[POLICY] Migration of clamp to policy area
Creation of the clamp subcharts + fusion of the clamp database to policy mariadb
Issue-ID: POLICY-2951
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I8192f82bc393e3fc8d5884d6ab73912a0466edcd
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
diff --git a/kubernetes/policy/components/policy-clamp-be/Chart.yaml b/kubernetes/policy/components/policy-clamp-be/Chart.yaml
new file mode 100644
index 0000000..fd48cc2
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Policy Clamp Backend
+name: policy-clamp-be
+version: 7.0.0
diff --git a/kubernetes/policy/components/policy-clamp-be/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
new file mode 100644
index 0000000..734166b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
new file mode 100644
index 0000000..17185cc
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
@@ -0,0 +1,71 @@
+{{/*
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+*/}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
new file mode 100755
index 0000000..329479f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000..8717e6f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
new file mode 100644
index 0000000..1f153bc
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
@@ -0,0 +1,257 @@
+
+ create table dictionary (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dictionary_second_level integer,
+ dictionary_type varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table dictionary_elements (
+ short_name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ description varchar(255) not null,
+ name varchar(255) not null,
+ subdictionary_name varchar(255),
+ type varchar(255) not null,
+ primary key (short_name)
+ ) engine=InnoDB;
+
+ create table dictionary_to_dictionaryelements (
+ dictionary_name varchar(255) not null,
+ dictionary_element_short_name varchar(255) not null,
+ primary key (dictionary_name, dictionary_element_short_name)
+ ) engine=InnoDB;
+
+ create table hibernate_sequence (
+ next_val bigint
+ ) engine=InnoDB;
+
+ insert into hibernate_sequence values ( 1 );
+
+ create table loop_element_models (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ loop_element_type varchar(255) not null,
+ short_name varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table loop_logs (
+ id bigint not null,
+ log_component varchar(255) not null,
+ log_instant datetime(6) not null,
+ log_type varchar(255) not null,
+ message MEDIUMTEXT not null,
+ loop_id varchar(255) not null,
+ primary key (id)
+ ) engine=InnoDB;
+
+ create table loop_templates (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ allowed_loop_type varchar(255),
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ maximum_instances_allowed integer,
+ svg_representation MEDIUMTEXT,
+ unique_blueprint boolean default false,
+ service_uuid varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table loopelementmodels_to_policymodels (
+ loop_element_name varchar(255) not null,
+ policy_model_type varchar(255) not null,
+ policy_model_version varchar(255) not null,
+ primary key (loop_element_name, policy_model_type, policy_model_version)
+ ) engine=InnoDB;
+
+ create table loops (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ global_properties_json json,
+ last_computed_state varchar(255) not null,
+ svg_representation MEDIUMTEXT,
+ loop_template_name varchar(255) not null,
+ service_uuid varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table loops_to_microservicepolicies (
+ loop_name varchar(255) not null,
+ microservicepolicy_name varchar(255) not null,
+ primary key (loop_name, microservicepolicy_name)
+ ) engine=InnoDB;
+
+ create table looptemplates_to_loopelementmodels (
+ loop_element_model_name varchar(255) not null,
+ loop_template_name varchar(255) not null,
+ flow_order integer not null,
+ primary key (loop_element_model_name, loop_template_name)
+ ) engine=InnoDB;
+
+ create table micro_service_policies (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ context varchar(255),
+ dcae_blueprint_id varchar(255),
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ device_type_scope varchar(255),
+ shared bit not null,
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table operational_policies (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
+ loop_id varchar(255) not null,
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table policy_models (
+ policy_model_type varchar(255) not null,
+ version varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ policy_acronym varchar(255),
+ policy_tosca MEDIUMTEXT,
+ policy_pdp_group json,
+ primary key (policy_model_type, version)
+ ) engine=InnoDB;
+
+ create table services (
+ service_uuid varchar(255) not null,
+ name varchar(255) not null,
+ resource_details json,
+ service_details json,
+ version varchar(255),
+ primary key (service_uuid)
+ ) engine=InnoDB;
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FK68hjjinnm8nte2owstd0xwp23
+ foreign key (dictionary_element_short_name)
+ references dictionary_elements (short_name);
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
+ foreign key (dictionary_name)
+ references dictionary (name);
+
+ alter table loop_logs
+ add constraint FK1j0cda46aickcaoxqoo34khg2
+ foreign key (loop_id)
+ references loops (name);
+
+ alter table loop_templates
+ add constraint FKn692dk6281wvp1o95074uacn6
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FK23j2q74v6kaexefy0tdabsnda
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FKjag1iu0olojfwryfkvb5o0rk5
+ foreign key (loop_element_name)
+ references loop_element_models (name);
+
+ alter table loops
+ add constraint FK844uwy82wt0l66jljkjqembpj
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table loops
+ add constraint FK4b9wnqopxogwek014i1shqw7w
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loops_to_microservicepolicies
+ add constraint FKle255jmi7b065fwbvmwbiehtb
+ foreign key (microservicepolicy_name)
+ references micro_service_policies (name);
+
+ alter table loops_to_microservicepolicies
+ add constraint FK8avfqaf7xl71l7sn7a5eri68d
+ foreign key (loop_name)
+ references loops (name);
+
+ alter table looptemplates_to_loopelementmodels
+ add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
+ foreign key (loop_element_model_name)
+ references loop_element_models (name);
+
+ alter table looptemplates_to_loopelementmodels
+ add constraint FKj29yxyw0x7ue6mwgi6d3qg748
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table micro_service_policies
+ add constraint FKqvvdypacbww07fuv8xvlvdjgl
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table micro_service_policies
+ add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FKi9kh7my40737xeuaye9xwbnko
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table operational_policies
+ add constraint FKlsyhfkoqvkwj78ofepxhoctip
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FK1ddoggk9ni2bnqighv6ecmuwu
+ foreign key (loop_id)
+ references loops (name);
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
new file mode 100644
index 0000000..3adda95
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
@@ -0,0 +1,18 @@
+{
+ "sdc-connections":{
+ "sdc-controller":{
+ "user": "clamp",
+ "consumerGroup": "clamp",
+ "consumerId": "clamp",
+ "environmentName": "AUTO",
+ "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "pollingInterval":30,
+ "pollingTimeout":30,
+ "activateServerTLSAuth":"false",
+ "keyStorePassword":"",
+ "keyStorePath":"",
+ "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"]
+ }
+ }
+}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
new file mode 100644
index 0000000..e36d6a5
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
@@ -0,0 +1,32 @@
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
new file mode 100644
index 0000000..aeadc37
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
new file mode 100644
index 0000000..1120f9b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
@@ -0,0 +1,126 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-clamp-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ workingDir: "/opt/policy/clamp/"
+ args:
+ - -c
+ - |
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+ {{- end }}
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/policy/clamp/sdc-controllers-config.json
+ name: {{ include "common.fullname" . }}-config
+ subPath: sdc-controllers-config.json
+ - mountPath: /opt/policy/clamp/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ env:
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ {{- if ne "unlimited" (include "common.flavor" .) }}
+ - name: JAVA_RAM_CONFIGURATION
+ value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
+ {{- end }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: sdc-controllers-config.json
+ path: sdc-controllers-config.json
+ - key: application.properties
+ path: application.properties
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
new file mode 100755
index 0000000..c5c968a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
@@ -0,0 +1,84 @@
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020-2021 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.release" . }}-policy-clamp-galera-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+#This container checks that all galera instances are up before initializing it.
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.release" . }}-policy-clamp-galera-config
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.db.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/create-db-tables.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: create-db-tables.sh
+ - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
+ name: {{ include "common.fullname" . }}-config
+ subPath: policy-clamp-create-tables.sql
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/create-db-tables.sh
+ env:
+ - name: MYSQL_HOST
+ value: "{{ .Values.db.service.name }}"
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
+ - name: MYSQL_PORT
+ value: "{{ .Values.db.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ restartPolicy: Never
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: create-db-tables.sh
+ path: create-db-tables.sh
+ - key: policy-clamp-create-tables.sql
+ path: policy-clamp-create-tables.sql
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
new file mode 100644
index 0000000..4cf8155
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml
new file mode 100644
index 0000000..c01d36a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml
@@ -0,0 +1,42 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
new file mode 100644
index 0000000..1446ac4
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -0,0 +1,154 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ keystoreFile: 'org.onap.clamp.p12'
+ truststoreFile: 'org.onap.clamp.trust.jks'
+ keyFile: 'org.onap.clamp.keyfile'
+ truststoreFileONAP: 'truststoreONAPall.jks'
+ nameOverride: clamp-backend-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: '-72.0'
+ cadi_latitude: '38.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+ cd {{ .Values.credsPath }};
+ chmod a+rx *;
+
+secrets:
+ - uid: db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+flavor: small
+
+# application image
+image: onap/policy-clamp-backend:6.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/onap
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+#####dummy values for db user and password to pass lint!!!#######
+
+db:
+ user: policy_user
+ password: policy_user
+ image: mariadb:10.5.8
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ mysqlPassword: strong_pitchou
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: ClusterIP
+ name: policy-clamp-be
+ portName: policy-clamp-be
+ internalPort: 8443
+ externalPort: 8443
+
+ingress:
+ enabled: false
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 3Gi
+ requests:
+ cpu: 10m
+ memory: 3Gi
+ unlimited: {}
diff --git a/kubernetes/policy/components/policy-clamp-fe/Chart.yaml b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml
new file mode 100644
index 0000000..331ba86
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Policy Clamp Frontend
+name: policy-clamp-fe
+version: 7.0.0
diff --git a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
new file mode 100644
index 0000000..734166b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
new file mode 100644
index 0000000..4cab734
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
@@ -0,0 +1,31 @@
+server {
+
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
+ ssl_verify_client optional_no_ca;
+ location /restservices/clds/ {
+ proxy_pass https://policy-clamp-be:8443;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+ }
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ /index.html;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+}
diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000..8717e6f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt
new file mode 100644
index 0000000..e36d6a5
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt
@@ -0,0 +1,32 @@
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml
new file mode 100644
index 0000000..1a5b0ce
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
new file mode 100644
index 0000000..97c7919
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
@@ -0,0 +1,105 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - policy-clamp-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /etc/nginx/conf.d/default.conf
+ name: {{ include "common.fullname" . }}-config
+ subPath: default.conf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: default.conf
+ path: default.conf
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml
new file mode 100644
index 0000000..8f87c68
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml
new file mode 100644
index 0000000..4cf8155
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml
new file mode 100644
index 0000000..b4549ba
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml
@@ -0,0 +1,43 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
new file mode 100644
index 0000000..91a096d
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -0,0 +1,150 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+subChartsOnly:
+ enabled: true
+
+flavor: small
+
+# application image
+image: onap/policy-clamp-frontend:6.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/nginx/
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: NodePort
+ name: policy-clamp-fe
+ portName: policy-clamp-fe
+ internalPort: 2443
+ nodePort: 58
+
+ # as of 20180904 port 58 is reserved for clamp from log/logdemonode
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "clamp.api"
+ name: "clamp"
+ port: 2443
+ config:
+ ssl: "redirect"
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 200Mi
+ requests:
+ cpu: 1m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ unlimited: {}
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index b2f2b74..22e3dfa 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -48,6 +48,14 @@
version: ~7.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
+ - name: policy-clamp-be
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-be'
+ condition: policy-clamp-be.enabled
+ - name: policy-clamp-fe
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-fe'
+ condition: policy-clamp-fe.enabled
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 0d7ce07..90c9879 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -18,7 +18,7 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
+for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index d098954..678772c 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -66,6 +66,11 @@
policy-distribution:
enabled: true
db: *dbSecretsHook
+policy-clamp-be:
+ enabled: true
+ db: *dbSecretsHook
+policy-clamp-fe:
+ enabled: true
policy-nexus:
enabled: false