blob: d224aa6bc42e9adcf0e3ad37af3515979dc68c19 [file] [log] [blame]
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefixExt: 304
persistence: {}
aafEnabled: true
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- uid: keystore-password
type: password
externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.keyStorePassword }}'
passwordPolicy: required
- uid: truststore-password
type: password
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
- uid: runtime-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
login: '{{ .Values.config.policyAppUserName }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
envs:
- name: sasl.jaas.config
value: '{{ .Values.config.someConfig }}'
policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
trustStorePassword: Pol1cy_0nap
certInitializer:
nameOverride: policy-clamp-runtime-acm-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: policy
fqi: policy@policy.onap.org
public_fqdn: policy.onap.org
cadi_latitude: "0.0"
cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
uid: 100
gid: 101
aaf_add_config: >
echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/policy-clamp-runtime-acm:6.2.3
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
config:
policyAppUserName: runtimeUser
policyAppUserPassword: none
# Event consumption (kafka) properties
useStrimziKafka: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
groupId: policy-group
app:
listener:
acRuntimeTopic: policy.policy-acruntime-participant
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# eventConsumption:
# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
# spring.kafka.security.protocol: PLAINTEXT
# spring.kafka.consumer.group-id: policy-group
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
db:
user: policy_user
password: policy_user
service:
name: policy-mariadb
internalPort: 3306
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 20
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
port: http-api
readiness:
initialDelaySeconds: 20
periodSeconds: 10
port: http-api
service:
type: ClusterIP
name: policy-clamp-runtime-acm
useNodePortExt: true
ports:
- name: http-api
port: 6969
nodePort: 42
ingress:
enabled: false
flavor: small
resources:
small:
limits:
cpu: 1
memory: 4Gi
requests:
cpu: 100m
memory: 1Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 200m
memory: 2Gi
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: policy-clamp-runtime-acm
roles:
- read