Merge "[POLICY] Add kafka support in policy charts"
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 3a38b88..441955f 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -30,23 +30,17 @@
"useHttps": false,
"fetchTimeout": 15000,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
"security.protocol": "SASL_PLAINTEXT",
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
- }
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
- }],
+ }}],
"topicSinks" : [{
"topic": "${PAP_TOPIC}",
"useHttps": false,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
@@ -54,9 +48,6 @@
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
}
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
}]
}
}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
index daed724..5ba0d82 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
@@ -31,45 +31,29 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command: ["/bin/sh", "-cx"]
-{{- if .Values.global.useStrimziKafkaPf }}
args:
- JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
cd /config-input && for PFILE in `ls -1`;
do envsubst <${PFILE} >/config/${PFILE}; done
-{{ else }}
- args:
- - cd /config-input && for PFILE in `ls -1`;
- do envsubst <${PFILE} >/config/${PFILE}; done
-{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
- name: KAFKA_URL
- value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
- name: SASL
value: {{ .Values.kafkaUser.authenticationType | upper }}
- name: GROUP_ID
value: {{ .Values.config.kafka.consumer.groupId }}
- name: PAP_TOPIC
value: {{ .Values.config.app.listener.policyPdpPapTopic }}
-{{ else }}
- - name: KAFKA_URL
- value: message-router
- - name: PAP_TOPIC
- value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: apexconfig-input
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
index d2fab9f..4259381 100644
--- a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
@@ -13,6 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
+
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index e01cb61..3cea773 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -25,7 +25,6 @@
global:
nodePortPrefix: 302
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
@@ -93,7 +92,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
@@ -145,25 +144,13 @@
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
-# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format instead of yaml.
+
kafkaUser:
authenticationType: scram-sha-512
acls:
@@ -178,7 +165,3 @@
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
index 34d267b..31aa1b7 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
@@ -41,40 +41,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
index 4ed282a..3155cae 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
@@ -41,13 +38,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-a1pms-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
index 92184b8..6fc37c3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index ac74011..5954d65 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -21,8 +21,6 @@
#################################################################
global:
persistence: {}
- #Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -77,7 +75,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
@@ -140,7 +138,3 @@
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index 6cc45cc..a04c37f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -41,40 +41,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
index 8d0d229..dfa6e8d 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
@@ -41,13 +38,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-http-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml
index 92184b8..6fc37c3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 419c2c0..17e4d31 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -22,7 +22,6 @@
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -67,7 +66,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
@@ -130,7 +129,3 @@
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index 761f19c..14deab5 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -43,40 +43,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
index d69a858..d3a280a 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
@@ -41,13 +38,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-k8s-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
index 92184b8..6fc37c3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 5d82c83..407f5dd 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -23,7 +23,6 @@
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -89,7 +88,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
flavor: small
resources:
@@ -147,6 +146,3 @@
type: topic
operations: [Read, Write]
-readinessCheck:
- wait_for:
- - message-router
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
index af9d46a..89cf949 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
@@ -48,40 +48,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
index f5ecd27..0602a82 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
@@ -41,13 +38,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-kserve-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
index 16a3f72..b7e7364 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index a432fff..6f737a0 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -22,7 +22,6 @@
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -67,7 +66,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
@@ -129,7 +128,3 @@
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index f4c26e4..1cd4ba3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -59,40 +59,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
index 5786fcf..038b137 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
@@ -49,13 +46,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-pf-ppnt-config
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml
index 92184b8..6fc37c3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index c867891..b763699 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -22,7 +22,6 @@
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -87,7 +86,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
@@ -151,7 +150,3 @@
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 96cb265..35e42c5 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -75,40 +75,28 @@
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
acmParameters:
toscaElementName: {{ .Values.customNaming.toscaElementName }}
toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
index be8c35a..b732fad 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
@@ -28,9 +28,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
@@ -66,13 +63,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml
index 92184b8..6fc37c3 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 34cceed..cc399d3 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -23,7 +23,6 @@
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
@@ -122,7 +121,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: policy-gui-read
flavor: small
@@ -149,10 +148,6 @@
roles:
- read
-readinessCheck:
- wait_for:
- - message-router
-
wait_for_job_container:
containers:
- '{{ include "common.release" . }}-policy-galera-config'
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index cf3c54a..2e6efae 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -56,15 +56,15 @@
# PDP-D DMaaP configuration channel
-PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
-PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_TOPIC=pdpd_configuration
+PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
-POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_TOPIC=policy-pdp-pap
POLICY_PDP_PAP_GROUP=defaultGroup
POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
@@ -85,13 +85,13 @@
# DCAE DMaaP
-DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
-DCAE_SERVERS=message-router
+DCAE_TOPIC=unauthenticated.dcae_cl_output
+DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
-DMAAP_SERVERS=message-router
+KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DMAAP_HTTPS="false"
# AAI
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
index 761e8af..006388a 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
@@ -15,4 +15,4 @@
# limitations under the License.
*/}}
-POOLING_TOPIC=POOLING
+POOLING_TOPIC=pooling
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml
new file mode 100644
index 0000000..1d571df
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index 013732e..e0e9068 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -59,6 +59,14 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 6e86b3e..710acd2 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -41,7 +41,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:2.1.0
+image: onap/policy-pdpd-cl:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -83,7 +83,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
server:
jvmOpts: -server -XshowSettings:vm
@@ -197,3 +197,24 @@
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-drools-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-drools-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 5496d93..614116a 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -75,15 +75,9 @@
name: PapGroup
aaf: false
topic:
- {{ if .Values.global.useStrimziKafkaPf }}
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
- {{ else }}
- pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
- notification.name: {{ .Values.dmaap.topics.policyNotification }}
- heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
- {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
@@ -97,77 +91,49 @@
topicSources:
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyHeartbeat }}
- effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
topicSinks:
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyNotification }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyNotification }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
+
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 67a2270..cfcbf63 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -29,9 +29,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
@@ -78,13 +75,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
index d2fab9f..6fc37c3 100644
--- a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
@@ -13,6 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 365028c..484ff64 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -25,7 +25,6 @@
global:
nodePortPrefixExt: 304
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
postgres:
localCluster: false
@@ -139,7 +138,7 @@
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: portal-app-read
flavor: small
@@ -185,8 +184,6 @@
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
topics:
policyHeartbeat: policy-heartbeat
@@ -198,11 +195,6 @@
listener:
policyPdpPapTopic: policy-pdp-pap
-dmaap:
- topics:
- policyHeartbeat: POLICY-HEARTBEAT
- policyNotification: POLICY-NOTIFICATION
- policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
@@ -233,6 +225,3 @@
patternType: prefix
operations: [Create, Describe, Read, Write]
-readinessCheck:
- wait_for:
- - message-router
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 08dcb67..7bf6707 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -42,18 +42,30 @@
"applicationPath": "/opt/app/policy/pdpx/apps"
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout" : 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
}],
"topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+ }]
}
}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index b475d2c..403f698 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -53,7 +53,7 @@
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -67,6 +67,19 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml
new file mode 100644
index 0000000..1d571df
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index b9d877f..15ef5e3 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -49,9 +49,11 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:3.1.0
+image: onap/policy-xacml-pdp:3.1.1
pullPolicy: Always
+componentName: &componentName policy-xacml-pdp
+
# flag to enable debugging - application support required
debugEnabled: false
@@ -93,7 +95,7 @@
service:
type: ClusterIP
- name: policy-xacml-pdp
+ name: *componentName
internalPort: 6969
ports:
- name: http
@@ -123,7 +125,7 @@
- serviceAccount: dcae-ves-collector-read
- serviceAccount: dcae-ves-mapper-read
- serviceAccount: dcae-ves-openapi-manager-read
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: oof-read
- serviceAccount: sdnc-read
@@ -147,7 +149,7 @@
#Pods Service Account
serviceAccount:
- nameOverride: policy-xacml-pdp
+ nameOverride: *componentName
roles:
- read
@@ -171,3 +173,26 @@
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-xacml-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-xacml-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+
+
diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml
index a787b8b..feb29f3 100644
--- a/kubernetes/policy/templates/policy-kafka-topics.yaml
+++ b/kubernetes/policy/templates/policy-kafka-topics.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafkaPf }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
@@ -49,4 +49,3 @@
config:
retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
-{{- end }}
diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml
index c000af1..ed399ed 100644
--- a/kubernetes/policy/templates/policy-kafka-user.yaml
+++ b/kubernetes/policy/templates/policy-kafka-user.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
@@ -42,4 +42,3 @@
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
operation: All
-{{- end }}
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 9d08080..370b193 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -44,16 +44,11 @@
name3: tcp-pgset-replica
container:
name: postgres
- #Strimzi Kafka properties
- useStrimziKafka: true
- # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
- useStrimziKafkaPf: false
- kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
-
#################################################################
# Secrets metaconfig
#################################################################
@@ -134,7 +129,7 @@
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: true
+ enabled: false
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
@@ -205,7 +200,6 @@
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10