kubernetes/aai/components/aai-traversal/values.yaml

# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for traversal.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global: # global defaults
  nodePortPrefix: 302
  kafkaBootstrap: strimzi-kafka-bootstrap
  aaiTravKafkaUser: aai-trav-kafka-user

  cassandra:
    #Service Name of the cassandra cluster to connect to.
    #Override it to aai-cassandra if localCluster is enabled.
    serviceName: cassandra

  # Specifies a list of jobs to be run
  jobs:
    # When enabled, it will create the schema based on oxm and edge rules
    createSchema:
      enabled: true
    # When enabled, it will create the widget models via REST API to haproxy
    updateQueryData:
      enabled: true
    #migration using helm hooks
    migration:
      enabled: false

  # Common configuration for resources traversal and graphadmin
  config:
    # User information for the admin user in container
    userId: 1000
    groupId: 1000

    # Specifies that the cluster connected to a dynamic
    # cluster being spinned up by kubernetes deployment
    cluster:
      cassandra:
        dynamic: true

    # Specifies if the basic authorization is enabled
    basic:
      auth:
        enabled: true
        username: AAI
        passwd: AAI

    # Active spring profiles for the resources microservice
    profiles:
      active: production,kafka

    # Notification event specific properties
    notification:
      eventType: AAI-EVENT
      domain: dev

    # Schema specific properties that include supported versions of api
    schema:
      # Specifies if the connection should be one way ssl, two way ssl or no auth
      service:
        client: no-auth
      # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
      translator:
        list: schema-service
      source:
        # Specifies which folder to take a look at
        name: onap
      uri:
        # Base URI Path of the application
        base:
          path: /aai
      version:
        # Current version of the REST API
        api:
          default: v29
        # Specifies which version the depth parameter is configurable
        depth: v11
        # List of all the supported versions of the API
        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
        # Specifies from which version related link should appear
        related:
          link: v11
        # Specifies from which version the app root change happened
        app:
          root: v11
        # Specifies from which version the xml namespace changed
        namespace:
          change: v12
        # Specifies from which version the edge label appeared in API
        edge:
          label: v12

    # Specifies which clients should always default to realtime graph connection
    realtime:
      clients: SDNC,MSO,SO,robot-ete
    kafkaBootstrap: strimzi-kafka-bootstrap
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}'
    someConfig: random
    aaiTopic: AAI-EVENT

# application image
image: onap/aai-traversal:1.14.4
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
  type: RollingUpdate
  # The number of pods that can be unavailable during the update process
  maxUnavailable: 0
  # The number of pods that can be created above the desired amount of pods during an update
  maxSurge: 1

api_list:
  - 11
  - 12
  - 13
  - 14
  - 15
  - 16
  - 17
  - 18
  - 19
  - 20
  - 21
  - 22
  - 23
  - 24
  - 25
  - 26
  - 27
  - 28
  - 29

aai_enpoints:
  - name: aai-generic-query
    url: search/generic-query
  - name: aai-nodes-query
    url: search/nodes-query
  - name: aai-nquery
    url: query

# application configuration
config:

  # configure keycloak according to your environment.
  # don't forget to add keycloak in active profiles above (global.config.profiles)
  keycloak:
    host: keycloak.your.domain
    port: 8180
    # Specifies a set of users, credentials, roles, and groups
    realm: aai-traversal
    # Used by any client application for enabling fine-grained authorization for their protected resources
    resource: aai-traversal-app
    # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
    # the data-owner property with the given role to the user in keycloak
    multiTenancy:
      enabled: true
  janusgraph:
    caching:
      # enable when running read-heavy workloads
      # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
      # modifications to graph done by other services (traversal) will only be visible
      # after time specified in db-cache-time
      enabled: true
      # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
      dbCacheTime: 180000 # in milliseconds
      dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
      dbCacheCleanWait: 20 # in milliseconds
    # temporarily enable this to update the graph storage version
    # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
    allowUpgrade: true

  # Specifies timeout information such as application specific and limits
  timeout:
    # If set to true application will timeout for queries taking longer than limit
    enabled: true
    # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout
    appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1
    # Specifies how long should it wait before timing out the REST request
    limit: 180000

  # environment variables added to the launch of the image in deployment
  env:
    MIN_HEAP_SIZE: "512m"
    MAX_HEAP_SIZE: "2g"
    MAX_METASPACE_SIZE: "512m"
    # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"

  # adds jvm args for remote debugging the application
  debug:
    enabled: false
    args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"

  # adds jvm args for remote profiling the application
  profiling:
    enabled: false
    args:
      - "-Dcom.sun.management.jmxremote"
      - "-Dcom.sun.management.jmxremote.ssl=false"
      - "-Dcom.sun.management.jmxremote.authenticate=false"
      - "-Dcom.sun.management.jmxremote.local.only=false"
      - "-Dcom.sun.management.jmxremote.port=9999"
      - "-Dcom.sun.management.jmxremote.rmi.port=9999"
      - "-Djava.rmi.server.hostname=127.0.0.1"

  # Disables the updateQueryData script to run as part of traversal
  disableUpdateQuery: true

  # Override of the DSL Timeout Limit
  dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA'

  dsl:
    # Dsl timeout configuration
    timeout:
      # Whether or not the dsl is enabled
      enabled: true
      # Default time limit of the DSL query
      limit: 150000
      # App Specific Timeout Limit for each of the X-FromAppId
      appspecific:
        - JUNITTESTAPP1,1
        - JUNITTESTAPP2,-1
        - AAI-TOOLS,-1
        - DCAE-CCS,1200000
        - DCAES,1200000
        - VPESAT,-1
        - AAI-CACHER,-1
        - VidAaiController,300000
        - AAI-UI,180000

persistence:
  mountPath: /dockerdata-nfs
  mountSubPath: aai/aai-traversal

# default number of instances
replicaCount: 1

# number of ReplicaSets that should be retained for the Deployment
revisionHistoryLimit: 2

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 60
  periodSeconds: 60
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

service:
  type: ClusterIP
  traversalPortName: http
  traversalPort: 8446
  debugPortName: tcp-5005
  debugPort: 5005
  metricsPortName: metrics
  metricsPort: 8448
  profilingPortName: jmx-9999
  profilingPort: 9999
  terminationGracePeriodSeconds: 60
  sessionAffinity: None

ingress:
  enabled: false

serviceMesh:
  authorizationPolicy:
    authorizedPrincipals:
      - serviceAccount: aai-read
      - serviceAccount: consul-read

# To make logback capping values configurable
logback:
  logToFileEnabled: false
  maxHistory: 7
  totalSizeCap: 6GB
  queueSize: 1000

accessLogback:
  logToFileEnabled: false
  livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
  maxHistory: 7
  totalSizeCap: 6GB

# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
  small:
    limits:
      cpu: "2"
      memory: "4Gi"
    requests:
      cpu: "1"
      memory: "3Gi"
  large:
    limits:
      cpu: "4"
      memory: "8Gi"
    requests:
      cpu: "2"
      memory: "4Gi"
  unlimited: {}

tracing:
  collector:
    baseUrl: http://jaeger-collector.istio-system:9411
  sampling:
    probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
  ignorePatterns:
    - /aai/util.*

endpoints:
  enabled: true
  health:
    enabled: true
  info:
    enabled: true

metrics:
  serviceMonitor:
    enabled: false
    targetPort: 8448
    path: /actuator/prometheus
    basicAuth:
      enabled: false
      externalSecretName: mysecretname
      externalSecretUserKey: login
      externalSecretPasswordKey: password

    ## Namespace in which Prometheus is running
    ##
    # namespace: monitoring

    ## Interval at which metrics should be scraped.
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    #interval: 30s

    ## Timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    # scrapeTimeout: 10s

    ## ServiceMonitor selector labels
    ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
    ##
    selector:
      app: '{{ include "common.name" . }}'
      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
      release: '{{ include "common.release" . }}'
      heritage: '{{ .Release.Service }}'

    ## RelabelConfigs to apply to samples before scraping
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
    ## Value is evalued as a template
    ##
    relabelings: []

    ## MetricRelabelConfigs to apply to samples before ingestion
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
    ## Value is evalued as a template
    ##
    metricRelabelings: []
    #  - sourceLabels:
    #      - "__name__"
    #    targetLabel: "__name__"
    #    action: replace
    #    regex: '(.*)'
    #    replacement: 'example_prefix_$1'

#Pods Service Account
serviceAccount:
  nameOverride: aai-traversal
  roles:
    - read

#Log configuration
log:
  path: /var/log/onap
  level:
    root: DEBUG
    base: DEBUG # base package (org.onap.aai)
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: aai-trav-kafka-user
    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
    type: genericKV
    envs:
      - name: sasl.jaas.config
        value: '{{ .Values.config.someConfig }}'
        policy: generate
kafkaUser:
  authenticationType: scram-sha-512
  acls:
    - name: AAI-EVENT
      type: topic
      operations: [Read, Write]