blob: 9e05c47bdf3029ad783e0b04a225f027de44015e [file] [log] [blame]
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefixExt: 304
persistence: {}
useStrimziKafkaPf: set-via-parent-chart-global-value
postgres:
localCluster: false
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- uid: restserver-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- uid: api-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
login: '{{ .Values.healthCheckRestClient.api.user }}'
password: '{{ .Values.healthCheckRestClient.api.password }}'
passwordPolicy: required
- uid: distribution-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
envs:
- name: sasl.jaas.config
value: '{{ .Values.config.someConfig }}'
policy: generate
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/policy-pap:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
db:
user: policy-user
password: policy_user
service:
name: policy-mariadb
pgName: policy-pg-primary
internalPort: 3306
internalPgPort: 5432
restServer:
user: policyadmin
password: zb!XztG34
healthCheckRestClient:
api:
user: policyadmin
password: none
distribution:
user: healthcheck
password: zb!XztG34
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
port: http-api
readiness:
initialDelaySeconds: 10
periodSeconds: 120
port: http-api
api: /policy/pap/v1/healthcheck
successThreshold: 1
failureThreshold: 3
timeout: 60
service:
type: ClusterIP
name: policy-pap
ports:
- name: http-api
port: 6969
- name: debug-port
port: 5005
protocol: TCP
ingress:
enabled: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- serviceAccount: message-router-read
- serviceAccount: portal-app-read
flavor: small
resources:
small:
limits:
cpu: "1"
memory: "1Gi"
requests:
cpu: "0.5"
memory: "1Gi"
large:
limits:
cpu: "2"
memory: "2Gi"
requests:
cpu: "1"
memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: policy-pap
roles:
- read
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
# The default operator for prometheus enforces the below label.
labels:
release: prometheus
enabled: true
port: http-api
interval: 60s
isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-pap-user-creds
externalSecretUserKey: login
externalSecretPasswordKey: password
# application configuration
config:
# Event consumption (kafka) properties
useStrimziKafkaPf: true
kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
topics:
policyHeartbeat: policy-heartbeat
policyNotification: policy-notification
policyPdpPap: policy-pdp-pap
consumer:
groupId: policy-pap
app:
listener:
policyPdpPapTopic: policy-pdp-pap
dmaap:
topics:
policyHeartbeat: POLICY-HEARTBEAT
policyNotification: POLICY-NOTIFICATION
policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# eventConsumption:
# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
# spring.kafka.security.protocol: PLAINTEXT
# spring.kafka.consumer.group-id: policy-group
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
kafkaUser:
authenticationType: scram-sha-512
acls:
- name: policy-pap
type: group
operations: [Create, Describe, Read, Write]
- name: policy-pdp-pap
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
- name: policy-heartbeat
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
- name: policy-notification
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
readinessCheck:
wait_for:
- message-router