[POLICY] Add Kserve participant
Add kserve participant helm charts.
Issue-ID: POLICY-4525
Signed-off-by: aravind.est <aravindhan.a@est.tech>
Change-Id: I51f1ddb91302fd54c6e926f9f5c80e648b9a4a07
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 8c41754..c9d29ce 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -67,6 +67,10 @@
version: ~12.x-0
repository: 'file://components/policy-clamp-ac-a1pms-ppnt'
condition: policy-clamp-ac-a1pms-ppnt.enabled
+ - name: policy-clamp-ac-kserve-ppnt
+ version: ~12.x-0
+ repository: 'file://components/policy-clamp-ac-kserve-ppnt'
+ condition: policy-clamp-ac-kserve-ppnt.enabled
- name: policy-clamp-ac-pf-ppnt
version: ~12.x-0
repository: 'file://components/policy-clamp-ac-pf-ppnt'
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
new file mode 100755
index 0000000..f62c37a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
@@ -0,0 +1,36 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp Kserve Participant
+name: policy-clamp-ac-kserve-ppnt
+version: 12.0.0
+
+dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~12.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~12.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
new file mode 100755
index 0000000..af9d46a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
@@ -0,0 +1,112 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ cloud:
+ kubernetes:
+ enabled: false
+ discovery:
+ enabled: false
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
+ topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
+ topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
+ typeVersion: 1.0.1
+ -
+ typeName: org.onap.policy.clamp.acm.AutomationCompositionElement
+ typeVersion: 1.0.0
+
+customresourcedefinition:
+ group: serving.kserve.io
+ version: v1beta1
+ plural: inferenceservices
+ grace-period: 10
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8087
+ servlet:
+ context-path: /onap/policy/clamp/acm/kserveparticipant
+ ssl:
+ enabled: false
+
+
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml
new file mode 100755
index 0000000..897d62a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml
new file mode 100755
index 0000000..d3e2833
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
new file mode 100755
index 0000000..902be12
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
@@ -0,0 +1,113 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-kserve-ppnt-config
+ - mountPath: /config
+ name: ac-kserve-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-kserve-ppnt-config-processed
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-kserve-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: ac-kserve-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
new file mode 100755
index 0000000..16a3f72
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml
new file mode 100755
index 0000000..339fe33
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
new file mode 100644
index 0000000..ac5ee0b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
new file mode 100755
index 0000000..dddf025
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -0,0 +1,148 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: false
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
+pullPolicy: Always
+
+
+componentName: &componentName policy-clamp-ac-kserve-ppnt
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: kserve-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: kserve-api
+
+service:
+ type: ClusterIP
+ name: *componentName
+ ports:
+ - name: kserve-api
+ port: 8087
+ nodePort: 42
+
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: *componentName
+ roles:
+ - create
+
+config:
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
\ No newline at end of file
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 3ff153a..e15f835 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -143,6 +143,8 @@
enabled: true
policy-clamp-ac-a1pms-ppnt:
enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook