| # ============LICENSE_START======================================================= |
| # Copyright (C) 2019 Nordix Foundation. |
| # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. |
| # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. |
| # Modifications Copyright © 2022 Nordix Foundation |
| # ================================================================================ |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # ============LICENSE_END========================================================= |
| |
| ################################################################# |
| # Global configuration defaults. |
| ################################################################# |
| global: |
| nodePortPrefixExt: 304 |
| persistence: {} |
| useStrimziKafkaPf: set-via-parent-chart-global-value |
| postgres: |
| localCluster: false |
| |
| ################################################################# |
| # Secrets metaconfig |
| ################################################################# |
| secrets: |
| - uid: db-secret |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' |
| login: '{{ .Values.db.user }}' |
| password: '{{ .Values.db.password }}' |
| passwordPolicy: required |
| - uid: restserver-secret |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' |
| login: '{{ .Values.restServer.user }}' |
| password: '{{ .Values.restServer.password }}' |
| passwordPolicy: required |
| - uid: api-secret |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' |
| login: '{{ .Values.healthCheckRestClient.api.user }}' |
| password: '{{ .Values.healthCheckRestClient.api.password }}' |
| passwordPolicy: required |
| - uid: distribution-secret |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' |
| login: '{{ .Values.healthCheckRestClient.distribution.user }}' |
| password: '{{ .Values.healthCheckRestClient.distribution.password }}' |
| passwordPolicy: required |
| - uid: policy-kafka-user |
| externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' |
| type: genericKV |
| envs: |
| - name: sasl.jaas.config |
| value: '{{ .Values.config.someConfig }}' |
| policy: generate |
| |
| ################################################################# |
| # Application configuration defaults. |
| ################################################################# |
| # application image |
| image: onap/policy-pap:3.0.2 |
| pullPolicy: Always |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # application configuration |
| |
| db: |
| user: policy-user |
| password: policy_user |
| service: |
| name: policy-mariadb |
| pgName: policy-pg-primary |
| internalPort: 3306 |
| internalPgPort: 5432 |
| |
| restServer: |
| user: policyadmin |
| password: zb!XztG34 |
| |
| healthCheckRestClient: |
| api: |
| user: policyadmin |
| password: none |
| distribution: |
| user: healthcheck |
| password: zb!XztG34 |
| |
| # default number of instances |
| replicaCount: 1 |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # probe configuration parameters |
| liveness: |
| initialDelaySeconds: 60 |
| periodSeconds: 10 |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: true |
| port: http-api |
| |
| readiness: |
| initialDelaySeconds: 10 |
| periodSeconds: 120 |
| port: http-api |
| api: /policy/pap/v1/healthcheck |
| successThreshold: 1 |
| failureThreshold: 3 |
| timeout: 60 |
| |
| service: |
| type: ClusterIP |
| name: policy-pap |
| ports: |
| - name: http-api |
| port: 6969 |
| - name: debug-port |
| port: 5005 |
| protocol: TCP |
| |
| ingress: |
| enabled: false |
| |
| serviceMesh: |
| authorizationPolicy: |
| authorizedPrincipals: |
| - serviceAccount: message-router-read |
| - serviceAccount: portal-app-read |
| |
| flavor: small |
| resources: |
| small: |
| limits: |
| cpu: "1" |
| memory: "1Gi" |
| requests: |
| cpu: "0.5" |
| memory: "1Gi" |
| large: |
| limits: |
| cpu: "2" |
| memory: "2Gi" |
| requests: |
| cpu: "1" |
| memory: "2Gi" |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: policy-pap |
| roles: |
| - read |
| |
| metrics: |
| serviceMonitor: |
| # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. |
| # The default operator for prometheus enforces the below label. |
| labels: |
| release: prometheus |
| enabled: true |
| port: http-api |
| interval: 60s |
| isHttps: false |
| basicAuth: |
| enabled: true |
| externalSecretNameSuffix: policy-pap-user-creds |
| externalSecretUserKey: login |
| externalSecretPasswordKey: password |
| |
| # application configuration |
| config: |
| # Event consumption (kafka) properties |
| useStrimziKafkaPf: true |
| kafkaBootstrap: strimzi-kafka-bootstrap |
| kafka: |
| topics: |
| policyHeartbeat: policy-heartbeat |
| policyNotification: policy-notification |
| policyPdpPap: policy-pdp-pap |
| consumer: |
| groupId: policy-pap |
| app: |
| listener: |
| policyPdpPapTopic: policy-pdp-pap |
| |
| dmaap: |
| topics: |
| policyHeartbeat: POLICY-HEARTBEAT |
| policyNotification: POLICY-NOTIFICATION |
| policyPdpPap: POLICY-PDP-PAP |
| # If targeting a custom kafka cluster, ie useStrimziKakfa: false |
| # uncomment below config and target your kafka bootstrap servers, |
| # along with any other security config. |
| # |
| # eventConsumption: |
| # spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 |
| # spring.kafka.security.protocol: PLAINTEXT |
| # spring.kafka.consumer.group-id: policy-group |
| # |
| # Any new property can be added in the env by setting in overrides in the format mentioned below |
| # All the added properties must be in "key: value" format instead of yaml. |
| kafkaUser: |
| authenticationType: scram-sha-512 |
| acls: |
| - name: policy-pap |
| type: group |
| operations: [Create, Describe, Read, Write] |
| - name: policy-pdp-pap |
| type: topic |
| patternType: prefix |
| operations: [Create, Describe, Read, Write] |
| - name: policy-heartbeat |
| type: topic |
| patternType: prefix |
| operations: [Create, Describe, Read, Write] |
| - name: policy-notification |
| type: topic |
| patternType: prefix |
| operations: [Create, Describe, Read, Write] |
| |
| readinessCheck: |
| wait_for: |
| - message-router |