Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 57681130892505f513df6d0902cbed0335f9dd29 / . / kubernetes / policy / components / policy-xacml-pdp / values.yaml
blob: 18ddfdfebad61d2dc14d50b8f54bbb22ccf6f596 [file] [log] [blame]
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
persistence: {}
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- uid: restserver-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- uid: api-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/policy-xacml-pdp:3.1.3
pullPolicy: Always
componentName: &componentName policy-xacml-pdp
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
db:
user: policy-user
password: policy_user
service:
name: policy-mariadb
internalPort: 3306
restServer:
user: healthcheck
password: zb!XztG34
apiServer:
user: policyadmin
password: zb!XztG34
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 20
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 20
periodSeconds: 10
service:
type: ClusterIP
name: *componentName
internalPort: 6969
ports:
- name: http
port: 6969
ingress:
enabled: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- serviceAccount: dcae-datafile-collector-read
- serviceAccount: dcae-datalake-admin-ui-read
- serviceAccount: dcae-datalake-des-read
- serviceAccount: dcae-datalake-feeder-read
- serviceAccount: dcae-heartbeat-read
- serviceAccount: dcae-hv-ves-collector-read
- serviceAccount: dcae-kpi-ms-read
- serviceAccount: dcae-pm-mapper-read
- serviceAccount: dcae-pmsh-read
- serviceAccount: dcae-prh-read
- serviceAccount: dcae-restconf-collector-read
- serviceAccount: dcae-slice-analysis-ms-read
- serviceAccount: dcae-snmptrap-collector-read
- serviceAccount: dcae-son-handler-read
- serviceAccount: dcae-tcagen2-read
- serviceAccount: dcae-ves-collector-read
- serviceAccount: dcae-ves-mapper-read
- serviceAccount: dcae-ves-openapi-manager-read
- serviceAccount: strimzi-kafka-read
- serviceAccount: oof-read
- serviceAccount: sdnc-read
flavor: small
resources:
small:
limits:
cpu: "1"
memory: "1Gi"
requests:
cpu: "0.5"
memory: "1Gi"
large:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "2Gi"
unlimited: {}
securityContext:
user_id: 100
group_id: 102
dirSizes:
emptyDir:
sizeLimit: 1Gi
logDir:
sizeLimit: 500Mi
policyDir:
sizeLimit: 100Mi
#Pods Service Account
serviceAccount:
nameOverride: *componentName
roles:
- read
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
# The default operator for prometheus enforces the below label.
labels:
release: prometheus
enabled: true
port: policy-xacml-pdp
interval: 60s
isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
externalSecretUserKey: login
externalSecretPasswordKey: password
selector:
app: '{{ include "common.name" . }}'
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
config:
# Event consumption (kafka) properties
kafka:
consumer:
groupId: policy-xacml-pdp
app:
listener:
policyPdpPapTopic: policy-pdp-pap
# Strimzi Kafka config
kafkaUser:
authenticationType: scram-sha-512
acls:
- name: policy-xacml-pdp
type: group
operations: [ Create, Describe, Read, Write ]
- name: policy-pdp-pap
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]