kubernetes/policy/components/policy-pap/values.yaml - onap/oom - Gitiles

 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
 #   Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
 #   Modifications Copyright © 2022 Nordix Foundation
 #   Modifications Copyright © 2024 Deutsche Telekom
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================

 #################################################################
 # Global configuration defaults.
 #################################################################
 global:
   nodePortPrefixExt: 304
   persistence: {}
   postgres:
     localCluster: false

 #################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
   - uid: db-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
   - uid: restserver-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
     login: '{{ .Values.restServer.user }}'
     password: '{{ .Values.restServer.password }}'
     passwordPolicy: required
   - uid: api-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
     login: '{{ .Values.healthCheckRestClient.api.user }}'
     password: '{{ .Values.healthCheckRestClient.api.password }}'
     passwordPolicy: required
   - uid: distribution-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
     login: '{{ .Values.healthCheckRestClient.distribution.user }}'
     password: '{{ .Values.healthCheckRestClient.distribution.password }}'
     passwordPolicy: required
   - uid: policy-kafka-user
     externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
     type: genericKV
     envs:
       - name: sasl.jaas.config
         value: '{{ .Values.config.someConfig }}'
         policy: generate

 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 image: onap/policy-pap:3.1.3
 pullPolicy: Always

 # flag to enable debugging - application support required
 debugEnabled: false

 # application configuration

 db:
   user: policy-user
   password: policy_user
   service:
     name: policy-mariadb
     pgName: policy-pg-primary
     internalPort: 3306
     internalPgPort: 5432

 restServer:
   user: policyadmin
   password: zb!XztG34

 healthCheckRestClient:
   api:
     user: policyadmin
     password: none
   distribution:
     user: healthcheck
     password: zb!XztG34

 # default number of instances
 replicaCount: 1

 nodeSelector: {}

 affinity: {}

 # probe configuration parameters
 liveness:
   initialDelaySeconds: 60
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
   port: http-api

 readiness:
   initialDelaySeconds: 10
   periodSeconds: 120
   port: http-api
   api: /policy/pap/v1/healthcheck
   successThreshold: 1
   failureThreshold: 3
   timeout: 60

 service:
   type: ClusterIP
   name: policy-pap
   ports:
   - name: http-api
     port: 6969
   - name: debug-port
     port: 5005
     protocol: TCP

 ingress:
   enabled: false

 serviceMesh:
   authorizationPolicy:
     authorizedPrincipals:
       - serviceAccount: strimzi-kafka-read
       - serviceAccount: portal-app-read

 flavor: small
 resources:
   small:
     limits:
       cpu: "1"
       memory: "1Gi"
     requests:
       cpu: "0.5"
       memory: "1Gi"
   large:
     limits:
       cpu: "2"
       memory: "2Gi"
     requests:
       cpu: "1"
       memory: "2Gi"
   unlimited: {}

 securityContext:
   user_id: 100
   group_id: 102

 dirSizes:
   emptyDir:
     sizeLimit: 1Gi
   logDir:
     sizeLimit: 500Mi

 #Pods Service Account
 serviceAccount:
   nameOverride: policy-pap
   roles:
     - read

 metrics:
   serviceMonitor:
     # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
     # The default operator for prometheus enforces the below label.
     labels:
       release: prometheus
     enabled: true
     port: http-api
     interval: 60s
     isHttps: false
     basicAuth:
       enabled: true
       externalSecretNameSuffix: policy-pap-user-creds
       externalSecretUserKey: login
       externalSecretPasswordKey: password

 # application configuration
 config:
 # Event consumption (kafka) properties
   kafka:
     topics:
       policyHeartbeat: policy-heartbeat
       policyNotification: policy-notification
       policyPdpPap: policy-pdp-pap
     consumer:
       groupId: policy-pap
   app:
     listener:
       policyPdpPapTopic: policy-pdp-pap

 # If targeting a custom kafka cluster, ie useStrimziKakfa: false
 # uncomment below config and target your kafka bootstrap servers,
 # along with any other security config.
 #
 # eventConsumption:
 #   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
 #   spring.kafka.security.protocol: PLAINTEXT
 #   spring.kafka.consumer.group-id: policy-group
 #
 # Any new property can be added in the env by setting in overrides in the format mentioned below
 # All the added properties must be in "key: value" format instead of yaml.
 kafkaUser:
   authenticationType: scram-sha-512
   acls:
     - name: policy-pap
       type: group
       operations: [Create, Describe, Read, Write]
     - name: policy-pdp-pap
       type: topic
       patternType: prefix
       operations: [Create, Describe, Read, Write]
     - name: policy-heartbeat
       type: topic
       patternType: prefix
       operations: [Create, Describe, Read, Write]
     - name: policy-notification
       type: topic
       patternType: prefix
       operations: [Create, Describe, Read, Write]
	# ============LICENSE_START=======================================================
	# Copyright (C) 2019 Nordix Foundation.
	# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
	# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
	# Modifications Copyright © 2022 Nordix Foundation
	# Modifications Copyright © 2024 Deutsche Telekom
	# ================================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	# SPDX-License-Identifier: Apache-2.0
	# ============LICENSE_END=========================================================

	#################################################################
	# Global configuration defaults.
	#################################################################
	global:
	nodePortPrefixExt: 304
	persistence: {}
	postgres:
	localCluster: false

	#################################################################
	# Secrets metaconfig
	#################################################################
	secrets:
	- uid: db-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
	login: '{{ .Values.db.user }}'
	password: '{{ .Values.db.password }}'
	passwordPolicy: required
	- uid: restserver-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
	login: '{{ .Values.restServer.user }}'
	password: '{{ .Values.restServer.password }}'
	passwordPolicy: required
	- uid: api-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
	login: '{{ .Values.healthCheckRestClient.api.user }}'
	password: '{{ .Values.healthCheckRestClient.api.password }}'
	passwordPolicy: required
	- uid: distribution-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
	login: '{{ .Values.healthCheckRestClient.distribution.user }}'
	password: '{{ .Values.healthCheckRestClient.distribution.password }}'
	passwordPolicy: required
	- uid: policy-kafka-user
	externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
	type: genericKV
	envs:
	- name: sasl.jaas.config
	value: '{{ .Values.config.someConfig }}'
	policy: generate

	#################################################################
	# Application configuration defaults.
	#################################################################
	# application image
	image: onap/policy-pap:3.1.3
	pullPolicy: Always

	# flag to enable debugging - application support required
	debugEnabled: false

	# application configuration

	db:
	user: policy-user
	password: policy_user
	service:
	name: policy-mariadb
	pgName: policy-pg-primary
	internalPort: 3306
	internalPgPort: 5432

	restServer:
	user: policyadmin
	password: zb!XztG34

	healthCheckRestClient:
	api:
	user: policyadmin
	password: none
	distribution:
	user: healthcheck
	password: zb!XztG34

	# default number of instances
	replicaCount: 1

	nodeSelector: {}

	affinity: {}

	# probe configuration parameters
	liveness:
	initialDelaySeconds: 60
	periodSeconds: 10
	# necessary to disable liveness probe when setting breakpoints
	# in debugger so K8s doesn't restart unresponsive container
	enabled: true
	port: http-api

	readiness:
	initialDelaySeconds: 10
	periodSeconds: 120
	port: http-api
	api: /policy/pap/v1/healthcheck
	successThreshold: 1
	failureThreshold: 3
	timeout: 60

	service:
	type: ClusterIP
	name: policy-pap
	ports:
	- name: http-api
	port: 6969
	- name: debug-port
	port: 5005
	protocol: TCP

	ingress:
	enabled: false

	serviceMesh:
	authorizationPolicy:
	authorizedPrincipals:
	- serviceAccount: strimzi-kafka-read
	- serviceAccount: portal-app-read

	flavor: small
	resources:
	small:
	limits:
	cpu: "1"
	memory: "1Gi"
	requests:
	cpu: "0.5"
	memory: "1Gi"
	large:
	limits:
	cpu: "2"
	memory: "2Gi"
	requests:
	cpu: "1"
	memory: "2Gi"
	unlimited: {}

	securityContext:
	user_id: 100
	group_id: 102

	dirSizes:
	emptyDir:
	sizeLimit: 1Gi
	logDir:
	sizeLimit: 500Mi

	#Pods Service Account
	serviceAccount:
	nameOverride: policy-pap
	roles:
	- read

	metrics:
	serviceMonitor:
	# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
	# The default operator for prometheus enforces the below label.
	labels:
	release: prometheus
	enabled: true
	port: http-api
	interval: 60s
	isHttps: false
	basicAuth:
	enabled: true
	externalSecretNameSuffix: policy-pap-user-creds
	externalSecretUserKey: login
	externalSecretPasswordKey: password

	# application configuration
	config:
	# Event consumption (kafka) properties
	kafka:
	topics:
	policyHeartbeat: policy-heartbeat
	policyNotification: policy-notification
	policyPdpPap: policy-pdp-pap
	consumer:
	groupId: policy-pap
	app:
	listener:
	policyPdpPapTopic: policy-pdp-pap

	# If targeting a custom kafka cluster, ie useStrimziKakfa: false
	# uncomment below config and target your kafka bootstrap servers,
	# along with any other security config.
	#
	# eventConsumption:
	# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
	# spring.kafka.security.protocol: PLAINTEXT
	# spring.kafka.consumer.group-id: policy-group
	#
	# Any new property can be added in the env by setting in overrides in the format mentioned below
	# All the added properties must be in "key: value" format instead of yaml.
	kafkaUser:
	authenticationType: scram-sha-512
	acls:
	- name: policy-pap
	type: group
	operations: [Create, Describe, Read, Write]
	- name: policy-pdp-pap
	type: topic
	patternType: prefix
	operations: [Create, Describe, Read, Write]
	- name: policy-heartbeat
	type: topic
	patternType: prefix
	operations: [Create, Describe, Read, Write]
	- name: policy-notification
	type: topic
	patternType: prefix
	operations: [Create, Describe, Read, Write]