kubernetes/policy/components/policy-pap/values.yaml - onap/oom - Gitiles

 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
 #   Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
 #   Modifications Copyright © 2022 Nordix Foundation
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================

 #################################################################
 # Global configuration defaults.
 #################################################################
 global:
   nodePortPrefixExt: 304
   persistence: {}
   aafEnabled: true

 #################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
   - uid: db-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
   - uid: restserver-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
     login: '{{ .Values.restServer.user }}'
     password: '{{ .Values.restServer.password }}'
     passwordPolicy: required
   - uid: api-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
     login: '{{ .Values.healthCheckRestClient.api.user }}'
     password: '{{ .Values.healthCheckRestClient.api.password }}'
     passwordPolicy: required
   - uid: distribution-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
     login: '{{ .Values.healthCheckRestClient.distribution.user }}'
     password: '{{ .Values.healthCheckRestClient.distribution.password }}'
     passwordPolicy: required
   - uid: keystore-password
     type: password
     externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.keyStorePassword }}'
     passwordPolicy: required
   - uid: truststore-password
     type: password
     externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.trustStorePassword }}'
     passwordPolicy: required
   - uid: policy-kafka-user
     externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
     type: genericKV
     envs:
       - name: sasl.jaas.config
         value: '{{ .Values.config.someConfig }}'
         policy: generate

 certStores:
   keyStorePassword: Pol1cy_0nap
   trustStorePassword: Pol1cy_0nap

 certInitializer:
   nameOverride: policy-pap-cert-initializer
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: policy
   fqi: policy@policy.onap.org
   public_fqdn: policy.onap.org
   cadi_latitude: "0.0"
   cadi_longitude: "0.0"
   credsPath: /opt/app/osaaf/local
   app_ns: org.osaaf.aaf
   uid: 100
   gid: 101
   aaf_add_config: >
     echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
     echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
     chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});


 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 image: onap/policy-pap:2.8.1
 pullPolicy: Always

 # flag to enable debugging - application support required
 debugEnabled: false

 # application configuration

 db:
   user: policy_user
   password: policy_user
   service:
     name: policy-mariadb
     internalPort: 3306

 restServer:
   user: policyadmin
   password: zb!XztG34

 healthCheckRestClient:
   api:
     user: policyadmin
     password: none
   distribution:
     user: healthcheck
     password: zb!XztG34

 # default number of instances
 replicaCount: 1

 nodeSelector: {}

 affinity: {}

 # probe configuration parameters
 liveness:
   initialDelaySeconds: 60
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
   port: http-api

 readiness:
   initialDelaySeconds: 10
   periodSeconds: 120
   port: http-api
   api: /policy/pap/v1/healthcheck
   successThreshold: 1
   failureThreshold: 3
   timeout: 60

 service:
   type: ClusterIP
   name: policy-pap
   useNodePortExt: true
   ports:
   - name: http-api
     port: 6969
     nodePort: 42

 ingress:
   enabled: false

 flavor: small
 resources:
   small:
     limits:
       cpu: 1
       memory: 4Gi
     requests:
       cpu: 100m
       memory: 1Gi
   large:
     limits:
       cpu: 2
       memory: 8Gi
     requests:
       cpu: 200m
       memory: 2Gi
   unlimited: {}

 #Pods Service Account
 serviceAccount:
   nameOverride: policy-pap
   roles:
     - read

 metrics:
   serviceMonitor:
     # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
     # The default operator for prometheus enforces the below label.
     labels:
       release: prometheus
     enabled: true
     port: http-api
     interval: 60s
     isHttps: true
     basicAuth:
       enabled: true
       externalSecretNameSuffix: policy-pap-user-creds
       externalSecretUserKey: login
       externalSecretPasswordKey: password

 # application configuration
 config:
 # Event consumption (kafka) properties
   useStrimziKafka: true
   kafkaBootstrap: strimzi-kafka-bootstrap
   kafka:
     consumer:
       groupId: policy-group
   app:
     listener:
       policyPdpPapTopic: policy-pdp-pap
 # If targeting a custom kafka cluster, ie useStrimziKakfa: false
 # uncomment below config and target your kafka bootstrap servers,
 # along with any other security config.
 #
 # eventConsumption:
 #   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
 #   spring.kafka.security.protocol: PLAINTEXT
 #   spring.kafka.consumer.group-id: policy-group
 #
 # Any new property can be added in the env by setting in overrides in the format mentioned below
 # All the added properties must be in "key: value" format instead of yaml.
	# ============LICENSE_START=======================================================
	# Copyright (C) 2019 Nordix Foundation.
	# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
	# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
	# Modifications Copyright © 2022 Nordix Foundation
	# ================================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	# SPDX-License-Identifier: Apache-2.0
	# ============LICENSE_END=========================================================

	#################################################################
	# Global configuration defaults.
	#################################################################
	global:
	nodePortPrefixExt: 304
	persistence: {}
	aafEnabled: true

	#################################################################
	# Secrets metaconfig
	#################################################################
	secrets:
	- uid: db-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
	login: '{{ .Values.db.user }}'
	password: '{{ .Values.db.password }}'
	passwordPolicy: required
	- uid: restserver-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
	login: '{{ .Values.restServer.user }}'
	password: '{{ .Values.restServer.password }}'
	passwordPolicy: required
	- uid: api-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
	login: '{{ .Values.healthCheckRestClient.api.user }}'
	password: '{{ .Values.healthCheckRestClient.api.password }}'
	passwordPolicy: required
	- uid: distribution-secret
	type: basicAuth
	externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
	login: '{{ .Values.healthCheckRestClient.distribution.user }}'
	password: '{{ .Values.healthCheckRestClient.distribution.password }}'
	passwordPolicy: required
	- uid: keystore-password
	type: password
	externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
	password: '{{ .Values.certStores.keyStorePassword }}'
	passwordPolicy: required
	- uid: truststore-password
	type: password
	externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
	password: '{{ .Values.certStores.trustStorePassword }}'
	passwordPolicy: required
	- uid: policy-kafka-user
	externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
	type: genericKV
	envs:
	- name: sasl.jaas.config
	value: '{{ .Values.config.someConfig }}'
	policy: generate

	certStores:
	keyStorePassword: Pol1cy_0nap
	trustStorePassword: Pol1cy_0nap

	certInitializer:
	nameOverride: policy-pap-cert-initializer
	aafDeployFqi: deployer@people.osaaf.org
	aafDeployPass: demo123456!
	fqdn: policy
	fqi: policy@policy.onap.org
	public_fqdn: policy.onap.org
	cadi_latitude: "0.0"
	cadi_longitude: "0.0"
	credsPath: /opt/app/osaaf/local
	app_ns: org.osaaf.aaf
	uid: 100
	gid: 101
	aaf_add_config: >
	echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
	echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
	chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});


	#################################################################
	# Application configuration defaults.
	#################################################################
	# application image
	image: onap/policy-pap:2.8.1
	pullPolicy: Always

	# flag to enable debugging - application support required
	debugEnabled: false

	# application configuration

	db:
	user: policy_user
	password: policy_user
	service:
	name: policy-mariadb
	internalPort: 3306

	restServer:
	user: policyadmin
	password: zb!XztG34

	healthCheckRestClient:
	api:
	user: policyadmin
	password: none
	distribution:
	user: healthcheck
	password: zb!XztG34

	# default number of instances
	replicaCount: 1

	nodeSelector: {}

	affinity: {}

	# probe configuration parameters
	liveness:
	initialDelaySeconds: 60
	periodSeconds: 10
	# necessary to disable liveness probe when setting breakpoints
	# in debugger so K8s doesn't restart unresponsive container
	enabled: true
	port: http-api

	readiness:
	initialDelaySeconds: 10
	periodSeconds: 120
	port: http-api
	api: /policy/pap/v1/healthcheck
	successThreshold: 1
	failureThreshold: 3
	timeout: 60

	service:
	type: ClusterIP
	name: policy-pap
	useNodePortExt: true
	ports:
	- name: http-api
	port: 6969
	nodePort: 42

	ingress:
	enabled: false

	flavor: small
	resources:
	small:
	limits:
	cpu: 1
	memory: 4Gi
	requests:
	cpu: 100m
	memory: 1Gi
	large:
	limits:
	cpu: 2
	memory: 8Gi
	requests:
	cpu: 200m
	memory: 2Gi
	unlimited: {}

	#Pods Service Account
	serviceAccount:
	nameOverride: policy-pap
	roles:
	- read

	metrics:
	serviceMonitor:
	# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
	# The default operator for prometheus enforces the below label.
	labels:
	release: prometheus
	enabled: true
	port: http-api
	interval: 60s
	isHttps: true
	basicAuth:
	enabled: true
	externalSecretNameSuffix: policy-pap-user-creds
	externalSecretUserKey: login
	externalSecretPasswordKey: password

	# application configuration
	config:
	# Event consumption (kafka) properties
	useStrimziKafka: true
	kafkaBootstrap: strimzi-kafka-bootstrap
	kafka:
	consumer:
	groupId: policy-group
	app:
	listener:
	policyPdpPapTopic: policy-pdp-pap
	# If targeting a custom kafka cluster, ie useStrimziKakfa: false
	# uncomment below config and target your kafka bootstrap servers,
	# along with any other security config.
	#
	# eventConsumption:
	# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
	# spring.kafka.security.protocol: PLAINTEXT
	# spring.kafka.consumer.group-id: policy-group
	#
	# Any new property can be added in the env by setting in overrides in the format mentioned below
	# All the added properties must be in "key: value" format instead of yaml.