blob: 70f3e9e6a7dedaf543cc793945499feb70b00f48 [file] [log] [blame]
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for traversal.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
aafEnabled: true
cassandra:
#Service Name of the cassandra cluster to connect to.
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
# Specifies a list of jobs to be run
jobs:
# When enabled, it will create the schema based on oxm and edge rules
createSchema:
enabled: true
# When enabled, it will create the widget models via REST API to haproxy
updateQueryData:
enabled: true
#migration using helm hooks
migration:
enabled: false
# Common configuration for resources traversal and graphadmin
config:
# User information for the admin user in container
userId: 1000
groupId: 1000
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
cluster:
cassandra:
dynamic: true
# Specifies if the basic authorization is enabled
basic:
auth:
enabled: true
username: AAI
passwd: AAI
# Active spring profiles for the resources microservice
profiles:
active: production,dmaap #,aaf-auth ,keycloak
# Notification event specific properties
notification:
eventType: AAI-EVENT
domain: dev
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
source:
# Specifies which folder to take a look at
name: onap
uri:
# Base URI Path of the application
base:
path: /aai
version:
# Current version of the REST API
api:
default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
# Specifies from which version the app root change happened
app:
root: v11
# Specifies from which version the xml namespace changed
namespace:
change: v12
# Specifies from which version the edge label appeared in API
edge:
label: v12
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,MSO,SO,robot-ete
#################################################################
# Certificate configuration
#################################################################
certInitializer:
nameOverride: aai-traversal-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: aai-traversal
fqi: aai-traversal@aai-traversal.onap.org
public_fqdn: aai-traversal.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-traversal
aaf_add_config: |
echo "*** changing them into shell safe ones"
export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
cd {{ .Values.credsPath }}
keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-storepass "${cadi_keystore_password_p12}" \
-keystore {{ .Values.fqi_namespace }}.p12
keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
-storepass "${cadi_truststore_password}" \
-keystore {{ .Values.fqi_namespace }}.trust.jks
echo "*** save the generated passwords"
echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
echo "*** change ownership of certificates to targeted user"
chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-traversal:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
type: RollingUpdate
# The number of pods that can be unavailable during the update process
maxUnavailable: 0
# The number of pods that can be created above the desired amount of pods during an update
maxSurge: 1
api_list:
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
aai_enpoints:
- name: aai-generic-query
url: search/generic-query
- name: aai-nodes-query
url: search/nodes-query
- name: aai-nquery
url: query
# application configuration
config:
# configure keycloak according to your environment.
# don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
host: keycloak.your.domain
port: 8180
# Specifies a set of users, credentials, roles, and groups
realm: aai-traversal
# Used by any client application for enabling fine-grained authorization for their protected resources
resource: aai-traversal-app
# If set to true, additional criteria will be added into traversal query to returns all the vertices that match
# the data-owner property with the given role to the user in keycloak
multiTenancy:
enabled: true
# Specifies timeout information such as application specific and limits
timeout:
# If set to true application will timeout for queries taking longer than limit
enabled: true
# Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout
appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1
# Specifies how long should it wait before timing out the REST request
limit: 180000
# Disables the updateQueryData script to run as part of traversal
disableUpdateQuery: true
# Override of the DSL Timeout Limit
dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA'
dsl:
# Dsl timeout configuration
timeout:
# Whether or not the dsl is enabled
enabled: true
# Default time limit of the DSL query
limit: 150000
# App Specific Timeout Limit for each of the X-FromAppId
appspecific:
- JUNITTESTAPP1,1
- JUNITTESTAPP2,-1
- AAI-TOOLS,-1
- DCAE-CCS,1200000
- DCAES,1200000
- VPESAT,-1
- AAI-CACHER,-1
- VidAaiController,300000
- AAI-UI,180000
persistence:
mountPath: /dockerdata-nfs
mountSubPath: aai/aai-traversal
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 60
periodSeconds: 60
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: false
readiness:
initialDelaySeconds: 10
periodSeconds: 10
service:
type: ClusterIP
portName: http
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
ingress:
enabled: false
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 3Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
cpu: 2
memory: 4Gi
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: aai-traversal
roles:
- read