From a1954d4a6b33c476b8e057137ae7df92902fa1c2 Mon Sep 17 00:00:00 2001 From: rameshiyer27 Date: Mon, 14 Nov 2022 06:00:12 +0000 Subject: Add helm charts for policy CSIT Added script run-k8s-csit.sh to spin and delete kubernetes cluster in Microk8s. Added helm charts for mariadb, k8s-participant, runtime-acm and dmaap-simulator. Issue-ID: POLICY-4457 Signed-off-by: zrrmmua Change-Id: I456cb7f291d116dbd5b68a067171214a0e08fb37 --- helm/policy-models-simulator/.helmignore | 22 - helm/policy-models-simulator/Chart.yaml | 5 - .../cds/CreateSubscriptionResponseEvent.json | 29 - .../resources/cds/DefaultResponseEvent-error.json | 22 - .../resources/cds/DefaultResponseEvent.json | 29 - .../cds/pm_control-create-subscription-error.json | 22 - .../cds/pm_control-create-subscription.json | 29 - .../resources/config/logback.xml | 33 -- .../resources/config/simParameters.json | 128 ----- helm/policy-models-simulator/templates/NOTES.txt | 21 - .../policy-models-simulator/templates/_helpers.tpl | 56 -- .../templates/configmap.yaml | 12 - .../templates/deployment.yaml | 79 --- .../policy-models-simulator/templates/service.yaml | 30 - .../templates/serviceaccount.yaml | 8 - .../templates/tests/test-connection.yaml | 15 - helm/policy-models-simulator/values.yaml | 81 --- helm/policy/Chart.yaml | 35 ++ helm/policy/components/mariadb-galera/.helmignore | 21 + helm/policy/components/mariadb-galera/Chart.yaml | 25 + .../mariadb-galera/templates/configmap.yaml | 30 + .../mariadb-galera/templates/metrics-svc.yaml | 37 ++ .../components/mariadb-galera/templates/pdb.yaml | 37 ++ .../mariadb-galera/templates/prometheusrules.yaml | 35 ++ .../components/mariadb-galera/templates/pv.yaml | 81 +++ .../mariadb-galera/templates/role-binding.yaml | 29 + .../mariadb-galera/templates/secrets.yaml | 59 ++ .../mariadb-galera/templates/service-account.yaml | 20 + .../mariadb-galera/templates/service.yaml | 68 +++ .../mariadb-galera/templates/statefulset.yaml | 338 ++++++++++++ helm/policy/components/mariadb-galera/values.yaml | 607 +++++++++++++++++++++ .../components/policy-clamp-ac-k8s-ppnt/Chart.yaml | 22 + .../config/KubernetesParticipantParameters.yaml | 132 +++++ .../resources/config/logback.xml | 103 ++++ .../templates/configmap.yaml | 36 ++ .../templates/deployment.yaml | 134 +++++ .../templates/role-binding.yaml | 37 ++ .../policy-clamp-ac-k8s-ppnt/templates/secret.yaml | 48 ++ .../templates/service-account.yaml | 25 + .../templates/service.yaml | 40 ++ .../policy-clamp-ac-k8s-ppnt/values.yaml | 121 ++++ .../components/policy-clamp-runtime-acm/Chart.yaml | 22 + .../resources/config/acRuntimeParameters.yaml | 128 +++++ .../resources/config/db.sh | 26 + .../resources/config/logback.xml | 103 ++++ .../templates/configmap.yaml | 37 ++ .../templates/deployment.yaml | 153 ++++++ .../templates/role-binding.yaml | 33 ++ .../policy-clamp-runtime-acm/templates/secret.yaml | 64 +++ .../templates/service-account.yaml | 25 + .../templates/service.yaml | 41 ++ .../policy-clamp-runtime-acm/values.yaml | 115 ++++ .../components/policy-models-simulator/.helmignore | 22 + .../components/policy-models-simulator/Chart.yaml | 5 + .../cds/CreateSubscriptionResponseEvent.json | 29 + .../resources/cds/DefaultResponseEvent-error.json | 22 + .../resources/cds/DefaultResponseEvent.json | 29 + .../cds/pm_control-create-subscription-error.json | 22 + .../cds/pm_control-create-subscription.json | 29 + .../resources/config/logback.xml | 33 ++ .../resources/config/simParameters.json | 110 ++++ .../policy-models-simulator/templates/NOTES.txt | 21 + .../policy-models-simulator/templates/_helpers.tpl | 56 ++ .../templates/configmap.yaml | 12 + .../templates/deployment.yaml | 73 +++ .../policy-models-simulator/templates/service.yaml | 30 + .../templates/serviceaccount.yaml | 8 + .../templates/tests/test-connection.yaml | 15 + .../components/policy-models-simulator/values.yaml | 95 ++++ helm/policy/resources/config/db.sh | 30 + .../resources/config/db_migrator_policy_init.sh | 22 + helm/policy/templates/configmap.yaml | 26 + helm/policy/templates/job.yaml | 180 ++++++ helm/policy/templates/service-account.yaml | 21 + helm/policy/values.yaml | 177 ++++++ 75 files changed, 3934 insertions(+), 621 deletions(-) delete mode 100644 helm/policy-models-simulator/.helmignore delete mode 100644 helm/policy-models-simulator/Chart.yaml delete mode 100644 helm/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json delete mode 100644 helm/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json delete mode 100644 helm/policy-models-simulator/resources/cds/DefaultResponseEvent.json delete mode 100644 helm/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json delete mode 100644 helm/policy-models-simulator/resources/cds/pm_control-create-subscription.json delete mode 100644 helm/policy-models-simulator/resources/config/logback.xml delete mode 100644 helm/policy-models-simulator/resources/config/simParameters.json delete mode 100644 helm/policy-models-simulator/templates/NOTES.txt delete mode 100644 helm/policy-models-simulator/templates/_helpers.tpl delete mode 100644 helm/policy-models-simulator/templates/configmap.yaml delete mode 100644 helm/policy-models-simulator/templates/deployment.yaml delete mode 100644 helm/policy-models-simulator/templates/service.yaml delete mode 100644 helm/policy-models-simulator/templates/serviceaccount.yaml delete mode 100644 helm/policy-models-simulator/templates/tests/test-connection.yaml delete mode 100644 helm/policy-models-simulator/values.yaml create mode 100755 helm/policy/Chart.yaml create mode 100644 helm/policy/components/mariadb-galera/.helmignore create mode 100644 helm/policy/components/mariadb-galera/Chart.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/configmap.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/metrics-svc.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/pdb.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/prometheusrules.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/pv.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/role-binding.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/secrets.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/service-account.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/service.yaml create mode 100644 helm/policy/components/mariadb-galera/templates/statefulset.yaml create mode 100644 helm/policy/components/mariadb-galera/values.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/role-binding.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/secret.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service-account.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml create mode 100644 helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/Chart.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml create mode 100755 helm/policy/components/policy-clamp-runtime-acm/resources/config/db.sh create mode 100644 helm/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/role-binding.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/secret.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/service-account.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/templates/service.yaml create mode 100644 helm/policy/components/policy-clamp-runtime-acm/values.yaml create mode 100644 helm/policy/components/policy-models-simulator/.helmignore create mode 100644 helm/policy/components/policy-models-simulator/Chart.yaml create mode 100644 helm/policy/components/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json create mode 100644 helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json create mode 100644 helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent.json create mode 100644 helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json create mode 100644 helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription.json create mode 100644 helm/policy/components/policy-models-simulator/resources/config/logback.xml create mode 100644 helm/policy/components/policy-models-simulator/resources/config/simParameters.json create mode 100644 helm/policy/components/policy-models-simulator/templates/NOTES.txt create mode 100644 helm/policy/components/policy-models-simulator/templates/_helpers.tpl create mode 100644 helm/policy/components/policy-models-simulator/templates/configmap.yaml create mode 100644 helm/policy/components/policy-models-simulator/templates/deployment.yaml create mode 100644 helm/policy/components/policy-models-simulator/templates/service.yaml create mode 100644 helm/policy/components/policy-models-simulator/templates/serviceaccount.yaml create mode 100644 helm/policy/components/policy-models-simulator/templates/tests/test-connection.yaml create mode 100644 helm/policy/components/policy-models-simulator/values.yaml create mode 100755 helm/policy/resources/config/db.sh create mode 100644 helm/policy/resources/config/db_migrator_policy_init.sh create mode 100755 helm/policy/templates/configmap.yaml create mode 100755 helm/policy/templates/job.yaml create mode 100644 helm/policy/templates/service-account.yaml create mode 100755 helm/policy/values.yaml (limited to 'helm') diff --git a/helm/policy-models-simulator/.helmignore b/helm/policy-models-simulator/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/helm/policy-models-simulator/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/helm/policy-models-simulator/Chart.yaml b/helm/policy-models-simulator/Chart.yaml deleted file mode 100644 index 95354034..00000000 --- a/helm/policy-models-simulator/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: policy-models-simulator -version: 0.1.0 diff --git a/helm/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json b/helm/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json deleted file mode 100644 index adb51adc..00000000 --- a/helm/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "commonHeader": { - "timestamp": "2020-03-20T14:00:25.217Z", - "requestId": "123456-1000", - "subRequestId": "sub-123456-1000", - "flag": { - }, - "originatorId": "sdnc" - }, - "actionIdentifiers": { - "blueprintName": "pm_control", - "blueprintVersion": "1.0.0", - "actionName": "create-subscription", - "mode": "sync" - }, - "status": { - "code": 200, - "message": "success", - "eventType": "EVENT_COMPONENT_EXECUTED", - "timestamp": "Fri Mar 20 14:00:26 GMT 2020" - }, - "payload": { - "create-subscription-response": { - "odl-response": { - "status": "success" - } - } - } -} \ No newline at end of file diff --git a/helm/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json b/helm/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json deleted file mode 100644 index a66b1114..00000000 --- a/helm/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "commonHeader": { - "timestamp": "2020-03-20T14:00:25.217Z", - "requestId": "123456-1000", - "subRequestId": "sub-123456-1000", - "flag": { - }, - "originatorId": "sdnc" - }, - "actionIdentifiers": { - "blueprintName": "pm_control", - "blueprintVersion": "1.0.0", - "actionName": "create-subscription", - "mode": "sync" - }, - "status": { - "code": 500, - "message": "failure", - "eventType": "EVENT_COMPONENT_FAILURE", - "timestamp": "Fri Mar 20 14:00:26 GMT 2020" - } -} \ No newline at end of file diff --git a/helm/policy-models-simulator/resources/cds/DefaultResponseEvent.json b/helm/policy-models-simulator/resources/cds/DefaultResponseEvent.json deleted file mode 100644 index adb51adc..00000000 --- a/helm/policy-models-simulator/resources/cds/DefaultResponseEvent.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "commonHeader": { - "timestamp": "2020-03-20T14:00:25.217Z", - "requestId": "123456-1000", - "subRequestId": "sub-123456-1000", - "flag": { - }, - "originatorId": "sdnc" - }, - "actionIdentifiers": { - "blueprintName": "pm_control", - "blueprintVersion": "1.0.0", - "actionName": "create-subscription", - "mode": "sync" - }, - "status": { - "code": 200, - "message": "success", - "eventType": "EVENT_COMPONENT_EXECUTED", - "timestamp": "Fri Mar 20 14:00:26 GMT 2020" - }, - "payload": { - "create-subscription-response": { - "odl-response": { - "status": "success" - } - } - } -} \ No newline at end of file diff --git a/helm/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json b/helm/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json deleted file mode 100644 index a66b1114..00000000 --- a/helm/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "commonHeader": { - "timestamp": "2020-03-20T14:00:25.217Z", - "requestId": "123456-1000", - "subRequestId": "sub-123456-1000", - "flag": { - }, - "originatorId": "sdnc" - }, - "actionIdentifiers": { - "blueprintName": "pm_control", - "blueprintVersion": "1.0.0", - "actionName": "create-subscription", - "mode": "sync" - }, - "status": { - "code": 500, - "message": "failure", - "eventType": "EVENT_COMPONENT_FAILURE", - "timestamp": "Fri Mar 20 14:00:26 GMT 2020" - } -} \ No newline at end of file diff --git a/helm/policy-models-simulator/resources/cds/pm_control-create-subscription.json b/helm/policy-models-simulator/resources/cds/pm_control-create-subscription.json deleted file mode 100644 index adb51adc..00000000 --- a/helm/policy-models-simulator/resources/cds/pm_control-create-subscription.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "commonHeader": { - "timestamp": "2020-03-20T14:00:25.217Z", - "requestId": "123456-1000", - "subRequestId": "sub-123456-1000", - "flag": { - }, - "originatorId": "sdnc" - }, - "actionIdentifiers": { - "blueprintName": "pm_control", - "blueprintVersion": "1.0.0", - "actionName": "create-subscription", - "mode": "sync" - }, - "status": { - "code": 200, - "message": "success", - "eventType": "EVENT_COMPONENT_EXECUTED", - "timestamp": "Fri Mar 20 14:00:26 GMT 2020" - }, - "payload": { - "create-subscription-response": { - "odl-response": { - "status": "success" - } - } - } -} \ No newline at end of file diff --git a/helm/policy-models-simulator/resources/config/logback.xml b/helm/policy-models-simulator/resources/config/logback.xml deleted file mode 100644 index 224c322c..00000000 --- a/helm/policy-models-simulator/resources/config/logback.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - %d %level %msg%n - - - - - - diff --git a/helm/policy-models-simulator/resources/config/simParameters.json b/helm/policy-models-simulator/resources/config/simParameters.json deleted file mode 100644 index 7408ade8..00000000 --- a/helm/policy-models-simulator/resources/config/simParameters.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "dmaapProvider": { - "name": "DMaaP simulator", - "topicSweepSec": 300 - }, - "restServers": [ - { - "name": "DMaaP simulator", - "providerClass": "org.onap.policy.models.sim.dmaap.rest.DmaapSimRestControllerV1", - "host": "0.0.0.0", - "port": 3905, - "https": true - }, - { - "name": "A&AI simulator", - "providerClass": "org.onap.policy.simulators.AaiSimulatorJaxRs", - "host": "0.0.0.0", - "port": 6666, - "https": true - }, - { - "name": "Guard simulator", - "providerClass": "org.onap.policy.simulators.GuardSimulatorJaxRs", - "host": "0.0.0.0", - "port": 6667, - "https": true - }, - { - "name": "SDNC simulator", - "providerClass": "org.onap.policy.simulators.SdncSimulatorJaxRs", - "host": "0.0.0.0", - "port": 6668, - "https": true - }, - { - "name": "SO simulator", - "providerClass": "org.onap.policy.simulators.SoSimulatorJaxRs", - "host": "0.0.0.0", - "port": 6669, - "https": true - }, - { - "name": "VFC simulator", - "providerClass": "org.onap.policy.simulators.VfcSimulatorJaxRs", - "host": "0.0.0.0", - "port": 6670, - "https": true - } - ], - "topicSinks": [ - { - "topic": "APPC-CL", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - }, - { - "topic": "APPC-LCM-WRITE", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - }, - { - "topic": "SDNR-CL", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - } - ], - "topicSources": [ - { - "topic": "APPC-CL", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - }, - { - "topic": "APPC-LCM-READ", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - }, - { - "topic": "SDNR-CL-RSP", - "servers": ["${HOST_NAME}"], - "topicCommInfrastructure": "DMAAP", - "useHttps": true, - "allowSelfSignedCerts" : true - } - ], - "topicServers": [ - { - "name": "APPC Legacy simulator", - "providerClass": "org.onap.policy.simulators.AppcLegacyTopicServer", - "sink": "APPC-CL", - "source": "APPC-CL" - }, - { - "name": "APPC-LCM simulator", - "providerClass": "org.onap.policy.simulators.AppcLcmTopicServer", - "sink": "APPC-LCM-WRITE", - "source": "APPC-LCM-READ" - }, - { - "name": "SDNR simulator", - "providerClass": "org.onap.policy.simulators.SdnrTopicServer", - "sink": "SDNR-CL", - "source": "SDNR-CL-RSP" - } - ], - "grpcServer": { - "name": "CDS simulator", - "providerClass": "org.onap.policy.simulators.CdsSimulator", - "host": "0.0.0.0", - "port": 6680, - "timeout": 30, - "username": "ccsdkapps", - "password": "ccsdkapps", - "resourceLocation": "/opt/app/policy/simulators/etc/mounted/", - "successRepeatCount": 0, - "requestedResponseDelayMs": 0 - } -} diff --git a/helm/policy-models-simulator/templates/NOTES.txt b/helm/policy-models-simulator/templates/NOTES.txt deleted file mode 100644 index f6e027f2..00000000 --- a/helm/policy-models-simulator/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "policy-models-simulator.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "policy-models-simulator.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "policy-models-simulator.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "policy-models-simulator.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/helm/policy-models-simulator/templates/_helpers.tpl b/helm/policy-models-simulator/templates/_helpers.tpl deleted file mode 100644 index a741f0de..00000000 --- a/helm/policy-models-simulator/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "policy-models-simulator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "policy-models-simulator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "policy-models-simulator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "policy-models-simulator.labels" -}} -app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} -helm.sh/chart: {{ include "policy-models-simulator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "policy-models-simulator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "policy-models-simulator.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/helm/policy-models-simulator/templates/configmap.yaml b/helm/policy-models-simulator/templates/configmap.yaml deleted file mode 100644 index c0f75199..00000000 --- a/helm/policy-models-simulator/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "policy-models-simulator.fullname" . }}-configmap - labels: - app: {{ include "policy-models-simulator.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/cds/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy-models-simulator/templates/deployment.yaml b/helm/policy-models-simulator/templates/deployment.yaml deleted file mode 100644 index 84ba530d..00000000 --- a/helm/policy-models-simulator/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "policy-models-simulator.fullname" . }} - labels: -{{ include "policy-models-simulator.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "policy-models-simulator.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/opt/app/policy/simulators/bin/simulators.sh"] - args: ["/opt/app/policy/simulators/etc/mounted/simParameters.json"] - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - - containerPort: {{ .Values.service.internalPort3 }} - - containerPort: {{ .Values.service.internalPort4 }} - - containerPort: {{ .Values.service.internalPort5 }} - - containerPort: {{ .Values.service.internalPort6 }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' - initialDelaySeconds: 120 - periodSeconds: 20 - readinessProbe: - exec: - command: - - /bin/bash - - -c - - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' - initialDelaySeconds: 120 - periodSeconds: 20 - volumeMounts: - - mountPath: /opt/app/policy/simulators/etc/mounted/ - name: simconfig - readOnly: true - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: simconfig - configMap: - name: {{ include "policy-models-simulator.fullname" . }}-configmap - defaultMode: 0755 diff --git a/helm/policy-models-simulator/templates/service.yaml b/helm/policy-models-simulator/templates/service.yaml deleted file mode 100644 index 362ac93a..00000000 --- a/helm/policy-models-simulator/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "policy-models-simulator.fullname" . }} - labels: -{{ include "policy-models-simulator.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName }}3 - - port: {{ .Values.service.externalPort4 }} - targetPort: {{ .Values.service.internalPort4 }} - name: {{ .Values.service.portName }}4 - - port: {{ .Values.service.externalPort5 }} - targetPort: {{ .Values.service.internalPort5 }} - name: {{ .Values.service.portName }}5 - - port: {{ .Values.service.externalPort6 }} - targetPort: {{ .Values.service.internalPort6 }} - name: {{ .Values.service.portName }}6 - selector: - app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/helm/policy-models-simulator/templates/serviceaccount.yaml b/helm/policy-models-simulator/templates/serviceaccount.yaml deleted file mode 100644 index 27ee5daa..00000000 --- a/helm/policy-models-simulator/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "policy-models-simulator.serviceAccountName" . }} - labels: -{{ include "policy-models-simulator.labels" . | indent 4 }} -{{- end -}} diff --git a/helm/policy-models-simulator/templates/tests/test-connection.yaml b/helm/policy-models-simulator/templates/tests/test-connection.yaml deleted file mode 100644 index e90661bc..00000000 --- a/helm/policy-models-simulator/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "policy-models-simulator.fullname" . }}-test-connection" - labels: -{{ include "policy-models-simulator.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "policy-models-simulator.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/helm/policy-models-simulator/values.yaml b/helm/policy-models-simulator/values.yaml deleted file mode 100644 index d6264637..00000000 --- a/helm/policy-models-simulator/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Default values for policy-models-simulator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nexus3.onap.org:10001/onap/policy-models-simulator - tag: latest - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - name: policy-models-simulator - portName: policy-models-simulator - externalPort: 3905 - internalPort: 3905 - externalPort2: 6667 - internalPort2: 6667 - externalPort3: 6668 - internalPort3: 6668 - externalPort4: 6669 - internalPort4: 6669 - externalPort5: 6670 - internalPort5: 6670 - externalPort6: 6680 - internalPort6: 6680 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml new file mode 100755 index 00000000..f1930303 --- /dev/null +++ b/helm/policy/Chart.yaml @@ -0,0 +1,35 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: ONAP Policy +name: policy +version: 11.0.0 + +dependencies: + - name: mariadb-galera + version: ~11.x-0 + repository: 'file://components/mariadb-galera' + - name: policy-clamp-ac-k8s-ppnt + version: ~11.x-0 + repository: 'file://components/policy-clamp-ac-k8s-ppnt' + condition: policy-clamp-ac-k8s-ppnt.enabled + - name: policy-clamp-runtime-acm + version: ~11.x-0 + repository: 'file://components/policy-clamp-runtime-acm' + condition: policy-clamp-runtime-acm.enabled + - name: policy-models-simulator + version: ~11.x-0 + repository: 'file://components/policy-models-simulator' + condition: policy-models-simulator.enabled diff --git a/helm/policy/components/mariadb-galera/.helmignore b/helm/policy/components/mariadb-galera/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/helm/policy/components/mariadb-galera/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/policy/components/mariadb-galera/Chart.yaml b/helm/policy/components/mariadb-galera/Chart.yaml new file mode 100644 index 00000000..63b04a03 --- /dev/null +++ b/helm/policy/components/mariadb-galera/Chart.yaml @@ -0,0 +1,25 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: Chart for MariaDB Galera cluster +name: mariadb-galera +version: 11.0.0 +keywords: + - mariadb + - mysql + - database + - sql + - galera + - cluster diff --git a/helm/policy/components/mariadb-galera/templates/configmap.yaml b/helm/policy/components/mariadb-galera/templates/configmap.yaml new file mode 100644 index 00000000..e0b33086 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/configmap.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.mariadbConfiguration }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configuration + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm +data: + my.cnf: | +{{ .Values.mariadbConfiguration | indent 4 }} +{{- end }} diff --git a/helm/policy/components/mariadb-galera/templates/metrics-svc.yaml b/helm/policy/components/mariadb-galera/templates/metrics-svc.yaml new file mode 100644 index 00000000..00917452 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/metrics-svc.yaml @@ -0,0 +1,37 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if default false .Values.global.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-metrics + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm +spec: + type: {{ .Values.metrics.service.type }} + ports: + - name: tcp-metrics + port: {{ .Values.metrics.service.port }} + targetPort: tcp-metrics + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + +{{- end }} diff --git a/helm/policy/components/mariadb-galera/templates/pdb.yaml b/helm/policy/components/mariadb-galera/templates/pdb.yaml new file mode 100644 index 00000000..e4f7e5c3 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/pdb.yaml @@ -0,0 +1,37 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.podDisruptionBudget.create }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} +{{- end }} diff --git a/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml b/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml new file mode 100644 index 00000000..3e7bad66 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/prometheusrules.yaml @@ -0,0 +1,35 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: { .Chart.Name }} + namespace: {{ include "common.namespace" . }} + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + + {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }} +spec: + groups: + - name: {{ .Chart.Name }} + rules: + {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} +{{- end }} + diff --git a/helm/policy/components/mariadb-galera/templates/pv.yaml b/helm/policy/components/mariadb-galera/templates/pv.yaml new file mode 100644 index 00000000..3790c78a --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/pv.yaml @@ -0,0 +1,81 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}--0 + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: + storageClassName: "mariadb-galera-data" + hostPath: + path: /dockerdata-nfs/mariadb-galera/data-0 + +--- + +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}--1 + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: + storageClassName: "mariadb-galera-data" + hostPath: + path: /dockerdata-nfs/mariadb-galera/data-1 + +--- + +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}--2 + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: + storageClassName: "mariadb-galera-data" + hostPath: + path: /dockerdata-nfs/mariadb-galera/data-2 + diff --git a/helm/policy/components/mariadb-galera/templates/role-binding.yaml b/helm/policy/components/mariadb-galera/templates/role-binding.yaml new file mode 100644 index 00000000..c06b1950 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/role-binding.yaml @@ -0,0 +1,29 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io + diff --git a/helm/policy/components/mariadb-galera/templates/secrets.yaml b/helm/policy/components/mariadb-galera/templates/secrets.yaml new file mode 100644 index 00000000..7a134928 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/secrets.yaml @@ -0,0 +1,59 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-galera-db-backup-credentials + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.galera.mariabackup.user }} + password: {{ .Values.galera.mariabackup.password }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-galera-db-root-password + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + password: {{ .Values.rootUser.password }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-galera-db-user-credentials + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + diff --git a/helm/policy/components/mariadb-galera/templates/service-account.yaml b/helm/policy/components/mariadb-galera/templates/service-account.yaml new file mode 100644 index 00000000..417938a6 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/service-account.yaml @@ -0,0 +1,20 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read diff --git a/helm/policy/components/mariadb-galera/templates/service.yaml b/helm/policy/components/mariadb-galera/templates/service.yaml new file mode 100644 index 00000000..0494f7d8 --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/service.yaml @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm +spec: + ports: + - port: 3306 + targetPort: tcp-mysql + protocol: TCP + name: tcp-mysql + ipFamilyPolicy: PreferDualStack + type: ClusterIP + selector: + app.kubernetes.io/name: {{ .Chart.Name }} + sessionAffinity: None + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-headless + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm +spec: + clusterIP: None + ports: + - port: 4567 + targetPort: tcp-galera + protocol: TCP + name: tcp-galera + - port: 4568 + targetPort: tcp-ist + protocol: TCP + name: tcp-ist + - port: 4444 + targetPort: tcp-sst + protocol: TCP + name: tcp-sst + ipFamilyPolicy: PreferDualStack + type: ClusterIP + selector: + app.kubernetes.io/name: {{ .Chart.Name }} + sessionAffinity: None diff --git a/helm/policy/components/mariadb-galera/templates/statefulset.yaml b/helm/policy/components/mariadb-galera/templates/statefulset.yaml new file mode 100644 index 00000000..3644a9bd --- /dev/null +++ b/helm/policy/components/mariadb-galera/templates/statefulset.yaml @@ -0,0 +1,338 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + + serviceName: {{ .Chart.Name }}-headless + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + template: + metadata: + annotations: + traffic.sidecar.istio.io/excludeInboundPorts: 4444,4567,4568 + traffic.sidecar.istio.io/excludeOutboundPorts: 4444,4567,4568 + traffic.sidecar.istio.io/includeInboundPorts: '*' + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + + spec: + securityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /bootstrap/ + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /tmp/ + {{- if .Values.mariadbConfiguration }} + cp /config/my.cnf /actual/my.cnf + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /actual + {{- end }} + image: docker.io/library/busybox:1.34.1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: previous-boot + mountPath: /bootstrap + - name: mariadb-tmp-folder + mountPath: /tmp + - name: {{ .Chart.Name }} + mountPath: /data + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-starting-config + mountPath: /config/my.cnf + subPath: my.cnf + - name: mariadb-galera-actual-config + mountPath: /actual + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} + command: + - bash + - -ec + - | + {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}} + {{- $fullname := "mariadb-galera" }} + {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }} + # Bootstrap from the indicated node + NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}" + if [[ "$NODE_ID" -eq "{{ $bootstrapFromNode }}" ]]; then + export MARIADB_GALERA_CLUSTER_BOOTSTRAP=yes + export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP={{ ternary "yes" "no" .Values.galera.bootstrap.forceSafeToBootstrap }} + fi + {{- end }} + exec /opt/bitnami/scripts/mariadb-galera/entrypoint.sh /opt/bitnami/scripts/mariadb-galera/run.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.debug | quote }} + - name: MARIADB_INIT_SLEEP_TIME + value: {{ .Values.init_sleep_time | quote }} + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ .Chart.Name }}-headless.default.svc.{{ .Values.global.clusterDomain }}" + # Bitnami init script don't behave well in dual stack env. + # set it here as long as https://github.com/bitnami/charts/issues/4077 is not solved. + - name: MARIADB_GALERA_NODE_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-root-password + key: password + - name: MARIADB_USER + valueFrom: + secretKeyRef: + name: mariadb-galera-db-user-credentials + key: login + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-user-credentials + key: password + - name: MARIADB_DATABASE + value: {{ .Values.db.name | quote }} + - name: MARIADB_GALERA_MARIABACKUP_USER + valueFrom: + secretKeyRef: + name: mariadb-galera-db-backup-credentials + key: login + - name: MARIADB_GALERA_MARIABACKUP_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-backup-credentials + key: password + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} + ports: + - containerPort: 3306 + name: tcp-mysql + - containerPort: 4567 + name: tcp-galera + - containerPort: 4568 + name: tcp-ist + - containerPort: 4444 + name: tcp-sst + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - sh + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + resources: +{{ toYaml .Values.resources.small | indent 12 }} + volumeMounts: + - name: previous-boot + mountPath: /opt/bitnami/mariadb/.bootstrap + - name: {{ .Chart.Name }} + mountPath: /bitnami/mariadb + - name: mariadb-tmp-folder + mountPath: /opt/bitnami/mariadb/tmp + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + mountPath: /opt/bitnami/mariadb/conf + {{- end }} + {{- if default false .Values.global.metrics.enabled }} + - name: {{ .Chart.Name }}-metrics + image: {{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + env: + - name: MARIADB_METRICS_EXTRA_FLAGS + value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }} + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-root-password + key: password + command: + - sh + - -c + - | + DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS + ports: + - name: tcp-metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: tcp-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /metrics + port: tcp-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + securityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + imagePullSecrets: + - name: default-docker-registry-key + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: mariadb-galera-read + affinity: + podAffinity: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + namespaces: + - default + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: {} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 10 }} + {{- end }} + volumes: + - name: previous-boot + emptyDir: {} + - name: mariadb-tmp-folder + emptyDir: {} + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + emptyDir: {} + - name: mariadb-galera-starting-config + configMap: + name: {{ .Chart.Name }}-configuration + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: {{ .Chart.Name }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: {{ .Chart.Name }} + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: mariadb-galera-data + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end }} diff --git a/helm/policy/components/mariadb-galera/values.yaml b/helm/policy/components/mariadb-galera/values.yaml new file mode 100644 index 00000000..d2a54a41 --- /dev/null +++ b/helm/policy/components/mariadb-galera/values.yaml @@ -0,0 +1,607 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + clusterDomain: cluster.local + metrics: {} + dockerHubRepository: &dockerHubRepository docker.io + +passwordStrengthOverride: basic + +image: docker.io/bitnami/mariadb-galera:10.5.8 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: Always + +## Set to true if you would like to see extra information on logs +## It turns BASH debugging in minideb-extras-base +## +debug: true + +## Sometimes, especially when a lot of pods are created at the same time, +## actions performed on the databases are tried to be done before actual start. +init_sleep_time: 5 + +## String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: mariadb-galera + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel +## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy +## +podManagementPolicy: OrderedReady + + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + nameOverride: mariadb-galera + roles: + - read + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + user_id: 10001 + group_id: 10001 + +## Database credentials for root (admin) user +## +rootUser: + ## MariaDB admin user + user: root + ## MariaDB admin password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run + ## + password: dOM39tQX + # externalSecret: + +## Custom db configuration +## +db: + ## MariaDB username and password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run + ## + user: policy-user + password: policy-user + # externalSecret: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run + ## + # name: my_database + +## Galera configuration +## +galera: + ## Galera cluster name + ## + name: galera + + ## Bootstraping options + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping + bootstrap: + ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node + ## + bootstrapFromNode: 0 + ## Force safe_to_bootstrap in grastate.date file. + ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. + forceSafeToBootstrap: true + + ## Credentials to perform backups + ## + mariabackup: + ## MariaBackup username and password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## + user: mariabackup + password: pt49gEq7 + # externalSecret: + +## The backup job will mount the mariadb data pvc in order to run mariabackup. +## For this reason the db data pvc needs to have accessMode: ReadWriteMany. +backup: + enabled: false + cron: "00 00 * * *" + retentionPeriod: 3 + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 2Gi + +## TLS configuration +## +tls: + ## Enable TLS + ## + enabled: false + ## Name of the secret that contains the certificates + ## + # certificatesSecret: + ## Certificate filename + ## + # certFilename: + ## Certificate Key filename + ## + # certKeyFilename: + ## CA Certificate filename + ## + # certCAFilename: + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + plugin_dir=/opt/bitnami/mariadb/plugin + + [mysqld] + lower_case_table_names = 1 + default_storage_engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + plugin_dir=/opt/bitnami/mariadb/plugin + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind_address=0.0.0.0 + + ## Character set + collation_server=utf8_unicode_ci + init_connect='SET NAMES utf8' + character_set_server=utf8 + + ## MyISAM + key_buffer_size=32M + myisam_recover_options=FORCE,BACKUP + + ## Safety + skip_host_cache + skip_name_resolve + max_allowed_packet=16M + max_connect_errors=1000000 + sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate_is_now=1 + + ## Binary Logging + log_bin=mysql-bin + expire_logs_days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync_binlog=0 + # Required for Galera + binlog_format=row + + ## Caches and Limits + tmp_table_size=32M + max_heap_table_size=32M + # Re-enabling as now works with Maria 10.1.2 + query_cache_type=1 + query_cache_limit=4M + query_cache_size=256M + max_connections=500 + thread_cache_size=50 + open_files_limit=65535 + table_definition_cache=4096 + table_open_cache=4096 + + ## InnoDB + innodb=FORCE + innodb_strict_mode=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb_autoinc_lock_mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb_doublewrite=1 + innodb_flush_method=O_DIRECT + innodb_log_files_in_group=2 + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=1 + innodb_file_per_table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb_buffer_pool_size=2G + innodb_file_format=Barracuda + + ## Logging + log_error=/opt/bitnami/mariadb/logs/mysqld.log + slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log + log_queries_not_using_indexes=1 + slow_query_log=1 + + ## SSL + ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem + # ssl_ca=/certs/ca.pem + # ssl_cert=/certs/server-cert.pem + # ssl_key=/certs/server-key.pem + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit + innodb_flush_log_at_trx_commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + binlog_format=row + default_storage_engine=InnoDB + innodb_autoinc_lock_mode=2 + transaction-isolation=READ-COMMITTED + wsrep_causal_reads=1 + wsrep_sync_wait=7 + + [mariadb] + plugin_load_add=auth_pam + + ## Data-at-Rest Encryption + ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem + # plugin_load_add=file_key_management + # file_key_management_filename=/encryption/keyfile.enc + # file_key_management_filekey=FILE:/encryption/keyfile.key + # file_key_management_encryption_algorithm=AES_CTR + # encrypt_binlog=ON + # encrypt_tmp_files=ON + + ## InnoDB/XtraDB Encryption + # innodb_encrypt_tables=ON + # innodb_encrypt_temporary_tables=ON + # innodb_encrypt_log=ON + # innodb_encryption_threads=4 + # innodb_encryption_rotate_key_age=1 + + ## Aria Encryption + # aria_encrypt_tables=ON + # encrypt_tmp_disk_tables=ON + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Desired number of cluster nodes +## +replicaCount: 3 + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Additional pod annotations for MariaDB Galera pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## -> here required to enable mariadb-galera in istio +## +podAnnotations: + # sidecar.istio.io/inject: "false" + traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568" + traffic.sidecar.istio.io/includeInboundPorts: '*' + traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568" + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + mountPath: /dockerdata-nfs + mountSubPath: "mariadb-galera/data" + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: + ## Persistent Volume Access Mode + ## Use ReadWriteMany if backup is enabled, see backup section. + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 3Gi + +## Additional pod labels +## +# podLabels: +# extraLabel: extraValue + +## Priority Class Name +# +# priorityClassName: 'priorityClass' + +## MariaDB Galera containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 500m + memory: 2Gi + unlimited: {} + +## MariaDB Galera containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: true + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 180 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 180 + successThreshold: 1 + failureThreshold: 3 +startupProbe: + ## Initializing the database could take some time + ## + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 180 + successThreshold: 1 + # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before + # stating startup wasn't good (910s per default) + failureThreshold: 90 + +## Pod disruption budget configuration +## +podDisruptionBudget: + ## Specifies whether a Pod disruption budget should be created + ## + create: true + minAvailable: 1 + # maxUnavailable: 1 + +## Prometheus exporter configuration +## +metrics: + ## Bitnami MySQL Prometheus exporter image + ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ + ## + image: docker.io/bitnami/mysqld-exporter:0.12.1-debian-10-r264 + pullPolicy: Always + ## MySQL exporter additional command line flags + ## Can be used to specify command line flags + ## E.g.: + ## extraFlags: + ## - --collect.binlog_size + ## + extraFlags: [] + ## MySQL Prometheus exporter containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 0.5 + memory: 256Mi + requests: + cpu: 0.5 + memory: 256Mi + ## MariaDB Galera metrics container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + ## MySQL Prometheus exporter service parameters + ## + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 10s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + # selector: + # prometheus: kube-prometheus + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRules: + enabled: false + + ## Additional labels to add to the PrometheusRule so it is picked up by the operator. + ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' + selector: + app: prometheus-operator + release: prometheus + + ## Rules as a map. + rules: [] + # - alert: MariaDB-Down + # annotations: + # message: 'MariaDB instance {{ $labels.instance }} is down' + # summary: MariaDB instance is down + # expr: absent(up{job="mariadb-galera"} == 1) + # labels: + # severity: warning + # service: mariadb-galera + # for: 5m diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml new file mode 100644 index 00000000..4f02d934 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop K8s Participant +name: policy-clamp-ac-k8s-ppnt +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml new file mode 100644 index 00000000..9a0a8fdc --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -0,0 +1,132 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + autoconfigure: + exclude: > + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration, + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration, + org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} + bootstrap-servers: release-{{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +participant: + localChartDirectory: /home/policy/local-charts + infoFileName: CHART_INFO.json + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: K8sParticipant0 + version: 1.0.0 + participantType: + name: org.onap.policy.clamp.acm.KubernetesParticipant + version: 2.3.4 + clampAutomationCompositionTopics: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: false + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false + +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - release-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - release-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + +server: + # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. + # See springboot documentation. + port: 8083 + servlet: + context-path: /onap/policy/clamp/acm/k8sparticipant + ssl: + enabled: false + + +logging: + # Configuration of logging + level: + ROOT: INFO + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.onap.policy.clamp.controlloop.participant.kubernetes: INFO + + file: + name: /var/log/onap/policy/clamp/application.log + +chart: + api: + enabled: false + +# Permitted list of helm repositories. Values are updated from values.yaml diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml new file mode 100644 index 00000000..6ceb2e5a --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/k8s-participant/error.log + + /var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/k8s-participant/debug.log + + /var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/k8s-participant/network.log + + /var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml new file mode 100644 index 00000000..6df0b636 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml @@ -0,0 +1,36 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} +{{- if .Values.repoList }} +{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }} +{{ toYaml .Values.repoList | indent 4 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml new file mode 100644 index 00000000..58721070 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -0,0 +1,134 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + app.kubernetes.io/instance: RELEASE + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: login + + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-secret + key: password + +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config + +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-k8s-ppnt-config + - mountPath: /config + name: ac-k8s-ppnt-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] + ports: + - containerPort: 8083 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-k8s-ppnt-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-create + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-k8s-ppnt-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-k8s-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/role-binding.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/role-binding.yaml new file mode 100644 index 00000000..08b0df23 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/role-binding.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-binding + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-create + namespace: default + diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/secret.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/secret.yaml new file mode 100644 index 00000000..a25390f2 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/secret.yaml @@ -0,0 +1,48 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: {{ .Values.config.jaas }} diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service-account.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service-account.yaml new file mode 100644 index 00000000..1e9bcae3 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-create diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml new file mode 100644 index 00000000..b350d84f --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml @@ -0,0 +1,40 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + protocol: TCP + name: {{ .Values.service.ports.name }} + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} \ No newline at end of file diff --git a/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml new file mode 100644 index 00000000..ba7dd7c8 --- /dev/null +++ b/helm/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -0,0 +1,121 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-k8s-ppnt:6.3.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: NodePort + name: policy-clamp-ac-k8s-ppnt + useNodePortExt: true + ports: + name: http-api + port: 8083 + nodePort: 30443 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-ac-k8s-ppnt + roles: + - create +# Update the config here for permitting repositories and protocols +repoList: + helm: + repos: + - + repoName: kong + address: https://charts.konghq.com + - + repoName: bitnami + address: https://charts.bitnami.com/bitnami + + protocols: + - http + - https + +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy-acruntime-participant + jaas: KuldHochQipa7, +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 diff --git a/helm/policy/components/policy-clamp-runtime-acm/Chart.yaml b/helm/policy/components/policy-clamp-runtime-acm/Chart.yaml new file mode 100644 index 00000000..21d196ae --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Controlloop Runtime +name: policy-clamp-runtime-acm +version: 11.0.0 diff --git a/helm/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/helm/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml new file mode 100644 index 00000000..17242c2f --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -0,0 +1,128 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + security: + user: + name: ${RUNTIME_USER} + password: ${RUNTIME_PASSWORD} + mvc: + converters: + preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm + driverClassName: org.mariadb.jdbc.Driver + username: ${SQL_USER} + password: ${SQL_PASSWORD} + hikari: + connectionTimeout: 30000 + idleTimeout: 600000 + maxLifetime: 1800000 + maximumPoolSize: 10 + jpa: + hibernate: + ddl-auto: update + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + format_sql: true + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} + bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092 + security.protocol: SASL_PLAINTEXT + properties.sasl: + mechanism: SCRAM-SHA-512 + jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- end }} + +security: + enable-csrf: false + +server: + port: 6969 + servlet: + context-path: /onap/policy/clamp/acm + error: + path: /error + ssl: + enabled: false + + +runtime: + participantParameters: + heartBeatMs: 120000 + maxMessageAgeMs: 600000 + maxStatusWaitMs: 100000 + updateParameters: + maxRetryCount: 3 + maxWaitMs: 100000 + topicParameterGroup: + topicSources: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false + fetchTimeout: 15000 + topicSinks: + - + topic: POLICY-ACRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: false + +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# topicParameterGroup: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# fetchTimeout: 15000 +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus diff --git a/helm/policy/components/policy-clamp-runtime-acm/resources/config/db.sh b/helm/policy/components/policy-clamp-runtime-acm/resources/config/db.sh new file mode 100755 index 00000000..3b8f30b7 --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/resources/config/db.sh @@ -0,0 +1,26 @@ +#!/bin/sh +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; + +for db in migration pooling policyadmin policyclamp operationshistory clampacm +do + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" +done + +mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/helm/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml b/helm/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml new file mode 100644 index 00000000..a98cb57f --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/policy-clamp-runtime-acm/error.log + + /var/log/onap/policy/policy-clamp-runtime-acm/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/policy-clamp-runtime-acm/debug.log + + /var/log/onap/policy/policy-clamp-runtime-acm/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/policy-clamp-runtime-acm/network.log + + /var/log/onap/policy/policy-clamp-runtime-acm/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml new file mode 100644 index 00000000..309dc45e --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/configmap.yaml @@ -0,0 +1,37 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml new file mode 100644 index 00000000..ba192cb5 --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -0,0 +1,153 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: RELEASE + app.kubernetes.io/managed-by: Helm + name: {{ .Chart.Name }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - policy-galera-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: login + + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: password + + - name: RUNTIME_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-runtime-secret + key: login + + - name: RUNTIME_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-runtime-secret + key: password + +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-policy-kafka-user + key: sasl.jaas.config + +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-runtime-config + - mountPath: /config + name: ac-runtime-config-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"] + ports: + - containerPort: 6969 + name: http-api + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-runtime-config-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-runtime-config + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: ac-runtime-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/role-binding.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/role-binding.yaml new file mode 100644 index 00000000..40f59aef --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io + diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/secret.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/secret.yaml new file mode 100644 index 00000000..f761acd0 --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/secret.yaml @@ -0,0 +1,64 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-runtime-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.config.policyAppUserName }} + password: {{ .Values.config.policyAppUserPassword }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-db-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-policy-kafka-user + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: Helm +type: Opaque +stringData: + sasl.jaas.config: {{ .Values.config.jaas }} diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/service-account.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/service-account.yaml new file mode 100644 index 00000000..8bf00b02 --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + diff --git a/helm/policy/components/policy-clamp-runtime-acm/templates/service.yaml b/helm/policy/components/policy-clamp-runtime-acm/templates/service.yaml new file mode 100644 index 00000000..8daa872a --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/templates/service.yaml @@ -0,0 +1,41 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app.kubernetes.io/name: {{ .Chart.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + protocol: TCP + name: {{ .Values.service.ports.name }} + type: {{ .Values.service.type }} + selector: + app.kubernetes.io/name: {{ .Chart.Name }} + diff --git a/helm/policy/components/policy-clamp-runtime-acm/values.yaml b/helm/policy/components/policy-clamp-runtime-acm/values.yaml new file mode 100644 index 00000000..544b1d05 --- /dev/null +++ b/helm/policy/components/policy-clamp-runtime-acm/values.yaml @@ -0,0 +1,115 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-clamp-runtime-acm:6.3.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + policyAppUserName: runtimeUser + policyAppUserPassword: zb!XztG34 + jaas: JuzgCumoDahj9* + +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + acRuntimeTopic: policy.policy-acruntime-participant +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 + +db: + user: policy-user + password: policy-user + service: + name: mariadb-galera + internalPort: 3306 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: NodePort + name: policy-clamp-runtime-acm + useNodePortExt: true + ports: + name: http-api + port: 6969 + nodePort: 30442 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-runtime-acm + roles: + - read diff --git a/helm/policy/components/policy-models-simulator/.helmignore b/helm/policy/components/policy-models-simulator/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/policy/components/policy-models-simulator/Chart.yaml b/helm/policy/components/policy-models-simulator/Chart.yaml new file mode 100644 index 00000000..01bf798a --- /dev/null +++ b/helm/policy/components/policy-models-simulator/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: policy-models-simulator +version: 11.0.0 diff --git a/helm/policy/components/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json b/helm/policy/components/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json new file mode 100644 index 00000000..adb51adc --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/cds/CreateSubscriptionResponseEvent.json @@ -0,0 +1,29 @@ +{ + "commonHeader": { + "timestamp": "2020-03-20T14:00:25.217Z", + "requestId": "123456-1000", + "subRequestId": "sub-123456-1000", + "flag": { + }, + "originatorId": "sdnc" + }, + "actionIdentifiers": { + "blueprintName": "pm_control", + "blueprintVersion": "1.0.0", + "actionName": "create-subscription", + "mode": "sync" + }, + "status": { + "code": 200, + "message": "success", + "eventType": "EVENT_COMPONENT_EXECUTED", + "timestamp": "Fri Mar 20 14:00:26 GMT 2020" + }, + "payload": { + "create-subscription-response": { + "odl-response": { + "status": "success" + } + } + } +} \ No newline at end of file diff --git a/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json b/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json new file mode 100644 index 00000000..a66b1114 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent-error.json @@ -0,0 +1,22 @@ +{ + "commonHeader": { + "timestamp": "2020-03-20T14:00:25.217Z", + "requestId": "123456-1000", + "subRequestId": "sub-123456-1000", + "flag": { + }, + "originatorId": "sdnc" + }, + "actionIdentifiers": { + "blueprintName": "pm_control", + "blueprintVersion": "1.0.0", + "actionName": "create-subscription", + "mode": "sync" + }, + "status": { + "code": 500, + "message": "failure", + "eventType": "EVENT_COMPONENT_FAILURE", + "timestamp": "Fri Mar 20 14:00:26 GMT 2020" + } +} \ No newline at end of file diff --git a/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent.json b/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent.json new file mode 100644 index 00000000..adb51adc --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/cds/DefaultResponseEvent.json @@ -0,0 +1,29 @@ +{ + "commonHeader": { + "timestamp": "2020-03-20T14:00:25.217Z", + "requestId": "123456-1000", + "subRequestId": "sub-123456-1000", + "flag": { + }, + "originatorId": "sdnc" + }, + "actionIdentifiers": { + "blueprintName": "pm_control", + "blueprintVersion": "1.0.0", + "actionName": "create-subscription", + "mode": "sync" + }, + "status": { + "code": 200, + "message": "success", + "eventType": "EVENT_COMPONENT_EXECUTED", + "timestamp": "Fri Mar 20 14:00:26 GMT 2020" + }, + "payload": { + "create-subscription-response": { + "odl-response": { + "status": "success" + } + } + } +} \ No newline at end of file diff --git a/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json b/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json new file mode 100644 index 00000000..a66b1114 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription-error.json @@ -0,0 +1,22 @@ +{ + "commonHeader": { + "timestamp": "2020-03-20T14:00:25.217Z", + "requestId": "123456-1000", + "subRequestId": "sub-123456-1000", + "flag": { + }, + "originatorId": "sdnc" + }, + "actionIdentifiers": { + "blueprintName": "pm_control", + "blueprintVersion": "1.0.0", + "actionName": "create-subscription", + "mode": "sync" + }, + "status": { + "code": 500, + "message": "failure", + "eventType": "EVENT_COMPONENT_FAILURE", + "timestamp": "Fri Mar 20 14:00:26 GMT 2020" + } +} \ No newline at end of file diff --git a/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription.json b/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription.json new file mode 100644 index 00000000..adb51adc --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/cds/pm_control-create-subscription.json @@ -0,0 +1,29 @@ +{ + "commonHeader": { + "timestamp": "2020-03-20T14:00:25.217Z", + "requestId": "123456-1000", + "subRequestId": "sub-123456-1000", + "flag": { + }, + "originatorId": "sdnc" + }, + "actionIdentifiers": { + "blueprintName": "pm_control", + "blueprintVersion": "1.0.0", + "actionName": "create-subscription", + "mode": "sync" + }, + "status": { + "code": 200, + "message": "success", + "eventType": "EVENT_COMPONENT_EXECUTED", + "timestamp": "Fri Mar 20 14:00:26 GMT 2020" + }, + "payload": { + "create-subscription-response": { + "odl-response": { + "status": "success" + } + } + } +} \ No newline at end of file diff --git a/helm/policy/components/policy-models-simulator/resources/config/logback.xml b/helm/policy/components/policy-models-simulator/resources/config/logback.xml new file mode 100644 index 00000000..224c322c --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/config/logback.xml @@ -0,0 +1,33 @@ + + + + + + %d %level %msg%n + + + + + + diff --git a/helm/policy/components/policy-models-simulator/resources/config/simParameters.json b/helm/policy/components/policy-models-simulator/resources/config/simParameters.json new file mode 100644 index 00000000..41fc9057 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/resources/config/simParameters.json @@ -0,0 +1,110 @@ +{ + "dmaapProvider": { + "name": "DMaaP simulator", + "topicSweepSec": 300 + }, + "restServers": [ + { + "name": "DMaaP simulator", + "providerClass": "org.onap.policy.models.sim.dmaap.rest.DmaapSimRestControllerV1", + "host": "0.0.0.0", + "port": 3904, + "https": false + }, + { + "name": "A&AI simulator", + "providerClass": "org.onap.policy.simulators.AaiSimulatorJaxRs", + "host": "0.0.0.0", + "port": 6666, + "https": false, + "userName": "policy@policy.onap.org", + "password": "demo123456!", + "resourceLocation": "/opt/app/policy/simulators/etc/mounted/aairesponse/" + }, + { + "name": "SDNC simulator", + "providerClass": "org.onap.policy.simulators.SdncSimulatorJaxRs", + "host": "0.0.0.0", + "port": 6668, + "https": false + }, + { + "name": "SO simulator", + "providerClass": "org.onap.policy.simulators.SoSimulatorJaxRs", + "host": "0.0.0.0", + "port": 6669, + "https": false, + "userName": "InfraPortalClient", + "password": "password1$" + }, + { + "name": "VFC simulator", + "providerClass": "org.onap.policy.simulators.VfcSimulatorJaxRs", + "host": "0.0.0.0", + "port": 6670, + "https": false + } + ], + "topicSinks": [ + { + "topic": "APPC-CL", + "servers": ["${HOST_NAME}"], + "topicCommInfrastructure": "DMAAP", + "useHttps": false, + "apiKey": "some-key", + "apiSecret": "some-secret" + }, + { + "topic": "APPC-LCM-WRITE", + "servers": ["${HOST_NAME}"], + "topicCommInfrastructure": "DMAAP", + "useHttps": false, + "apiKey": "some-key", + "apiSecret": "some-secret" + } + ], + "topicSources": [ + { + "topic": "APPC-CL", + "servers": ["${HOST_NAME}"], + "topicCommInfrastructure": "DMAAP", + "useHttps": false, + "apiKey": "some-key", + "apiSecret": "some-secret" + }, + { + "topic": "APPC-LCM-READ", + "servers": ["${HOST_NAME}"], + "topicCommInfrastructure": "DMAAP", + "useHttps": false, + "apiKey": "some-key", + "apiSecret": "some-secret" + } + ], + "topicServers": [ + { + "name": "APPC Legacy simulator", + "providerClass": "org.onap.policy.simulators.AppcLegacyTopicServer", + "sink": "APPC-CL", + "source": "APPC-CL" + }, + { + "name": "APPC-LCM simulator", + "providerClass": "org.onap.policy.simulators.AppcLcmTopicServer", + "sink": "APPC-LCM-WRITE", + "source": "APPC-LCM-READ" + } + ], + "grpcServer": { + "name": "CDS simulator", + "providerClass": "org.onap.policy.simulators.CdsSimulator", + "host": "0.0.0.0", + "port": 6680, + "timeout": 30, + "username": "ccsdkapps", + "password": "ccsdkapps", + "resourceLocation": "/opt/app/policy/simulators/etc/mounted/cdsresponse/", + "successRepeatCount": 0, + "requestedResponseDelayMs": 0 + } +} diff --git a/helm/policy/components/policy-models-simulator/templates/NOTES.txt b/helm/policy/components/policy-models-simulator/templates/NOTES.txt new file mode 100644 index 00000000..f6e027f2 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "policy-models-simulator.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "policy-models-simulator.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "policy-models-simulator.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "policy-models-simulator.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/helm/policy/components/policy-models-simulator/templates/_helpers.tpl b/helm/policy/components/policy-models-simulator/templates/_helpers.tpl new file mode 100644 index 00000000..8469a1a3 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "policy-models-simulator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "policy-models-simulator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "policy-models-simulator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "policy-models-simulator.labels" -}} +app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} +helm.sh/chart: {{ include "policy-models-simulator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "policy-models-simulator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "policy-models-simulator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm/policy/components/policy-models-simulator/templates/configmap.yaml b/helm/policy/components/policy-models-simulator/templates/configmap.yaml new file mode 100644 index 00000000..c0f75199 --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/configmap.yaml @@ -0,0 +1,12 @@ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "policy-models-simulator.fullname" . }}-configmap + labels: + app: {{ include "policy-models-simulator.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/cds/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-models-simulator/templates/deployment.yaml b/helm/policy/components/policy-models-simulator/templates/deployment.yaml new file mode 100644 index 00000000..c4d41a2d --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "policy-models-simulator.fullname" . }} + labels: +{{ include "policy-models-simulator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "policy-models-simulator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/opt/app/policy/simulators/bin/simulators.sh"] + args: ["/opt/app/policy/simulators/etc/mounted/simParameters.json"] + ports: + - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} + - containerPort: {{ .Values.service.internalPort4 }} + - containerPort: {{ .Values.service.internalPort5 }} + - containerPort: {{ .Values.service.internalPort6 }} + - containerPort: {{ .Values.service.internalPort7 }} + livenessProbe: + tcpSocket: + port: 3904 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + tcpSocket: + port: 3904 + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/app/policy/simulators/etc/mounted/ + name: simconfig + readOnly: true + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: simconfig + configMap: + name: {{ include "policy-models-simulator.fullname" . }}-configmap + defaultMode: 0755 diff --git a/helm/policy/components/policy-models-simulator/templates/service.yaml b/helm/policy/components/policy-models-simulator/templates/service.yaml new file mode 100644 index 00000000..0ef23d1e --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: message-router + labels: +{{ include "policy-models-simulator.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName }}2 + - port: {{ .Values.service.externalPort3 }} + targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName }}3 + - port: {{ .Values.service.externalPort4 }} + targetPort: {{ .Values.service.internalPort4 }} + name: {{ .Values.service.portName }}4 + - port: {{ .Values.service.externalPort5 }} + targetPort: {{ .Values.service.internalPort5 }} + name: {{ .Values.service.portName }}5 + - port: {{ .Values.service.externalPort6 }} + targetPort: {{ .Values.service.internalPort6 }} + name: {{ .Values.service.portName }}6 + - port: {{ .Values.service.externalPort7 }} + targetPort: {{ .Values.service.internalPort7 }} + name: {{ .Values.service.portName }}7 + selector: + app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/helm/policy/components/policy-models-simulator/templates/serviceaccount.yaml b/helm/policy/components/policy-models-simulator/templates/serviceaccount.yaml new file mode 100644 index 00000000..27ee5daa --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "policy-models-simulator.serviceAccountName" . }} + labels: +{{ include "policy-models-simulator.labels" . | indent 4 }} +{{- end -}} diff --git a/helm/policy/components/policy-models-simulator/templates/tests/test-connection.yaml b/helm/policy/components/policy-models-simulator/templates/tests/test-connection.yaml new file mode 100644 index 00000000..e90661bc --- /dev/null +++ b/helm/policy/components/policy-models-simulator/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "policy-models-simulator.fullname" . }}-test-connection" + labels: +{{ include "policy-models-simulator.labels" . | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "policy-models-simulator.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/policy/components/policy-models-simulator/values.yaml b/helm/policy/components/policy-models-simulator/values.yaml new file mode 100644 index 00000000..9174b61e --- /dev/null +++ b/helm/policy/components/policy-models-simulator/values.yaml @@ -0,0 +1,95 @@ +# Default values for policy-models-simulator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nexus3.onap.org:10001/onap/policy-models-simulator + tag: latest + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: message-router + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: message-router + +service: + type: ClusterIP + name: message-router + portName: message-router + externalPort2: 6667 + internalPort2: 6667 + externalPort3: 6668 + internalPort3: 6668 + externalPort4: 6669 + internalPort4: 6669 + externalPort5: 6670 + internalPort5: 6670 + externalPort6: 6680 + internalPort6: 6680 + externalPort7: 3904 + internalPort7: 3904 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/policy/resources/config/db.sh b/helm/policy/resources/config/db.sh new file mode 100755 index 00000000..8c68c6ba --- /dev/null +++ b/helm/policy/resources/config/db.sh @@ -0,0 +1,30 @@ +#!/bin/bash +{{/* +# +# ============LICENSE_START==================================================== +# Copyright (C) 2022 Nordix Foundation. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END====================================================== +*/}} +mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; + +for db in migration pooling policyadmin policyclamp operationshistory clampacm +do + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" +done + +mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/helm/policy/resources/config/db_migrator_policy_init.sh b/helm/policy/resources/config/db_migrator_policy_init.sh new file mode 100644 index 00000000..cd6181d4 --- /dev/null +++ b/helm/policy/resources/config/db_migrator_policy_init.sh @@ -0,0 +1,22 @@ +#!/bin/sh +{{/* +# ============LICENSE_START==================================================== +# Copyright (C) 2022 Nordix Foundation. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} +/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade +rc=$? +/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report +exit $rc diff --git a/helm/policy/templates/configmap.yaml b/helm/policy/templates/configmap.yaml new file mode 100755 index 00000000..c193281a --- /dev/null +++ b/helm/policy/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{/* +# Copyright (C) 2022 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-db-configmap + namespace: default + labels: + app: policy + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +data: +{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }} diff --git a/helm/policy/templates/job.yaml b/helm/policy/templates/job.yaml new file mode 100755 index 00000000..beca1288 --- /dev/null +++ b/helm/policy/templates/job.yaml @@ -0,0 +1,180 @@ +{{/* +# Copyright (C) 2022 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: policy-galera-init + namespace: default + labels: + app: policy-galera-init +spec: + template: + metadata: + labels: + app: policy-galera-init + name: policy-galera-init + spec: + imagePullSecrets: + - name: "default-docker-registry-key" + initContainers: + - name: policy-mariadb-readiness + image: {{ .Values.repository }}/{{ .Values.readiness.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + - --container-name + - {{ index .Values "mariadb-galera" "service" "name" }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: policy-galera-config + image: {{ .Values.dockerRepository }}/{{ .Values.mariadb.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/db.sh + name: {{ .Chart.Name }}-config + subPath: db.sh + command: + - /bin/sh + - -cx + - | + /dbcmd-config/db.sh + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-root-password + key: password + optional: false + - name: MYSQL_HOST + value: "{{ index .Values "mariadb-galera" "service" "name" }}" + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mariadb-galera-db-user-credentials + key: login + optional: false + - name: MYSQL_PORT + value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + restartPolicy: Never + serviceAccount: {{ .Chart.Name }}-read + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: {{ .Chart.Name }}-config + configMap: + name: {{ .Chart.Name }}-db-configmap + defaultMode: 0755 + items: + - key: db.sh + path: db.sh + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: policy-galera-config + namespace: default + labels: + app: policy-galera-config +spec: + template: + metadata: + labels: + app: policy-galera-config + name: policy-galera-config + spec: + imagePullSecrets: + - name: "default-docker-registry-key" + initContainers: + - name: policy-init-readiness + image: {{ .Values.repository }}/{{ .Values.readiness.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - policy-galera-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: policy-galera-db-migrator + image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_policy_init.sh + name: {{ .Chart.Name }}-config + subPath: db_migrator_policy_init.sh + command: + - /bin/sh + - -cx + - | + /dbcmd-config/db_migrator_policy_init.sh + env: + - name: SQL_HOST + value: "{{ index .Values "mariadb-galera" "service" "name" }}" + - name: SQL_USER + valueFrom: + secretKeyRef: + name: mariadb-galera-db-user-credentials + key: login + optional: false + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-galera-db-user-credentials + key: password + optional: false + - name: SQL_DB + value: {{ .Values.dbmigrator.schema }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "sql" + resources: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + restartPolicy: Never + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: {{ .Chart.Name }}-config + configMap: + name: {{ .Chart.Name }}-db-configmap + defaultMode: 0755 + items: + - key: db_migrator_policy_init.sh + path: db_migrator_policy_init.sh + diff --git a/helm/policy/templates/service-account.yaml b/helm/policy/templates/service-account.yaml new file mode 100644 index 00000000..28757f53 --- /dev/null +++ b/helm/policy/templates/service-account.yaml @@ -0,0 +1,21 @@ +{{/* +# Copyright (C) 2022 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml new file mode 100755 index 00000000..8dcdae89 --- /dev/null +++ b/helm/policy/values.yaml @@ -0,0 +1,177 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +global: + aafEnabled: true + mariadb: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig + mysqlDatabase: policyadmin + service: &mariadbService + name: &mariadb-galera mariadb-galera + internalPort: 3306 + prometheusEnabled: false + kafkaBootstrap: strimzi-kafka-bootstrap + policyKafkaUser: policy-kafka-user + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: &dbRootPassSecretName 'policy-db-root-password' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' + policy: generate + - uid: db-secret + name: &dbSecretName 'policy-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' + passwordPolicy: generate + - uid: policy-app-user-creds + name: &policyAppCredsSecret 'policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate + +db: &dbSecretsHook + credsExternalSecret: *dbSecretName + +policy-models-simulator: + enabled: true +policy-clamp-ac-k8s-ppnt: + enabled: true +policy-clamp-runtime-acm: + enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret + +################################################################# +# DB configuration defaults. +################################################################# + +repository: nexus3.onap.org:10001 +pullPolicy: Always + +dockerRepository: docker.io + +mariadb: + image: mariadb:10.5.8 + +dbmigrator: + image: onap/policy-db-migrator:2.5.1 + schema: policyadmin + policy_home: "/opt/app/policy" + +subChartsOnly: + enabled: true + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +#replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + image: onap/oom/readiness:3.0.1 + initialDelaySeconds: 10 + periodSeconds: 10 + + +config: + policyAppUserName: runtimeUser + useStrimziKafka: true + acRuntimeTopic: + name: policy-acruntime-participant + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyHeartbeatTopic: + name: policy-heartbeat + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyNotificationTopic: + name: policy-notification + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + someConfig: blah + +mariadb-galera: + # mariadb-galera.config and global.mariadb.config must be equals + db: + user: policy-user + # password: + externalSecret: *dbSecretName + name: &mysqlDbName policyadmin + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: *mariadb-galera + # mariadb-galera.service and global.mariadb.service must be equals + service: *mariadbService + #replicaCount: 1 + persistence: + enabled: true + mountSubPath: policy/maria/data + serviceAccount: + nameOverride: *mariadb-galera + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read -- cgit 1.2.3-korg