + alertmanagers: + - static_configs: + - targets: + # - alertmanager:9093 + +# scrape config +scrape_configs: + - job_name: "api-metrics" + metrics_path: /policy/api/v1/metrics + static_configs: + - targets: ["policy-api:6969"] + basic_auth: + username: "policyadmin" + password: "zb!XztG34" + + - job_name: "pap-metrics" + metrics_path: /policy/pap/v1/metrics + static_configs: + - targets: ["policy-pap:6969"] + basic_auth: + username: "policyadmin" + password: "zb!XztG34" + + - job_name: "apex-pdp-metrics" + static_configs: + - targets: + - "policy-apex-pdp:6969" + basic_auth: + username: "policyadmin" + password: "zb!XztG34" + + # - job_name: "drools-apps-metrics" + # static_configs: + # - targets: + # - "drools-apps:9696" + # basic_auth: + # username: "demo@people.osaaf.org" + # password: "demo123456!" + + - job_name: "drools-pdp-metrics" + static_configs: + - targets: + - "policy-drools-pdp:9696" + basic_auth: + username: "demo@people.osaaf.org" + password: "demo123456!" + + - job_name: "distribution-metrics" + static_configs: + - targets: + - "policy-distribution:6969" + basic_auth: + username: "policyadmin" + password: "zb!XztG34" + + - job_name: "xacml-pdp-metrics" + static_configs: + - targets: + - "policy-xacml-pdp:6969" + basic_auth: + username: "policyadmin" + password: "zb!XztG34" + + - job_name: "acm-metrics" + metrics_path: "/onap/policy/clamp/acm/prometheus" + static_configs: + - targets: + - "policy-clamp-runtime-acm:6969" + basic_auth: + username: "runtimeUser" + password: "zb!XztG34" diff --git a/helm/prometheus/templates/cluster-role.yaml b/helm/prometheus/templates/cluster-role.yaml new file mode 100644 index 00000000..d8ce874c --- /dev/null +++ b/helm/prometheus/templates/cluster-role.yaml @@ -0,0 +1,52 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }} + namespace: default +rules: +- apiGroups: [""] + resources: + - nodes + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-read +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read + namespace: default diff --git a/helm/prometheus/templates/configmap.yaml b/helm/prometheus/templates/configmap.yaml new file mode 100644 index 00000000..05c2964b --- /dev/null +++ b/helm/prometheus/templates/configmap.yaml @@ -0,0 +1,35 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +{{- with .Files.Glob "resources/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/*.{yaml,yml}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/helm/prometheus/templates/deployment.yaml b/helm/prometheus/templates/deployment.yaml new file mode 100644 index 00000000..818af85f --- /dev/null +++ b/helm/prometheus/templates/deployment.yaml @@ -0,0 +1,57 @@ + +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + spec: + containers: + - image: prom/prometheus:v2.32.1 + name: prometheus + args: + - '--config.file=/etc/prometheus/prometheus.yml' + ports: + - containerPort: 9090 + resources: {} + volumeMounts: + - mountPath: /etc/prometheus + name: prometheusconfig + hostname: prometheus + restartPolicy: Always + volumes: + - name: prometheusconfig + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 diff --git a/helm/prometheus/templates/role-binding.yaml b/helm/prometheus/templates/role-binding.yaml new file mode 100644 index 00000000..355e4eda --- /dev/null +++ b/helm/prometheus/templates/role-binding.yaml @@ -0,0 +1,30 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/prometheus/templates/service-account.yaml b/helm/prometheus/templates/service-account.yaml new file mode 100644 index 00000000..3f34b5b9 --- /dev/null +++ b/helm/prometheus/templates/service-account.yaml @@ -0,0 +1,23 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + namespace: default diff --git a/helm/policy/components/mariadb-galera/templates/metrics-svc.yaml b/helm/prometheus/templates/service.yaml index 00917452..2ce3b028 100644 --- a/helm/policy/components/mariadb-galera/templates/metrics-svc.yaml +++ b/helm/prometheus/templates/service.yaml @@ -1,37 +1,38 @@ -{{/* -# Copyright © 2022 Nordix Foundation # +# ===========LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} +# ============LICENSE_END===================================================== +# -{{- if default false .Values.global.metrics.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ .Chart.Name }}-metrics + name: {{ .Chart.Name }} namespace: default labels: app.kubernetes.io/name: {{ .Chart.Name }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: Helm + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9090' spec: - type: {{ .Values.metrics.service.type }} + type: NodePort ports: - - name: tcp-metrics - port: {{ .Values.metrics.service.port }} - targetPort: tcp-metrics + - port: 9090 + targetPort: 9090 + nodePort: 30909 selector: - matchLabels: - app.kubernetes.io/name: {{ .Chart.Name }} - -{{- end }} + app.kubernetes.io/name: {{ .Chart.Name }} |