| # Copyright (c) 2017 Amdocs, Bell Canada |
| # Modifications Copyright (c) 2018 AT&T |
| # Modifications Copyright (c) 2020 Nokia, Orange |
| # Modifications Copyright (c) 2021 Orange |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Default values for aai. |
| # This is a YAML-formatted file. |
| # Declare variables to be passed into your templates. |
| global: # global defaults |
| nodePortPrefix: 302 |
| repository: nexus3.onap.org:10001 |
| dockerhubRepository: docker.io |
| busyboxImage: busybox |
| |
| readinessImage: onap/oom/readiness:3.0.1 |
| |
| loggingRepository: docker.elastic.co |
| loggingImage: beats/filebeat:5.5.0 |
| |
| restartPolicy: Always |
| |
| aafEnabled: true |
| msbEnabled: true |
| centralizedLoggingEnabled: true |
| |
| cassandra: |
| #This will instantiate AAI cassandra cluster, default:shared cassandra. |
| localCluster: false |
| |
| #Service Name of the cassandra cluster to connect to. |
| #Override it to aai-cassandra if localCluster is enabled. |
| serviceName: cassandra |
| |
| #This should be same as shared cassandra instance or if localCluster is enabled |
| #then it should be same as aai-cassandra replicaCount |
| replicas: 3 |
| |
| #Cassanara login details |
| username: cassandra |
| password: cassandra |
| |
| aai: |
| serviceName: aai |
| babel: |
| serviceName: aai-babel |
| aaiElasticsearch: |
| serviceName: aai-elasticsearch |
| resources: |
| serviceName: aai-resources |
| sparkyBe: |
| serviceName: aai-sparky-be |
| dataRouter: |
| serviceName: aai-data-router |
| gizmo: |
| serviceName: aai-gizmo |
| modelloader: |
| serviceName: aai-modelloader |
| searchData: |
| serviceName: aai-search-data |
| traversal: |
| serviceName: aai-traversal |
| graphadmin: |
| serviceName: aai-graphadmin |
| spike: |
| serviceName: aai-spike |
| |
| initContainers: |
| enabled: true |
| # Specifies a list of jobs to be run |
| jobs: |
| # When enabled, it will create the schema based on oxm and edge rules |
| createSchema: |
| enabled: true |
| # When enabled, it will create the widget models via REST API to haproxy |
| updateQueryData: |
| enabled: true |
| #migration using helm hooks |
| migration: |
| enabled: false |
| remoteCassandra: |
| enabled: false |
| storage: |
| backend: cassandra |
| hostname: 10.10.10.10 |
| connectionTimeout: 100000 |
| cacheSize: 1000000 |
| keyConsistent: true |
| |
| #If backend is cql or cassandra it should be keyspace name |
| #else backend is hbase it should be hbase table name |
| name: aaigraph |
| |
| ## CQL driver specific properties for janusgraph |
| # cql: |
| # #Name of the Cassandra Cluster |
| # cluster: someclustername |
| # readConsistency: QUORUM |
| # writeConsistency: QUORUM |
| # replicationFactor: 3 |
| # localConsistencyForSysOps: true |
| |
| ## Cassandra driver specific properties for janusgraph |
| cassandra: |
| #Name of the Cassandra Cluster |
| clusterName: aai-cluster |
| localDataCenter: Pod lab |
| readConsistency: LOCAL_QUORUM |
| writeConsistency: LOCAL_QUORUM |
| replicationFactor: 3 |
| |
| #storage: |
| # backend: cassandra |
| # hostname: somehost1,somehost2,somehost3 |
| # connectionTimeout: 100000 |
| # cacheSize: 1000000 |
| # clusterName: someClusterName |
| # localDataCenter: someDataCenter |
| # keyConsistent: true |
| # #If backend is cql or cassandra it should be keyspace name |
| # #else backend is hbase it should be hbase table name |
| # name: your_hbase_table_or_keyspace_name |
| |
| ## CQL driver specific properties for janusgraph |
| # cql: |
| # #Name of the Cassandra Cluster |
| # cluster: someclustername |
| # readConsistency: QUORUM |
| # writeConsistency: QUORUM |
| # replicationFactor: 3 |
| # localConsistencyForSysOps: true |
| |
| ## Cassandra driver specific properties for janusgraph |
| # cassandra: |
| # #Name of the Cassandra Cluster |
| # cluster: someclustername |
| # readConsistency: LOCAL_QUORUM |
| # writeConsistency: LOCAL_QUORUM |
| # replicationFactor: 3 |
| |
| |
| # Common configuration for resources traversal and graphadmin |
| config: |
| # User information for the admin user in container |
| userId: 1000 |
| groupId: 1000 |
| |
| # Specifies that the cluster connected to a dynamic |
| # cluster being spinned up by kubernetes deployment |
| cluster: |
| cassandra: |
| dynamic: true |
| |
| # If cluster.cassandra.dynamic is set to false |
| # Then the following configuration should be uncommented |
| # This is if you are planning to connect to a existing |
| # Cassandra cluster instead of doing the deployment |
| #storage: |
| # backend: cassandra |
| # hostname: somehost1,somehost2,somehost3 |
| # connectionTimeout: 100000 |
| # cacheSize: 1000000 |
| # clusterName: someClusterName |
| # localDataCenter: someDataCenter |
| # keyConsistent: true |
| # # If backend is cql or cassandra it should be keyspace name |
| # # else backend is hbase it should be hbase table name |
| # name: your_hbase_table_or_keyspace_name |
| |
| # # CQL driver specific properties for janusgraph |
| # cql: |
| # # Name of the Cassandra Cluster |
| # cluster: someclustername |
| # readConsistency: QUORUM |
| # writeConsistency: QUORUM |
| # replicationFactor: 3 |
| # localConsistencyForSysOps: true |
| |
| # # Cassandra driver specific properties for janusgraph |
| # cassandra: |
| # # Name of the Cassandra Cluster |
| # cluster: someclustername |
| # readConsistency: LOCAL_QUORUM |
| # writeConsistency: LOCAL_QUORUM |
| # replicationFactor: 3 |
| |
| # Specifies if the basic authorization is enabled |
| basic: |
| auth: |
| enabled: true |
| username: AAI |
| passwd: AAI |
| |
| # Active spring profiles for the resources microservice |
| # aaf-auth profile will be automatically set if aaf enabled is set to true |
| profiles: |
| active: production,dmaap #,aaf-auth |
| |
| # Notification event specific properties |
| notification: |
| eventType: AAI-EVENT |
| domain: dev |
| |
| # Schema specific properties that include supported versions of api |
| schema: |
| # Specifies if the connection should be one way ssl, two way ssl or no auth |
| # will be set to no-auth if tls is disabled |
| service: |
| client: one-way-ssl |
| # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service |
| translator: |
| list: schema-service |
| source: |
| # Specifies which folder to take a look at |
| name: onap |
| uri: |
| # Base URI Path of the application |
| base: |
| path: /aai |
| version: |
| # Current version of the REST API |
| api: |
| default: v27 |
| # Specifies which version the depth parameter is configurable |
| depth: v11 |
| # List of all the supported versions of the API |
| list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 |
| # Specifies from which version related link should appear |
| related: |
| link: v11 |
| # Specifies from which version the app root change happened |
| app: |
| root: v11 |
| # Specifies from which version the xml namespace changed |
| namespace: |
| change: v12 |
| # Specifies from which version the edge label appeared in API |
| edge: |
| label: v12 |
| |
| # Keystore configuration password and filename |
| keystore: |
| filename: aai_keystore |
| passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit |
| |
| # Truststore configuration password and filename |
| truststore: |
| filename: aai_keystore |
| passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit |
| |
| # Specifies a list of files to be included in auth volume |
| auth: |
| files: |
| - aai_keystore |
| |
| # Specifies which clients should always default to realtime graph connection |
| realtime: |
| clients: SDNC,MSO,SO,robot-ete |
| |
| # Logback debug enabled |
| logback: |
| console: |
| # If enabled, container will print all logback to standard output |
| # This will make debugging much easier but it should only be done |
| # when debugging the issue and changed back as it can affect performance |
| # since when this is enabled, it prints a lot of information to console |
| enabled: false |
| |
| aaiSdcListenerKafkaUser: aai-sdc-list-user |
| |
| aai-babel: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| aai-graphadmin: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| aai-modelloader: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| config: |
| jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}' |
| aai-resources: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| aai-schema-service: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| aai-sparky-be: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| aai-traversal: |
| logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| |
| ################################################################# |
| # Certificate configuration |
| ################################################################# |
| certInitializer: |
| nameOverride: aai-cert-initializer |
| aafDeployFqi: deployer@people.osaaf.org |
| aafDeployPass: demo123456! |
| # aafDeployCredsExternalSecret: some secret |
| fqdn: "aai" |
| app_ns: "org.osaaf.aaf" |
| fqi_namespace: "org.onap.aai" |
| fqi: "aai@aai.onap.org" |
| public_fqdn: "aaf.osaaf.org" |
| cadi_longitude: "0.0" |
| cadi_latitude: "0.0" |
| credsPath: /opt/app/osaaf/local |
| aaf_add_config: | |
| echo "*** transform AAF certs into pem files" |
| mkdir -p {{ .Values.credsPath }}/certs |
| keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ |
| -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ |
| -alias ca_local_0 \ |
| -storepass $cadi_truststore_password |
| openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ |
| -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ |
| -passin pass:$cadi_keystore_password_p12 \ |
| -passout pass:$cadi_keystore_password_p12 |
| echo "*** generating needed file" |
| cat {{ .Values.credsPath }}/certs/cert.pem \ |
| {{ .Values.credsPath }}/certs/cacert.pem \ |
| {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ |
| > {{ .Values.credsPath }}/certs/fullchain.pem; |
| chown 1001 {{ .Values.credsPath }}/certs/* |
| |
| # application image |
| dockerhubRepository: registry.hub.docker.com |
| image: onap/aai-haproxy:1.9.5 |
| pullPolicy: Always |
| |
| flavor: small |
| flavorOverride: small |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # application configuration |
| config: |
| logstashServiceName: log-ls |
| logstashPort: 5044 |
| |
| # default number of instances |
| replicaCount: 1 |
| |
| updateStrategy: |
| type: RollingUpdate |
| maxUnavailable: 0 |
| maxSurge: 1 |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns |
| haproxy: |
| initContainers: |
| resources: |
| memory: 100Mi |
| cpu: 50m |
| requestBlocking: |
| enabled: false |
| customConfigs: [] |
| replicas: |
| aaiResources: 1 |
| aaiTraversal: 1 |
| |
| # probe configuration parameters |
| liveness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: true |
| |
| #This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use. |
| #Below command will instantiate the aai cassandra instances: |
| #helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \ |
| # --set aai.global.cassandra.localCluster=true \ |
| # --set aai.global.cassandra.serviceName=aai-cassandra |
| cassandra: |
| nameOverride: aai-cassandra |
| serviceAccount: |
| nameOverride: aai-cassandra |
| replicaCount: 3 |
| service: |
| name: aai-cassandra |
| persistence: |
| mountSubPath: aai/cassandra |
| enabled: true |
| |
| readiness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| |
| service: |
| type: NodePort |
| portName: http |
| externalPort: 8443 |
| internalPort: 8443 |
| nodePort: 33 |
| externalPlainPort: 80 |
| internalPlainPort: 8080 |
| nodeport: 33 |
| aaiServiceClusterIp: |
| sessionAffinity: None |
| |
| metricsService: |
| type: ClusterIP |
| portName: prometheus |
| externalPort: 8448 |
| internalPort: 8448 |
| |
| metrics: |
| serviceMonitor: |
| enabled: false |
| targetPort: 8448 |
| path: /metrics |
| basicAuth: |
| enabled: false |
| |
| selector: |
| app: '{{ include "common.name" . }}-metrics' |
| chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' |
| release: '{{ include "common.release" . }}' |
| heritage: '{{ .Release.Service }}' |
| |
| relabelings: [] |
| |
| metricRelabelings: [] |
| |
| ingress: |
| enabled: false |
| service: |
| - baseaddr: "aai-api" |
| name: "aai" |
| port: 8443 |
| plain_port: 80 |
| config: |
| ssl: "redirect" |
| |
| resources: |
| small: |
| limits: |
| cpu: 2 |
| memory: 4Gi |
| requests: |
| cpu: 1 |
| memory: 1Gi |
| large: |
| limits: |
| cpu: 4 |
| memory: 8Gi |
| requests: |
| cpu: 2 |
| memory: 2Gi |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: aai |
| roles: |
| - read |