[POLICY] Update docker images to latest versions
The image versions in policy values.yaml files have been updated
Added native configurable support in pap and api for strimzi
Added configurable support in api and pap for postgres
*** This commit is generated by a PF release script ***
Issue-ID: POLICY-4648
Change-Id: Ia91ea4a8babc850d0854e299eb80541c1d38285d
Signed-off-by: saul.gill <saul.gill@est.tech>
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index c9d29ce..c47bdd3 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -1,7 +1,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021, 2022 Nordix Foundation
+# Modifications Copyright © 2021, 2022, 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@
- name: mariadb-galera
version: ~12.x-0
repository: '@local'
+ condition: global.mariadb.localCluster
- name: policy-nexus
version: ~12.x-0
repository: 'file://components/policy-nexus'
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index f7f0757..29c9246 100755
--- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -34,3 +34,6 @@
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 2fe354e..3a38b88 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -8,7 +8,7 @@
"https": "false",
"prometheus": true
},
- "pdpStatusParameters":{
+ "pdpStatusParameters": {
"pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
@@ -25,18 +25,38 @@
]
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
}],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topicSinks" : [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+{{ if .Values.global.useStrimziKafkaPf }}
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+{{ else }}
+ "topicCommInfrastructure": "dmaap"
+{{ end }}
+ }]
}
}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
similarity index 71%
rename from kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
rename to kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
index 6213fec..e68c9fd 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
@@ -22,29 +22,53 @@
*/}}
apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
- serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - sh
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
+ - command: ["/bin/sh", "-cx"]
+{{- if .Values.global.useStrimziKafkaPf }}
args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
+ cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ else }}
+ args:
+ - cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
+{{ else }}
+ - name: KAFKA_URL
+ value: message-router
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
{{- end }}
volumeMounts:
- mountPath: /config-input
@@ -58,8 +82,11 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["sh","-c"]
- args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - id apexuser;
+ cat /home/apexuser/config/OnapPfConfig.json;
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -85,12 +112,12 @@
- mountPath: /home/apexuser/config
name: apexconfig
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
- affinity:
+ {{- if .Values.affinity }}
+ affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
new file mode 100644
index 0000000..d2fab9f
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 3ea694f..46eaca2 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -25,6 +25,7 @@
global:
nodePortPrefix: 302
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
@@ -47,7 +48,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.9.1
+image: onap/policy-apex-pdp:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -139,11 +140,11 @@
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: policy-group
+ groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
@@ -158,3 +159,21 @@
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-apex
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 269ecd5..4e73dc0 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -31,7 +31,8 @@
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
@@ -46,6 +47,27 @@
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+{{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
policy-api:
name: ApiGroup
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 580dcdd..1d7e049 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -12,7 +12,11 @@
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -101,4 +105,4 @@
emptyDir:
medium: Memory
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 2ec88ee..ab8c31f 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -24,6 +24,8 @@
global:
nodePortPrefix: 304
persistence: {}
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
@@ -46,7 +48,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.8.1
+image: onap/policy-api:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -58,7 +60,9 @@
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
@@ -104,9 +108,9 @@
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
+ cpu: 150m
memory: 1Gi
large:
limits:
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index ce53aba..47b0955 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -42,7 +42,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-a1pms-ppnt:6.4.1
+image: onap/policy-clamp-ac-a1pms-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-a1pms-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 6f60fec..808c60e 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -42,7 +42,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.4.1
+image: onap/policy-clamp-ac-http-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-http-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 985399a..99f6206 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -43,7 +43,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-k8s-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index cef5200..2871850 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -42,7 +42,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
+image: onap/policy-clamp-ac-kserve-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-kserve-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index 83839f8..c2c43c7 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -54,7 +54,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.4.1
+image: onap/policy-clamp-ac-pf-ppnt:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-ac-pf-ppnt
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 0ec4be4..fef8598 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -49,7 +49,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.4.1
+image: onap/policy-clamp-runtime-acm:6.4.2
pullPolicy: Always
componentName: &componentName policy-clamp-runtime-acm
@@ -124,17 +124,17 @@
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
@@ -149,4 +149,4 @@
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config'
\ No newline at end of file
+ - '{{ include "common.release" . }}-policy-galera-config'
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index e744d09..e367dd0 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -58,7 +58,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.9.1
+image: onap/policy-distribution:2.9.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 7cc347c..6b6c576 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -41,7 +41,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.12.1
+image: onap/policy-pdpd-cl:1.12.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 5e48e99..330161e 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -29,7 +29,7 @@
flavor: small
# application image
-image: onap/policy-gui:2.4.1
+image: onap/policy-gui:2.4.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index ef41d38..1af3368 100755
--- a/kubernetes/policy/components/policy-pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -34,3 +34,6 @@
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 7f6f508..5496d93 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -26,7 +26,8 @@
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
@@ -41,18 +42,27 @@
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
server:
port: 6969
@@ -65,9 +75,15 @@
name: PapGroup
aaf: false
topic:
- pdp-pap.name: POLICY-PDP-PAP
- notification.name: POLICY-NOTIFICATION
- heartbeat.name: POLICY-HEARTBEAT
+ {{ if .Values.global.useStrimziKafkaPf }}
+ pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
+ notification.name: {{ .Values.config.kafka.topics.policyNotification }}
+ heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ {{ else }}
+ pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
+ notification.name: {{ .Values.dmaap.topics.policyNotification }}
+ heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
+ {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
@@ -76,34 +92,82 @@
stateChangeParameters:
maxRetryCount: 1
maxWaitMs: 30000
- savePdpStatisticsInDb: false
+ savePdpStatisticsInDb: true
topicParameterGroup:
topicSources:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
- - topic: POLICY-HEARTBEAT
- effectiveTopic: POLICY-PDP-PAP
- consumerGroup: policy-pap
- servers:
- - message-router
- useHttps: false
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ fetchTimeout: 15000
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
topicSinks:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
- - topic: POLICY-NOTIFICATION
- servers:
- - message-router
- useHttps: false
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyPdpPap }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
+ - useHttps: false
+ {{ if .Values.global.useStrimziKafkaPf }}
+ topic: {{ .Values.config.kafka.topics.policyNotification }}
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ {{ else }}
+ topic: {{ .Values.dmaap.topics.policyNotification }}
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ {{ end }}
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
@@ -128,11 +192,6 @@
password: "${DISTRIBUTION_PASSWORD}"
useHttps: false
basePath: healthcheck
- - clientName: dmaap
- hostname: message-router
- port: 3904
- useHttps: false
- basePath: topics
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 201f487..7890772 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -29,12 +29,18 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+{{- if not .Values.global.useStrimziKafkaPf }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
- command:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
- env:
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }} env:
- name: NAMESPACE
valueFrom:
fieldRef:
@@ -42,7 +48,7 @@
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-db-readiness
- command:
- sh
args:
@@ -65,9 +71,12 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
{{- end }}
volumeMounts:
- mountPath: /config-input
@@ -81,8 +90,11 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
+
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml;
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
diff --git a/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
new file mode 100644
index 0000000..d2fab9f
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafkaPf }}
+{{ include "common.kafkauser" . }}
+{{ end }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 8a638f6..6674eff 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -25,6 +25,9 @@
global:
nodePortPrefixExt: 304
persistence: {}
+ useStrimziKafkaPf: set-via-parent-chart-global-value
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
@@ -66,7 +69,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.8.1
+image: onap/policy-pap:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -79,7 +82,9 @@
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
@@ -124,6 +129,9 @@
ports:
- name: http-api
port: 6969
+ - name: debug-port
+ port: 5005
+ protocol: TCP
ingress:
enabled: false
@@ -132,18 +140,18 @@
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 100m
- memory: 1Gi
- large:
- limits:
cpu: 2
- memory: 8Gi
+ memory: 6Gi
requests:
cpu: 200m
memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 400m
+ memory: 4Gi
unlimited: {}
#Pods Service Account
@@ -171,14 +179,24 @@
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
+ useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
+ topics:
+ policyHeartbeat: policy-heartbeat
+ policyNotification: policy-notification
+ policyPdpPap: policy-pdp-pap
consumer:
- groupId: policy-group
+ groupId: policy-pap
app:
listener:
policyPdpPapTopic: policy-pdp-pap
+
+dmaap:
+ topics:
+ policyHeartbeat: POLICY-HEARTBEAT
+ policyNotification: POLICY-NOTIFICATION
+ policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
@@ -190,3 +208,25 @@
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-pap
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-notification
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 44ae16d..e589c4b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -49,7 +49,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.8.1
+image: onap/policy-xacml-pdp:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -106,18 +106,18 @@
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 2
+ memory: 6Gi
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: 200m
+ memory: 2Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 200m
- memory: 2Gi
+ memory: 4Gi
unlimited: {}
#Pods Service Account
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 4bf9def..f0e91e8 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -16,6 +16,7 @@
# limitations under the License.
*/}}
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -83,6 +84,7 @@
items:
- key: db.sh
path: db.sh
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
@@ -122,13 +124,13 @@
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: PG_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: PG_USER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
@@ -145,6 +147,7 @@
{{ end }}
---
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -217,7 +220,7 @@
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
-
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
apiVersion: batch/v1
@@ -272,9 +275,9 @@
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: SQL_DB
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
@@ -282,7 +285,7 @@
- name: SCRIPT_DIRECTORY
value: "postgres"
- name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/policy/templates/policy-kafka-topics.yaml b/kubernetes/policy/templates/policy-kafka-topics.yaml
index d9d9769..a787b8b 100644
--- a/kubernetes/policy/templates/policy-kafka-topics.yaml
+++ b/kubernetes/policy/templates/policy-kafka-topics.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+{{- if .Values.global.useStrimziKafkaPf }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 7abd75d..9027e49 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -19,6 +19,7 @@
#################################################################
global:
mariadb:
+ localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
@@ -37,6 +38,8 @@
name: postgres
#Strimzi Kafka properties
useStrimziKafka: true
+ # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
+ useStrimziKafkaPf: false
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
kafkaTopics:
@@ -81,19 +84,6 @@
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -163,7 +153,7 @@
#################################################################
dbmigrator:
- image: onap/policy-db-migrator:2.6.1
+ image: onap/policy-db-migrator:2.6.2
schema: policyadmin
policy_home: "/opt/app/policy"
@@ -256,8 +246,8 @@
config:
pgUserName: policy_user
pgDatabase: policyadmin
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
wait_for: