[POLICY] certInit support + refactoring
Several changes are including in this patch:
- certInitializer support (POLICY-2615, REQ-361)
- renamed policy objects to start with "policy-"
prefix (POLICY-1000)
- add resources section to components that did not
have or had it incorrectly set up rendering null
(POLICY-2502)
- Removal of legacy policy-engine components (POLICY-2743)
- Miscellaneous refactoring of charts (POLICY-2745)
- update pdp legacy reference to policy-xacml-pdp from
pdp (legacy)
Issue-ID: POLICY-2615
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
new file mode 100755
index 0000000..ae80b7d
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -0,0 +1,164 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: apiparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.apiParameters.user }}'
+ password: '{{ .Values.apiParameters.password }}'
+ passwordPolicy: required
+ - uid: papparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.papParameters.user }}'
+ password: '{{ .Values.papParameters.password }}'
+ passwordPolicy: required
+ - uid: sdcbe-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}'
+ login: '{{ .Values.sdcBe.user }}'
+ password: '{{ .Values.sdcBe.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-distribution:2.4.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiParameters:
+ user: healthcheck
+ password: zb!XztG34
+papParameters:
+ user: healthcheck
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-distribution-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-distribution
+ portName: policy-distribution
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}