[POLICY] Move policy dist to use strimzi templates
Move policy dist to use strimzi templates
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I4a03812a7545ce7a4fcd5443a2c0af89933b1a63
Issue-ID: DMAAP-1857
diff --git a/kubernetes/common/common/templates/_strimzikafka.tpl b/kubernetes/common/common/templates/_strimzikafka.tpl
index 3fd46c7..f8f562e 100644
--- a/kubernetes/common/common/templates/_strimzikafka.tpl
+++ b/kubernetes/common/common/templates/_strimzikafka.tpl
@@ -55,7 +55,6 @@
kind: KafkaUser
metadata:
name: {{ include "common.name" . }}-ku
- namespace: {{ include "common.namespace" $global }}
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 94fc37b..0db30b2 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -3,6 +3,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,15 +58,17 @@
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
"environmentName": "AUTO",
- "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "isUseHttpsWithSdc": false,
"keyStorePath": "null",
"keyStorePassword": "null",
"activeserverTlsAuth": false,
- "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
+ "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8080",
"user": "${SDCBE_USER}",
"password": "${SDCBE_PASSWORD}",
- "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
- "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+ {{ with (first .Values.kafkaUser.acls) }}
+ "consumerId": "{{ .name }}-id",
+ "consumerGroup": "{{ .name }}",
+ {{ end }}
"pollingInterval":20,
"pollingTimeout":30,
"artifactTypes": [
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 9c71ac1..082593d 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -76,24 +76,22 @@
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-dist-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- if .Values.global.aafEnabled }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
/opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
{{- else }}
- command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
- args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
- env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+ command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+ args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml b/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml
new file mode 100644
index 0000000..6fc37c3
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml b/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml
deleted file mode 100644
index eb721b0..0000000
--- a/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: Read
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 5cdda2f..f341c97 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+# Modifications Copyright (C) 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -55,13 +56,7 @@
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- - uid: policy-dist-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
+
#################################################################
# Global configuration defaults.
#################################################################
@@ -79,18 +74,16 @@
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- someConfig: blah
- kafka:
- bootstrapServer: strimzi-kafka-bootstrap:9092
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: policy-group
- clientId: policy-distribution
+#Strimzi Kafka User def
+kafkaUser:
+ acls:
+ - name: policy-distribution
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
restServer:
user: healthcheck
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 1ee31c2..7270515 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,7 +38,6 @@
name: postgres
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
- policyDistKafkaUser: policy-dist-kafka-user
#################################################################
# Secrets metaconfig
@@ -128,8 +127,6 @@
policy-distribution:
enabled: true
db: *dbSecretsHook
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}'
policy-clamp-ac-k8s-ppnt:
enabled: true
config: