diff --git a/NOTICE b/NOTICE
index 18a8bce8cd55868b7780d82f51595c91a6747b28..2a75049834b672a86a6dc9cde2dd68b5f671670b 100644
--- a/NOTICE
+++ b/NOTICE
@@ -8,6 +8,7 @@ Apache-2.0
========================================================================
The following software have components provided under the terms of this license:
+- asgiref (from https://github.com/django/asgiref/)
- boto3 (from https://github.com/boto/boto3)
- botocore (from https://github.com/boto/botocore)
- coverage (from https://github.com/nedbat/coveragepy)
@@ -17,101 +18,63 @@ The following software have components provided under the terms of this license:
- google-api-core (from https://github.com/googleapis/python-api-core)
- google-auth (from https://github.com/GoogleCloudPlatform/google-auth-library-python, https://github.com/googleapis/google-auth-library-python)
- google-cloud-core (from https://github.com/googleapis/python-cloud-core)
-- google-cloud-storage (from https://github.com/GoogleCloudPlatform/google-cloud-python, https://github.com/googleapis/python-storage)
+- google-cloud-storage (from https://github.com/googleapis/python-storage)
- google-crc32c (from https://github.com/googleapis/python-crc32c)
- google-resumable-media (from https://github.com/googleapis/google-resumable-media-python)
- googleapis-common-protos (from https://github.com/googleapis/python-api-common-protos)
-- importlib-metadata
-- packaging (from https://github.com/pypa/packaging, https://pypi.org/project/packaging/22.0/)
+- packaging (from https://pypi.org/project/packaging/22.0/)
- pytest-asyncio (from https://github.com/pytest-dev/pytest-asyncio)
- pytest-dependency (from https://github.com/RKrahl/pytest-dependency)
- python-dateutil (from https://github.com/dateutil/dateutil)
- python-multipart (from http://github.com/andrew-d/python-multipart)
- requests (from http://python-requests.org, https://requests.readthedocs.io)
- responses (from https://github.com/getsentry/responses)
-- rfc3986 (from https://rfc3986.readthedocs.org)
- rsa (from https://stuvel.eu/rsa)
- s3transfer (from https://github.com/boto/s3transfer)
- sniffio (from https://github.com/python-trio/sniffio)
- tenacity (from https://github.com/jd/tenacity)
-- toposort (from https://bitbucket.org/ericvsmith/toposort, https://pypi.org/project/toposort/1.7/)
-- types-cryptography (from https://github.com/python/typeshed)
-- types-toml (from https://github.com/python/typeshed)
-- urllib3 (from https://urllib3.readthedocs.io/)
========================================================================
BSD-2-Clause
========================================================================
The following software have components provided under the terms of this license:
-- mock (from http://mock.readthedocs.org/en/latest/, https://github.com/testing-cabal/mock)
-- oauthlib (from https://github.com/idan/oauthlib, https://github.com/oauthlib/oauthlib)
-- packaging (from https://github.com/pypa/packaging, https://pypi.org/project/packaging/22.0/)
-- protobuf (from https://developers.google.com/protocol-buffers/)
-- pyasn1 (from http://sourceforge.net/projects/pyasn1/, https://github.com/etingof/pyasn1)
-- pyasn1-modules (from http://sourceforge.net/projects/pyasn1/, https://github.com/etingof/pyasn1-modules)
+- oauthlib (from https://github.com/oauthlib/oauthlib)
+- packaging (from https://pypi.org/project/packaging/22.0/)
+- pyasn1 (from https://github.com/etingof/pyasn1)
+- pyasn1-modules (from https://github.com/etingof/pyasn1-modules)
========================================================================
BSD-3-Clause
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- Jinja2 (from http://jinja.pocoo.org/, https://palletsprojects.com/p/jinja/)
- MarkupSafe (from https://palletsprojects.com/p/markupsafe/)
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
- asgiref (from https://github.com/django/asgiref/)
-- click (from http://github.com/mitsuhiko/click, https://palletsprojects.com/p/click/)
+- click (from https://palletsprojects.com/p/click/)
- cryptography (from https://github.com/pyca/cryptography)
-- httpcore (from https://github.com/encode/httpcore)
-- httpx (from https://github.com/encode/httpx, https://pypi.org/project/httpx/0.23.1/)
-- idna (from https://github.com/kjd/idna, https://pypi.org/project/idna/3.4/)
-- isodate (from http://cheeseshop.python.org/pypi/isodate)
-- itsdangerous (from http://github.com/mitsuhiko/itsdangerous, https://palletsprojects.com/p/itsdangerous/)
+- idna (from https://pypi.org/project/idna/3.4/)
+- isodate (from https://github.com/gweis/isodate/)
- jinja2
-- mock (from https://github.com/testing-cabal/mock)
-- oauthlib (from https://github.com/idan/oauthlib, https://github.com/oauthlib/oauthlib)
+- oauthlib (from https://github.com/oauthlib/oauthlib)
- packaging (from https://pypi.org/project/packaging/22.0/)
- protobuf (from https://developers.google.com/protocol-buffers/)
- pycparser (from https://github.com/eliben/pycparser)
-- pyparsing (from http://pyparsing.wikispaces.com/)
-- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
+- pyrsistent (from https://github.com/tobgu/pyrsistent/)
- python-dateutil (from https://github.com/dateutil/dateutil)
- sniffio (from https://github.com/python-trio/sniffio)
-- starlette (from https://github.com/encode/starlette, https://pypi.org/project/starlette/0.21.0/, https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.0/, https://pypi.org/project/starlette/0.23.1/)
-- uvicorn (from https://github.com/tomchristie/uvicorn, https://pypi.org/project/uvicorn/0.18.3/, https://pypi.org/project/uvicorn/0.19.0/, https://pypi.org/project/uvicorn/0.20.0/, https://www.uvicorn.org/)
-
-========================================================================
-CC-BY-2.5
-========================================================================
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-
-========================================================================
-CC-BY-3.0
-========================================================================
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-
-========================================================================
-CC0-1.0
-========================================================================
-- ecdsa (from http://github.com/tlsfuzzer/python-ecdsa)
-
-========================================================================
-GPL-3.0-only
-========================================================================
-- rfc3986 (from https://rfc3986.readthedocs.org)
+- starlette (from https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.1/)
+- uvicorn (from https://github.com/tomchristie/uvicorn, https://pypi.org/project/uvicorn/0.20.0/, https://www.uvicorn.org/)
========================================================================
ISC
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- Jinja2 (from http://jinja.pocoo.org/, https://palletsprojects.com/p/jinja/)
- MarkupSafe (from https://palletsprojects.com/p/markupsafe/)
-- Werkzeug (from https://palletsprojects.com/p/werkzeug/)
-- click (from http://github.com/mitsuhiko/click, https://palletsprojects.com/p/click/)
-- itsdangerous (from http://github.com/mitsuhiko/itsdangerous, https://palletsprojects.com/p/itsdangerous/)
+- click (from https://palletsprojects.com/p/click/)
- jinja2
- requests-oauthlib (from https://github.com/requests/requests-oauthlib)
@@ -129,11 +92,6 @@ The following software have components provided under the terms of this license:
- chardet (from https://github.com/chardet/chardet)
-========================================================================
-LGPL-3.0-only
-========================================================================
-- chardet (from https://github.com/chardet/chardet)
-
========================================================================
LGPL-3.0-or-later
========================================================================
@@ -146,60 +104,48 @@ MIT
========================================================================
The following software have components provided under the terms of this license:
-- Flask (from https://palletsprojects.com/p/flask)
- PyJWT (from http://github.com/jpadilla/pyjwt, https://github.com/jpadilla/pyjwt)
-- PyYAML (from http://pyyaml.org/wiki/PyYAML)
-- anyio (from https://pypi.org/project/anyio/3.3.0/, https://pypi.org/project/anyio/3.6.1/, https://pypi.org/project/anyio/3.6.2/)
+- anyio (from https://pypi.org/project/anyio/3.3.0/, https://pypi.org/project/anyio/3.6.2/)
- attrs (from https://attrs.readthedocs.io/, https://www.attrs.org/)
- azure-common (from https://github.com/Azure/azure-sdk-for-python)
- azure-core (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/core/azure-core)
-- azure-identity (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity, https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/identity/azure-identity)
-- azure-keyvault-secrets (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets, https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-secrets)
+- azure-identity (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity)
+- azure-keyvault-secrets (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/keyvault/azure-keyvault-secrets)
- azure-storage-blob (from https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/storage/azure-storage-blob)
- botocore (from https://github.com/boto/botocore)
- cachetools (from https://github.com/tkem/cachetools/)
- cffi
- coloredlogs (from https://coloredlogs.readthedocs.io)
- coverage (from https://github.com/nedbat/coveragepy)
-- ecdsa (from http://github.com/tlsfuzzer/python-ecdsa)
-- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.0/, https://pypi.org/project/exceptiongroup/1.0.0rc9/, https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.0.4/)
-- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/, https://pypi.org/project/fastapi/0.85.2/, https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
+- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.1.0/)
+- fastapi (from https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
- h11
- humanfriendly (from https://humanfriendly.readthedocs.io)
- iniconfig (from http://github.com/RonnyPfannschmidt/iniconfig)
- jmespath (from https://github.com/jmespath/jmespath.py)
- jsonschema
- msal (from https://github.com/AzureAD/microsoft-authentication-library-for-python)
-- msal-extensions (from https://pypi.org/project/msal-extensions/0.1.3/, https://pypi.org/project/msal-extensions/1.0.0/)
+- msal-extensions (from https://pypi.org/project/msal-extensions/1.0.0/)
- msrest (from https://github.com/Azure/msrest-for-python)
- munch (from http://github.com/Infinidat/munch)
- pluggy
- py (from https://py.readthedocs.io/)
- pydantic (from https://github.com/pydantic/pydantic, https://github.com/samuelcolvin/pydantic)
-- pyparsing (from http://pyparsing.wikispaces.com/)
-- pyrsistent (from http://github.com/tobgu/pyrsistent/, https://github.com/tobgu/pyrsistent/)
+- pyrsistent (from https://github.com/tobgu/pyrsistent/)
- pytest (from http://pytest.org, https://docs.pytest.org/en/latest/)
- pytest-cov (from https://github.com/pytest-dev/pytest-cov)
-- pytest-httpx (from https://colin-b.github.io/pytest_httpx/)
- pytest-mock (from https://github.com/pytest-dev/pytest-mock/)
- pytest-order (from https://github.com/pytest-dev/pytest-order)
-- python-jose (from http://github.com/mpdavis/python-jose)
- pytz (from http://pythonhosted.org/pytz)
- requests (from http://python-requests.org, https://requests.readthedocs.io)
-- six (from http://pypi.python.org/pypi/six/, https://github.com/benjaminp/six)
+- six (from https://github.com/benjaminp/six)
- sniffio (from https://github.com/python-trio/sniffio)
-- starlette (from https://github.com/encode/starlette, https://pypi.org/project/starlette/0.21.0/, https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.0/, https://pypi.org/project/starlette/0.23.1/)
+- starlette (from https://pypi.org/project/starlette/0.22.0/, https://pypi.org/project/starlette/0.23.1/)
- starlette-context (from https://github.com/tomwojcik/starlette-context)
-- toml (from https://github.com/uiri/toml)
- tomli (from https://pypi.org/project/tomli/1.2.2/, https://pypi.org/project/tomli/2.0.0/, https://pypi.org/project/tomli/2.0.1/)
- urllib3 (from https://urllib3.readthedocs.io/)
- uuid7 (from https://github.com/stevesimmons/uuid7)
-========================================================================
-MIT-CMU
-========================================================================
-- pyparsing (from http://pyparsing.wikispaces.com/)
-
========================================================================
MPL-2.0
========================================================================
@@ -221,20 +167,12 @@ Python-2.0
The following software have components provided under the terms of this license:
- cryptography (from https://github.com/pyca/cryptography)
-- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.0/, https://pypi.org/project/exceptiongroup/1.0.0rc9/, https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.0.4/)
-- fastapi (from https://pypi.org/project/fastapi/0.85.0/, https://pypi.org/project/fastapi/0.85.1/, https://pypi.org/project/fastapi/0.85.2/, https://pypi.org/project/fastapi/0.86.0/, https://pypi.org/project/fastapi/0.88.0/)
+- exceptiongroup (from https://pypi.org/project/exceptiongroup/1.0.1/, https://pypi.org/project/exceptiongroup/1.1.0/)
- portalocker (from https://github.com/WoLpH/portalocker)
- protobuf (from https://developers.google.com/protocol-buffers/)
-- pytest-mock (from https://github.com/pytest-dev/pytest-mock/)
-- sniffio (from https://github.com/python-trio/sniffio)
-- typing-extensions (from https://pypi.org/project/typing-extensions/4.2.0/, https://pypi.org/project/typing-extensions/4.4.0/)
+- typing-extensions (from https://pypi.org/project/typing-extensions/4.4.0/)
- urllib3 (from https://urllib3.readthedocs.io/)
-========================================================================
-libgd-2018
-========================================================================
-- pytz (from http://pythonhosted.org/pytz)
-
========================================================================
mit-old-style-no-advert
========================================================================
diff --git a/devops/gcp/configmap/Chart.yaml b/devops/gcp/configmap/Chart.yaml
deleted file mode 100644
index dd1e7b12021286858d1d01a39afd16ef8274f757..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: gcp-policy-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/devops/gcp/configmap/README.md b/devops/gcp/configmap/README.md
deleted file mode 100644
index ee7988b31de7d47d3bfbcafa6dfa44cbbac9f827..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap/README.md
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**logLevel** | logging level | string | INFO | yes
-**opaHost** | OPA host | string | "http://opa" | yes
-**entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
-**entitlementsBasePath** | Entitlements path | string | "/api/entitlements/v2/groups" | yes
-**legalHost** | Legal host | string | "http://legal" | yes
-**bucketName** | bucket name | string | - | yes
-**useBundles** | use bundle or not | string | "yes" | yes
-
-### On-prem variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**minioHost** | minio host | string | http://minio:9000 | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap to be used | string | policy-config | yes
-**appName** | name of the app | string | policy | yes
-
-### Bootstrap variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**dataPartitionId** | ID of data partition | string | - | yes
-**dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-policy-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-policy-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)
diff --git a/devops/gcp/configmap/values.yaml b/devops/gcp/configmap/values.yaml
deleted file mode 100644
index da6951c0cf702276c1f8f8f361bb7bb9d1e886d9..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-data:
- logLevel: "ERROR"
- opaHost: "http://opa"
- entitlementsHost: "http://entitlements"
- entitlementsBasePath: "/api/entitlements/v2/groups"
- legalHost: "http://legal"
- bucketName: ""
- useBundles: "yes"
- dataPartitionId: ""
- dataPartitionIdList: []
- #on-prem only
- minioHost: "http://minio:9000"
-
-conf:
- configmap: "policy-config"
- appName: "policy"
- onPremEnabled: false
diff --git a/devops/gcp/configmap_opa/Chart.yaml b/devops/gcp/configmap_opa/Chart.yaml
deleted file mode 100644
index f6890611573f2066794f07e2063a2fb9abea8ada..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap_opa/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: gcp-opa-configmap
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/devops/gcp/configmap_opa/README.md b/devops/gcp/configmap_opa/README.md
deleted file mode 100644
index d933e8309511aa70cdeedaaf6b48a7d2b61be192..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap_opa/README.md
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--- Configmap -->
-
-# Configmap helm chart
-
-## Introduction
-
-This chart bootstraps a configmap deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**bucketName** | bucket name | string | - | yes
-**scopes** | scope of OPA | string | "https://www.googleapis.com/auth/devstorage.read_only" | yes
-**entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
-**legalHost** | Legal host | string | "http://legal" | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**configmap** | configmap to be used | string | opa-config | yes
-**envConfig** | configmap with env vars | string | opa-env-config | yes
-**appName** | name of the app | string | opa | yes
-**dataPartitionId** | data partition id | string | - | yes
-**dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**minDelaySeconds** | min delay for bundle download | num | 6 | yes
-**maxDelaySeconds** | max delay for bundle download | num | 12 | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-opa-configmap .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-opa-configmap
-```
-
-[Move-to-Top](#configmap-helm-chart)
diff --git a/devops/gcp/configmap_opa/values.yaml b/devops/gcp/configmap_opa/values.yaml
deleted file mode 100644
index 8b36523d4b452fbaad271f1a21200a703407b771..0000000000000000000000000000000000000000
--- a/devops/gcp/configmap_opa/values.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-data:
- bucketName: ""
- scopes: "https://www.googleapis.com/auth/devstorage.read_only"
- legalHost: "http://legal"
- entitlementsHost: "http://entitlements"
- dataPartitionId: ""
- dataPartitionIdList: []
-
-conf:
- configmap: "opa-config"
- envConfig: "opa-env-config"
- appName: "opa"
- minDelaySeconds: 6
- maxDelaySeconds: 12
- onPremEnabled: false
diff --git a/devops/gcp/deploy/Chart.yaml b/devops/gcp/deploy/Chart.yaml
index 24970e50143875e48c45da4b32d9211b01043078..e48b4c0c028e86b79b6a7781ef1f1f056f4aa2da 100644
--- a/devops/gcp/deploy/Chart.yaml
+++ b/devops/gcp/deploy/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.1.0
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.18.0"
diff --git a/devops/gcp/deploy/README.md b/devops/gcp/deploy/README.md
index 216981f220f3950d80ec05d98f9f1165ed86cd2a..2ac7a322b652747e4f71e03e0fb58750911ce8d7 100644
--- a/devops/gcp/deploy/README.md
+++ b/devops/gcp/deploy/README.md
@@ -1,14 +1,14 @@
<!--- Deploy -->
-# Deploy helm chart
+# GC Policy service
## Introduction
-This chart bootstraps a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
+This chart deploys policy service on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
## Prerequisites
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
+The code was tested on **Kubernetes cluster** (v1.23.12) with **Istio** (1.15)
> It is possible to use other versions, but it hasn't been tested
@@ -21,7 +21,7 @@ The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WS
Packages are only needed for installation from a local computer.
- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+- **Kubectl** (version: v1.23.12 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
## Installation
@@ -31,33 +31,69 @@ First you need to set variables in **values.yaml** file using any code editor. S
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requests CPU | string | 0.1 | yes
-**requestsMemory** | amount of requests memory| string | 128M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | - | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**data.logLevel** | logging level | string | INFO | yes
+**data.image** | policy image name | string | - | yes
+**data.requestsCpu** | amount of requests CPU | string | 50m | yes
+**data.requestsMemory** | amount of requests memory| string | 128M | yes
+**data.limitsCpu** | CPU limit | string | 1 | yes
+**data.limitsMemory** | memory limit | string | 1G | yes
+**data.serviceAccountName** | name of your service account | string | - | yes
+**data.imagePullPolicy** | when to pull image | string | IfNotPresent | yes
+**data.bucketName** | bucket name | string | - | yes
+**data.scopes** | scope of OPA | string | "https://www.googleapis.com/auth/devstorage.read_only" | yes
+**data.entitlementsHost** | Entitlements host | string | "http://entitlements" | yes
+**data.entitlementsBasePath** | Entitlements path | string | "/api/entitlements/v2/groups" | yes
+**data.useBundles** | use bundle or not | string | "yes" | yes
+**data.legalHost** | Legal host | string | "http://legal" | yes
+
+### On-prem variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**conf.onPremEnabled** | whether on-prem is enabled | boolean | false | yes
+**data.minioHost** | minio host | string | http://minio:9000 | yes
+**conf.minioSecretName** | secret name for the app | string | "policy-minio-secret" | yes
### Config variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**appName** | name of the app | string | policy | yes
-**configmap** | configmap to be used | string | policy-config | yes
-**domain** | your domain | string | - | yes
-**minioSecretName** | secret name for the app | string | "policy-minio-secret" | yes
-**bootstrapSecretName** | secret name for the bootstrap | string | "minio-bootstrap-secret" | yes
+**conf.appName** | name of the app | string | policy | yes
+**conf.configmap** | configmap to be used | string | policy-config | yes
+**conf.domain** | your domain | string | - | yes
+**conf.bootstrapSecretName** | secret name for the bootstrap | string | "minio-bootstrap-secret" | yes
+**data.dataPartitionId** | data partition id | string | - | yes
+**data.dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | no
+**conf.minDelaySeconds** | min delay for bundle download | num | 6 | yes
+**conf.maxDelaySeconds** | max delay for bundle download | num | 12 | yes
### Bootstrap variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**dataPartitionId** | ID of data partition | string | - | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**bootstrapImage** | image for bootstrap deployment | string | - | yes
-**bootstrapServiceAccountName** | service account for bootstrap deployment | string | - | yes
+**data.bootstrapImage** | image for bootstrap deployment | string | - | yes
+**data.bootstrapServiceAccountName** | service account for bootstrap deployment | string | - | yes
+
+### OPA variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**opa.conf.configmap** | configmap to be used | string | opa-config | yes
+**opa.conf.envConfig** | configmap with env vars | string | opa-env-config | yes
+**opa.conf.appName** | name of the app | string | opa | yes
+**opa.data.serviceAccountName** | name of your service account | string | opa-k8s | yes
+**opa.data.image** | image name | string | - | yes
+
+### ISTIO variables
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 500m | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | 32Mi | yes
+**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 512Mi | yes
+**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
+**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | 100m | yes
### Install the helm chart
@@ -75,4 +111,4 @@ To uninstall the helm deployment:
helm uninstall gcp-policy-deploy
```
-[Move-to-Top](#deploy-helm-chart)
+[Move-to-Top](#gc-policy-service)
diff --git a/devops/gcp/configmap_opa/templates/opa-configmap.yaml b/devops/gcp/deploy/templates/opa-configmap.yaml
similarity index 95%
rename from devops/gcp/configmap_opa/templates/opa-configmap.yaml
rename to devops/gcp/deploy/templates/opa-configmap.yaml
index 872d772160dca4c3562dbdea70bc857e2594d159..304893f49b541d7e82cd2d80c9afc08cb781290d 100644
--- a/devops/gcp/configmap_opa/templates/opa-configmap.yaml
+++ b/devops/gcp/deploy/templates/opa-configmap.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.configmap }}"
+ app: "{{ .Values.opa.conf.appName }}"
+ name: "{{ .Values.opa.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
{{- if not .Values.conf.onPremEnabled }}
@@ -56,4 +56,3 @@ data:
resource: 'bundle-{{ . }}.tar.gz'
{{- end }}
{{- end }}
-
diff --git a/devops/gcp/opa/templates/deployment.yaml b/devops/gcp/deploy/templates/opa-deployment.yaml
similarity index 76%
rename from devops/gcp/opa/templates/deployment.yaml
rename to devops/gcp/deploy/templates/opa-deployment.yaml
index 31cb34f7c9603d546a4ca3d4289562e45e051910..04be288227f2975cf36079f1d6747824376c3764 100644
--- a/devops/gcp/opa/templates/deployment.yaml
+++ b/devops/gcp/deploy/templates/opa-deployment.yaml
@@ -1,9 +1,9 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
@@ -11,22 +11,22 @@ spec:
type: Recreate
selector:
matchLabels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
template:
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
sidecar.istio.io/proxyCPU: {{ .Values.istio.proxyCPU | quote }}
sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
sidecar.istio.io/proxyCPULimit: {{ .Values.istio.proxyCPULimit | quote }}
sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
spec:
containers:
- - name: "{{ .Values.conf.appName }}"
- image: "{{ .Values.data.image }}"
+ - name: "{{ .Values.opa.conf.appName }}"
+ image: "{{ .Values.opa.data.image }}"
imagePullPolicy: "{{ .Values.data.imagePullPolicy }}"
ports:
- containerPort: 8181
@@ -44,10 +44,10 @@ spec:
memory: "{{ .Values.data.limitsMemory }}"
volumeMounts:
- mountPath: /config
- name: "{{ .Values.conf.configmap }}"
+ name: "{{ .Values.opa.conf.configmap }}"
envFrom:
- configMapRef:
- name: "{{ .Values.conf.envConfig }}"
+ name: "{{ .Values.opa.conf.envConfig }}"
{{- if .Values.conf.onPremEnabled }}
env:
- name: AWS_ACCESS_KEY_ID
@@ -67,7 +67,7 @@ spec:
key: AWS_REGION
{{- end }}
volumes:
- - name: "{{ .Values.conf.configmap }}"
+ - name: "{{ .Values.opa.conf.configmap }}"
configMap:
- name: "{{ .Values.conf.configmap }}"
- serviceAccountName: "{{ .Values.data.serviceAccountName }}"
+ name: "{{ .Values.opa.conf.configmap }}"
+ serviceAccountName: "{{ .Values.opa.data.serviceAccountName }}"
diff --git a/devops/gcp/configmap_opa/templates/opa-env-configmap.yaml b/devops/gcp/deploy/templates/opa-env-configmap.yaml
similarity index 71%
rename from devops/gcp/configmap_opa/templates/opa-env-configmap.yaml
rename to devops/gcp/deploy/templates/opa-env-configmap.yaml
index 50f54952a46ea7fef6330c4358341eec8530eece..9e00acf413db948017773d8eff0ff14d3ca57e59 100644
--- a/devops/gcp/configmap_opa/templates/opa-env-configmap.yaml
+++ b/devops/gcp/deploy/templates/opa-env-configmap.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
- app: "{{ .Values.conf.appName }}"
- name: "{{ .Values.conf.envConfig }}"
+ app: "{{ .Values.opa.conf.appName }}"
+ name: "{{ .Values.opa.conf.envConfig }}"
namespace: "{{ .Release.Namespace }}"
data:
LEGAL_BASE_URL: "{{ .Values.data.legalHost }}"
diff --git a/devops/gcp/opa/templates/service-account.yaml b/devops/gcp/deploy/templates/opa-service-account.yaml
similarity index 72%
rename from devops/gcp/opa/templates/service-account.yaml
rename to devops/gcp/deploy/templates/opa-service-account.yaml
index 25fd74efbfca059f541af82d98b676cfcb930d64..3a26b041e91ef6fd3f30dd8e5b312c2cf755fceb 100644
--- a/devops/gcp/opa/templates/service-account.yaml
+++ b/devops/gcp/deploy/templates/opa-service-account.yaml
@@ -2,6 +2,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: "{{ .Values.data.serviceAccountName }}"
+ name: "{{ .Values.opa.data.serviceAccountName }}"
namespace: "{{ .Release.Namespace }}"
{{- end }}
diff --git a/devops/gcp/opa/templates/service.yaml b/devops/gcp/deploy/templates/opa-service.yaml
similarity index 62%
rename from devops/gcp/opa/templates/service.yaml
rename to devops/gcp/deploy/templates/opa-service.yaml
index bcd7ce28752255e0a47c6e2e5b0ae71f3e2fda04..501bc80a658f2cf38a12d5363a9db9eceace132a 100644
--- a/devops/gcp/opa/templates/service.yaml
+++ b/devops/gcp/deploy/templates/opa-service.yaml
@@ -1,9 +1,9 @@
kind: Service
apiVersion: v1
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
labels:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
type: ClusterIP
@@ -13,4 +13,4 @@ spec:
targetPort: 8181
name: http
selector:
- app: "{{ .Values.conf.appName }}"
+ app: "{{ .Values.opa.conf.appName }}"
diff --git a/devops/gcp/opa/templates/virtual-service.yaml b/devops/gcp/deploy/templates/opa-virtual-service.yaml
similarity index 69%
rename from devops/gcp/opa/templates/virtual-service.yaml
rename to devops/gcp/deploy/templates/opa-virtual-service.yaml
index d8b0696fd0a1cfa78793af12f6ccf638085eb518..cdbc4db14035d7cacffc1e2d4a9f141a0debb13b 100644
--- a/devops/gcp/opa/templates/virtual-service.yaml
+++ b/devops/gcp/deploy/templates/opa-virtual-service.yaml
@@ -1,12 +1,14 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
- name: "{{ .Values.conf.appName }}"
+ name: "{{ .Values.opa.conf.appName }}"
namespace: "{{ .Release.Namespace }}"
spec:
hosts:
- {{- if .Values.conf.domain }}
+ {{- if and .Values.conf.domain .Values.conf.onPremEnabled }}
- {{ printf "osdu.%s" .Values.conf.domain | quote }}
+ {{- else if .Values.conf.domain }}
+ - {{ .Values.conf.domain | quote }}
{{- else }}
- "*"
{{- end }}
@@ -28,6 +30,6 @@ spec:
prefix: "/v1/status"
route:
- destination:
- host: "{{ .Values.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
+ host: "{{ .Values.opa.conf.appName }}.{{ .Release.Namespace }}.svc.cluster.local"
port:
number: 80
diff --git a/devops/gcp/configmap/templates/policy-configmap-bootstrap.yaml b/devops/gcp/deploy/templates/policy-configmap-bootstrap.yaml
similarity index 100%
rename from devops/gcp/configmap/templates/policy-configmap-bootstrap.yaml
rename to devops/gcp/deploy/templates/policy-configmap-bootstrap.yaml
diff --git a/devops/gcp/configmap/templates/policy-configmap.yaml b/devops/gcp/deploy/templates/policy-configmap.yaml
similarity index 90%
rename from devops/gcp/configmap/templates/policy-configmap.yaml
rename to devops/gcp/deploy/templates/policy-configmap.yaml
index d5dae9b58df5f3ac793b4e3564039c3c9bebb6dc..c25fc1979ffd655c4f87f20087810bcb54b7927e 100644
--- a/devops/gcp/configmap/templates/policy-configmap.yaml
+++ b/devops/gcp/deploy/templates/policy-configmap.yaml
@@ -7,7 +7,7 @@ metadata:
namespace: "{{ .Release.Namespace }}"
data:
LOG_LEVEL: "{{ .Values.data.logLevel }}"
- OPA_URL: "{{ .Values.data.opaHost }}"
+ OPA_URL: {{ printf "http://%s" .Values.opa.conf.appName | quote }}
ENTITLEMENTS_BASE_URL: "{{ .Values.data.entitlementsHost }}"
ENTITLEMENTS_BASE_PATH: "{{ .Values.data.entitlementsBasePath }}"
LEGAL_BASE_URL: "{{ .Values.data.legalHost }}"
diff --git a/devops/gcp/deploy/templates/deployment-bootstrap.yaml b/devops/gcp/deploy/templates/policy-deployment-bootstrap.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/deployment-bootstrap.yaml
rename to devops/gcp/deploy/templates/policy-deployment-bootstrap.yaml
diff --git a/devops/gcp/deploy/templates/deployment.yaml b/devops/gcp/deploy/templates/policy-deployment.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/deployment.yaml
rename to devops/gcp/deploy/templates/policy-deployment.yaml
diff --git a/devops/gcp/deploy/templates/service-account.yaml b/devops/gcp/deploy/templates/policy-service-account.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/service-account.yaml
rename to devops/gcp/deploy/templates/policy-service-account.yaml
diff --git a/devops/gcp/deploy/templates/service.yaml b/devops/gcp/deploy/templates/policy-service.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/service.yaml
rename to devops/gcp/deploy/templates/policy-service.yaml
diff --git a/devops/gcp/deploy/templates/virtual-service.yaml b/devops/gcp/deploy/templates/policy-virtual-service.yaml
similarity index 100%
rename from devops/gcp/deploy/templates/virtual-service.yaml
rename to devops/gcp/deploy/templates/policy-virtual-service.yaml
diff --git a/devops/gcp/deploy/values.yaml b/devops/gcp/deploy/values.yaml
index c4b4416c458f6b2ca99b4554d34593b1c4b5435c..350e321c2808b36927fa084262824ea9eea71630 100644
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -1,5 +1,7 @@
+# Common values for all deployments
data:
- requestsCpu: "0.1"
+ # Deployment resources
+ requestsCpu: "50m"
requestsMemory: "128M"
limitsCpu: "1"
limitsMemory: "1G"
@@ -8,19 +10,42 @@ data:
image: ""
bootstrapImage: ""
bootstrapServiceAccountName: ""
+ # ConfigMap resources
+ logLevel: "ERROR"
+ entitlementsHost: "http://entitlements"
+ entitlementsBasePath: "/api/entitlements/v2/groups"
+ legalHost: "http://legal"
+ bucketName: ""
+ useBundles: "yes"
+ dataPartitionId: ""
+ dataPartitionIdList: []
+ scopes: "https://www.googleapis.com/auth/devstorage.read_only"
+ # on-prem only
+ minioHost: "http://minio:9000"
conf:
- configmap: "policy-config"
appName: "policy"
+ configmap: "policy-config"
domain: ""
minioSecretName: "policy-minio-secret"
bootstrapSecretName: "minio-bootstrap-secret"
onPremEnabled: false
+ minDelaySeconds: 6
+ maxDelaySeconds: 12
+
+opa:
+ data:
+ image: "openpolicyagent/opa:0.46.0-rootless"
+ serviceAccountName: "opa"
+ conf:
+ configmap: "opa-config"
+ envConfig: "opa-env-config"
+ appName: "opa"
istio:
- proxyCPU: "50m"
+ proxyCPU: "10m"
proxyCPULimit: "500m"
- proxyMemory: "64Mi"
+ proxyMemory: "32Mi"
proxyMemoryLimit: "512Mi"
bootstrapProxyCPU: "10m"
bootstrapProxyCPULimit: "100m"
diff --git a/devops/gcp/opa/Chart.yaml b/devops/gcp/opa/Chart.yaml
deleted file mode 100644
index 4c24a54bc116b4db0a4b20d855f810b21b58d392..0000000000000000000000000000000000000000
--- a/devops/gcp/opa/Chart.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-name: gcp-opa-deploy
-description: A Helm chart for Kubernetes
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.0.0
-
diff --git a/devops/gcp/opa/README.md b/devops/gcp/opa/README.md
deleted file mode 100644
index f2dde83b505e57ad7ba51b8316177ba1f438b20f..0000000000000000000000000000000000000000
--- a/devops/gcp/opa/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--- Deploy -->
-
-# Deploy helm chart
-
-## Introduction
-
-This chart bootstraps a deployment on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-The code was tested on **Kubernetes cluster** (v1.21.11) with **Istio** (1.12.6)
-
-> It is possible to use other versions, but it hasn't been tested
-
-### Operation system
-
-The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.
-
-### Packages
-
-Packages are only needed for installation from a local computer.
-
-- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
-- **Kubectl** (version: v1.21.0 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-
-## Installation
-
-First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.
-
-### Common variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**image** | your image name | string | - | yes
-**requestsCpu** | amount of requests CPU | string | 0.1 | yes
-**requestsMemory** | amount of requests memory| string | 128M | yes
-**limitsCpu** | CPU limit | string | 1 | yes
-**limitsMemory** | memory limit | string | 1G | yes
-**serviceAccountName** | name of your service account | string | opa-k8s | yes
-**imagePullPolicy** | when to pull image | string | IfNotPresent | yes
-
-### Config variables
-
-| Name | Description | Type | Default |Required |
-|------|-------------|------|---------|---------|
-**appName** | name of the app | string | opa | yes
-**configmap** | configmap to be used | string | opa-config | yes
-**domain** | your domain | string | - | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**envConfig** | configmap for opa deploy | string | opa-env-config | yes
-**minioSecretName** | secret for opa deploy | string | policy-minio-secret | yes
-
-### Install the helm chart
-
-Run this command from within this directory:
-
-```console
-helm install gcp-opa-deploy .
-```
-
-## Uninstalling the Chart
-
-To uninstall the helm deployment:
-
-```console
-helm uninstall gcp-opa-deploy
-```
-
-[Move-to-Top](#deploy-helm-chart)
diff --git a/devops/gcp/opa/values.yaml b/devops/gcp/opa/values.yaml
deleted file mode 100644
index e17bf7943037a264ea1f95d0fcf453c985c85c57..0000000000000000000000000000000000000000
--- a/devops/gcp/opa/values.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Default values for policy.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-data:
- requestsCpu: "0.1"
- requestsMemory: "128M"
- limitsCpu: "1"
- limitsMemory: "1G"
- image: "openpolicyagent/opa:0.46.0-rootless"
- imagePullPolicy: "IfNotPresent"
- serviceAccountName: "opa"
-
-conf:
- appName: "opa"
- configmap: "opa-config"
- envConfig: "opa-env-config"
- domain: ""
- minioSecretName: "policy-minio-secret"
- onPremEnabled: false
-
-istio:
- proxyCPU: "50m"
- proxyCPULimit: "500m"
- proxyMemory: "64Mi"
- proxyMemoryLimit: "512Mi"
diff --git a/devops/gcp/pipeline/override-stages.yml b/devops/gcp/pipeline/override-stages.yml
index 5c961ad58ff9ae903e671c93114589abc247f5a5..6ae934042875151683c6ca0f13eca1e78769f96d 100644
--- a/devops/gcp/pipeline/override-stages.yml
+++ b/devops/gcp/pipeline/override-stages.yml
@@ -4,79 +4,11 @@ variables:
OSDU_GCP_SERVICE: policy
OSDU_GCP_VENDOR: gcp
OSDU_GCP_ENABLE_BOOTSTRAP: "true"
- OSDU_GCP_OPA_CONFIG_SERVICE: opa-config
- OSDU_GCP_OPA_SERVICE: opa
- OSDU_GCP_HELM_OPA_DIR: "devops/gcp/opa"
- OSDU_GCP_HELM_OPA_CONFIG_DIR: "devops/gcp/configmap_opa"
OSDU_GCP_INT_TEST_TYPE: python
OSDU_GCP_PYTHON_INT_TEST_SUBDIR: "app/tests/gcp"
OSDU_ANTHOS_PYTHON_INT_TEST_SUBDIR: "app/tests/anthos"
-
-osdu-gcp-helm-charts-master:
- script:
- - helm cm-push $OSDU_GCP_HELM_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_DEPLOYMENT_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --username gitlab-ci-token --password $CI_JOB_TOKEN
-
-osdu-gcp-helm-charts-release:
- script:
- - !reference [.define_version, script]
- - helm cm-push $OSDU_GCP_HELM_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_DEPLOYMENT_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
- - helm cm-push $OSDU_GCP_HELM_OPA_CONFIG_DIR ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable --version $VERSION --username gitlab-ci-token --password $CI_JOB_TOKEN
-
-osdu-gcp-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
-osdu-gcp-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-variables
- needs: ["osdu-gcp-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
+ # FIXME remove when all services are migrated to a single helm
+ OSDU_GCP_ENABLE_HELM_CONFIG: "false"
osdu-gcp-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
@@ -88,53 +20,6 @@ osdu-gcp-test-python:
LEGAL_BASE_URL: $HOST
PARTITION_BASE_URL: $HOST
-osdu-gcp-dev2-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-dev2-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEV2_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: on_success
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
-osdu-gcp-dev2-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-dev2-variables
- needs: ["osdu-gcp-dev2-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_DEV2_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: on_success
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
osdu-gcp-dev2-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
variables:
@@ -145,58 +30,6 @@ osdu-gcp-dev2-test-python:
LEGAL_BASE_URL: $HOST
PARTITION_BASE_URL: $HOST
-osdu-gcp-anthos-deploy-configmap-opa:
- tags: ["osdu-small"]
- extends: .osdu-gcp-anthos-variables
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- needs: ["osdu-gcp-containerize-gitlab"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- --set conf.onPremEnabled=true
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
-osdu-gcp-anthos-deploy-opa:
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy
- cache: {}
- extends: .osdu-gcp-anthos-variables
- needs: ["osdu-gcp-anthos-deploy-configmap-opa"]
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
- - !reference [.common_config, script]
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set conf.onPremEnabled=true
- - !reference [.verify_deploy, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
- when: never
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: never
- - if: '$OSDU_GCP == "1"'
- when: on_success
-
osdu-gcp-anthos-test-python:
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
variables:
@@ -209,53 +42,3 @@ osdu-gcp-anthos-test-python:
MINIO_ENDPOINT: $TEST_MINIO_URL
MINIO_ACCESS_KEY: $TEST_MINIO_ACCESS_KEY
MINIO_SECRET_KEY: $OSDU_GCP_TEST_MINIO_SECRET_KEY
-
-osdu-gcp-preship-deploy-configmap-opa:
- extends: .osdu-gcp-preship-variables
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy_preship
- needs:
- - osdu-gcp-preship-deploy-configmap
- - osdu-gcp-preship-deploy-deployment
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_PRESHIP_DEPLOY_FILE
- - !reference [.common_config, script]
- - !reference [.define_version, script]
- - helm upgrade $OSDU_GCP_OPA_CONFIG_SERVICE $OSDU_GCP_HELM_OPA_CONFIG_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.bucketName=$OSDU_GCP_POLICY_BUCKET
- --set data.dataPartitionId=$DATA_PARTITION_ID
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success
-
-osdu-gcp-preship-deploy-deployment-opa:
- extends: .osdu-gcp-preship-variables
- tags: ["osdu-small"]
- image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
- stage: deploy_preship
- needs:
- - osdu-gcp-preship-deploy-configmap
- - osdu-gcp-preship-deploy-configmap-opa
- script:
- - gcloud auth activate-service-account --key-file $OSDU_GCP_PRESHIP_DEPLOY_FILE
- - !reference [.common_config, script]
- - !reference [.define_version, script]
- - helm repo add $OSDU_GCP_SERVICE ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
- - helm upgrade $OSDU_GCP_OPA_SERVICE $OSDU_GCP_HELM_OPA_DIR
- --install
- --create-namespace
- --namespace=$OSDU_GCP_HELM_NAMESPACE
- --wait
- --history-max=3
- --set data.serviceAccountName=$OSDU_GCP_OPA_SERVICE-k8s
- - !reference [.verify_deploy, script]
- - !reference [.verify_bootstrap, script]
- rules:
- - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
- when: on_success