From be5104f21cce47c3f3c46571047d998179a679ab Mon Sep 17 00:00:00 2001 From: srinivasyanamadala Date: Fri, 20 Dec 2024 15:18:03 +0100 Subject: Added changes for performance and stability for opa-pdp Issue-ID: POLICY-5215 Change-Id: Iea19dfd4a46509a60d7b4a41f714fd8221ce2d0d Signed-off-by: srinivasyanamadala --- helm/policy/Chart.yaml | 8 +- .../resources/config/OnapPfConfigSampleGroup.json | 4 +- helm/policy/components/policy-opa-pdp/Chart.yaml | 23 ++++ .../policy-opa-pdp/resources/config/config.json | 43 ++++++ .../resources/policies/policy-data.tar.gz | Bin 0 -> 30720 bytes .../policy-opa-pdp/templates/configmap.yaml | 49 +++++++ .../policy-opa-pdp/templates/deployment.yaml | 153 +++++++++++++++++++++ .../components/policy-opa-pdp/templates/pvc.yaml | 41 ++++++ .../policy-opa-pdp/templates/role-binding.yaml | 34 +++++ .../policy-opa-pdp/templates/secret.yaml | 33 +++++ .../policy-opa-pdp/templates/service-account.yaml | 25 ++++ .../policy-opa-pdp/templates/service.yaml | 40 ++++++ helm/policy/components/policy-opa-pdp/values.yaml | 117 ++++++++++++++++ .../policy-pap/resources/config/groups.json | 20 +++ 14 files changed, 587 insertions(+), 3 deletions(-) create mode 100755 helm/policy/components/policy-opa-pdp/Chart.yaml create mode 100755 helm/policy/components/policy-opa-pdp/resources/config/config.json create mode 100755 helm/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz create mode 100755 helm/policy/components/policy-opa-pdp/templates/configmap.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/deployment.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/pvc.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/role-binding.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/secret.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/service-account.yaml create mode 100755 helm/policy/components/policy-opa-pdp/templates/service.yaml create mode 100755 helm/policy/components/policy-opa-pdp/values.yaml (limited to 'helm') diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index 9eb39120..8caccf55 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -1,5 +1,7 @@ # Copyright © 2022-2024 Nordix Foundation # +# Modifications Copyright © 2024 Deutsche Telekom +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,7 +17,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 11.0.0 +version: 11.0.1 dependencies: - name: mariadb-galera @@ -54,6 +56,10 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-drools-pdp' condition: policy-drools-pdp.enabled + - name: policy-opa-pdp + version: ~11.x-0 + repository: 'file://components/policy-opa-pdp' + condition: policy-opa-pdp.enabled - name: policy-xacml-pdp version: ~11.x-0 repository: 'file://components/policy-xacml-pdp' diff --git a/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfigSampleGroup.json b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfigSampleGroup.json index 8d197f67..70943d68 100644 --- a/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfigSampleGroup.json +++ b/helm/policy/components/policy-apex-pdp/resources/config/OnapPfConfigSampleGroup.json @@ -9,7 +9,7 @@ "prometheus": true }, "pdpStatusParameters": { - "pdpGroup": "sampleGroup", + "pdpGroup": "defaultGroup", "timeIntervalMs": 20000, "pdpType": "apex", "description": "Pdp Heartbeat", @@ -47,4 +47,4 @@ } ] } -} \ No newline at end of file +} diff --git a/helm/policy/components/policy-opa-pdp/Chart.yaml b/helm/policy/components/policy-opa-pdp/Chart.yaml new file mode 100755 index 00000000..b3c34fc6 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/Chart.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy OPA PDP +name: policy-opa-pdp +version: 11.0.0 + diff --git a/helm/policy/components/policy-opa-pdp/resources/config/config.json b/helm/policy/components/policy-opa-pdp/resources/config/config.json new file mode 100755 index 00000000..f0adf0d2 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/resources/config/config.json @@ -0,0 +1,43 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +{ + "logging": { + "level": "debug" + }, + "services": [ + { + "name": "opa-bundle-server", + "url": "http://policy-opa-pdp:8282/opa/bundles" + } + ], + "bundles": { + "opabundle": { + "service": "opa-bundle-server", + "resource": "bundle.tar.gz", + "polling": { + "min_delay_seconds": 60, + "max_delay_seconds": 120 + } + } + }, + "decision_logs": { + "console": true + } +} diff --git a/helm/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz b/helm/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz new file mode 100755 index 00000000..572e9639 Binary files /dev/null and b/helm/policy/components/policy-opa-pdp/resources/policies/policy-data.tar.gz differ diff --git a/helm/policy/components/policy-opa-pdp/templates/configmap.yaml b/helm/policy/components/policy-opa-pdp/templates/configmap.yaml new file mode 100755 index 00000000..36ad7cf4 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/configmap.yaml @@ -0,0 +1,49 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap-policies-data + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm + {{- with .Files.Glob "resources/policies/*" }} +binaryData: + {{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap-config + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +data: +{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-opa-pdp/templates/deployment.yaml b/helm/policy/components/policy-opa-pdp/templates/deployment.yaml new file mode 100755 index 00000000..100c00bb --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/deployment.yaml @@ -0,0 +1,153 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: release + spec: + initContainers: + - command: + - /bin/sh + args: + - -c + - | + echo "*** set right permissions to the different folders" + chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /var/log; + chmod -R 755 /var/log + chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /opt/; + chmod -R 755 /opt/* + tar -xvf /tmp/policies/policy-data.tar.gz -C /opt/ + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + name: {{ .Chart.Name }}-readiness + volumeMounts: + - name: logs + mountPath: /var/log + - name: tmp-policies-data + mountPath: /tmp/policies + - name : opa-policies-data + mountPath: /opt/ + + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.global.image.opapdp }} + imagePullPolicy: {{ .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: {{ .Values.readiness.api }} + port: {{ .Values.service.internalPort }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: HTTP + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} + env: + - name: UseSASLForKAFKA + value: "{{ .Values.kafka.useSASL }}" + - name: BOOSTSTRAP_SERVER + value: "{{ .Values.kafka.brokers }}" + - name: KAFKA_USERNAME + value: "{{ .Values.kafka.username }}" + - name: KAFKA_PASSWORD + value: "{{ .Values.kafka.password }}" + - name: LOG_LEVEL + value: "{{ .Values.log.loglevel }}" + - name: GROUPID + value: "{{ .Values.kafka.groupid }}" + - name: TOPIC + value: "{{ .Values.kafka.topic }}" + volumeMounts: + - name: opa-policies-data + mountPath: /opt + - name: opa-config + mountPath: /app/config + - name: opa-bundles + mountPath: /app/bundles + - name: logs + mountPath: /var/log + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: tmp-policies-data + configMap: + name: {{ .Chart.Name }}-configmap-policies-data + defaultMode: 0755 + - name: opa-policies-data + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-policies-data + - name: opa-config + configMap: + name: {{ .Chart.Name }}-configmap-config + defaultMode: 0755 + - name: opa-bundles + emptyDir: + sizeLimit: {{ .Values.dirSizes.bundleDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.bundleDir.sizeLimit }} + + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-opa-pdp/templates/pvc.yaml b/helm/policy/components/policy-opa-pdp/templates/pvc.yaml new file mode 100755 index 00000000..6f0f7e1f --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/pvc.yaml @@ -0,0 +1,41 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Chart.Name }}-policies-data + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: 13.0.1 + heritage: {{ .Release.Service }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5G + storageClassName: microk8s-hostpath + volumeMode: Filesystem + + diff --git a/helm/policy/components/policy-opa-pdp/templates/role-binding.yaml b/helm/policy/components/policy-opa-pdp/templates/role-binding.yaml new file mode 100755 index 00000000..cc409ca9 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/role-binding.yaml @@ -0,0 +1,34 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io + diff --git a/helm/policy/components/policy-opa-pdp/templates/secret.yaml b/helm/policy/components/policy-opa-pdp/templates/secret.yaml new file mode 100755 index 00000000..013e474b --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/secret.yaml @@ -0,0 +1,33 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} diff --git a/helm/policy/components/policy-opa-pdp/templates/service-account.yaml b/helm/policy/components/policy-opa-pdp/templates/service-account.yaml new file mode 100755 index 00000000..709e9055 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + namespace: default diff --git a/helm/policy/components/policy-opa-pdp/templates/service.yaml b/helm/policy/components/policy-opa-pdp/templates/service.yaml new file mode 100755 index 00000000..7eef3af4 --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/templates/service.yaml @@ -0,0 +1,40 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ .Chart.Name }} + release: release + diff --git a/helm/policy/components/policy-opa-pdp/values.yaml b/helm/policy/components/policy-opa-pdp/values.yaml new file mode 100755 index 00000000..0667987f --- /dev/null +++ b/helm/policy/components/policy-opa-pdp/values.yaml @@ -0,0 +1,117 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Deutsche Telekom Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + image: + opapdp: nexus3.onap.org:10001/onap/policy-opa-pdp:1.0.5-SNAPSHOT +log: + loglevel: "debug" + +permissions: + uid: 100 + gid: 102 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' +################################################################# +# Application configuration defaults. +################################################################# +# application image +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +restServer: + user: policyadmin + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 120 + api: /ready + successThreshold: 1 + failureThreshold: 3 + timeout: 60 + +service: + type: ClusterIP + name: policy-opa-pdp + portName: http + externalPort: 8282 + internalPort: 8282 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +dirSizes: + bundleDir: + sizeLimit: 1000Mi + +#Pods Service Account +serviceAccount: + nameOverride: policy-opa-pdp + roles: + - read +kafka: + groupid: "policy-opa-pdp" + topic: "policy-pdp-pap" + useSASL: "false" + username: "" + password: "" + brokers: "kafka.default.svc.cluster.local:9092" + diff --git a/helm/policy/components/policy-pap/resources/config/groups.json b/helm/policy/components/policy-pap/resources/config/groups.json index 3f62ee52..2d981e7c 100644 --- a/helm/policy/components/policy-pap/resources/config/groups.json +++ b/helm/policy/components/policy-pap/resources/config/groups.json @@ -1,5 +1,25 @@ { "groups": [ + { + "name": "opaGroup", + "version": "1.0.0", + "description": "The group that registers policy types for opa.", + "pdpGroupState": "ACTIVE", + "pdpSubgroups": [ + { + "pdpType": "opa", + "desiredInstanceCount": 1, + "properties": {}, + "supportedPolicyTypes": [ + { + "name": "onap.policies.native.opa", + "version": "1.0.0" + } + ], + "policies": [] + } + ] + }, { "name": "defaultGroup", "version": "1.0.0", -- cgit