blob: c29e0303fd568b4b2a2ae78b64df6c8d8319b32f [file] [log] [blame]
Michael Mokryafae9972019-03-11 14:46:34 -05001# ============LICENSE_START=======================================================
jhh999c2242021-02-24 12:10:02 -06002# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
Michael Mokryafae9972019-03-11 14:46:34 -05003# ================================================================================
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16# SPDX-License-Identifier: Apache-2.0
17# ============LICENSE_END=========================================================
18
19#################################################################
20# Global configuration defaults.
21#################################################################
22global:
23 persistence: {}
jhhd4258672020-08-09 12:08:08 -050024 aafEnabled: true
Michael Mokryafae9972019-03-11 14:46:34 -050025
26#################################################################
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +020027# Secrets metaconfig
28#################################################################
29secrets:
30 - uid: db-secret
31 type: basicAuth
32 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
33 login: '{{ .Values.db.user }}'
34 password: '{{ .Values.db.password }}'
35 passwordPolicy: required
Dominik Mizync88bcc92020-04-14 18:20:20 +020036 - uid: restserver-creds
37 type: basicAuth
38 externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
39 login: '{{ .Values.restServer.user }}'
40 password: '{{ .Values.restServer.password }}'
41 passwordPolicy: required
42 - uid: api-creds
43 type: basicAuth
44 externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
45 login: '{{ .Values.apiServer.user }}'
46 password: '{{ .Values.apiServer.password }}'
47 passwordPolicy: required
jhhd4258672020-08-09 12:08:08 -050048 - uid: keystore-password
49 type: password
50 externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
51 password: '{{ .Values.certStores.keyStorePassword }}'
52 passwordPolicy: required
53 - uid: truststore-password
54 type: password
55 externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
56 password: '{{ .Values.certStores.trustStorePassword }}'
57 passwordPolicy: required
58
59certStores:
60 keyStorePassword: Pol1cy_0nap
61 trustStorePassword: Pol1cy_0nap
62
63certInitializer:
64 nameOverride: policy-xacml-pdp-cert-initializer
65 aafDeployFqi: deployer@people.osaaf.org
66 aafDeployPass: demo123456!
67 fqdn: policy
68 fqi: policy@policy.onap.org
69 public_fqdn: policy.onap.org
70 cadi_latitude: "0.0"
71 cadi_longitude: "0.0"
72 credsPath: /opt/app/osaaf/local
73 app_ns: org.osaaf.aaf
74 uid: 100
75 gid: 101
76 aaf_add_config: >
jhhd4258672020-08-09 12:08:08 -050077 echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
78 echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
79 chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
80
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +020081
82#################################################################
Michael Mokryafae9972019-03-11 14:46:34 -050083# Application configuration defaults.
84#################################################################
85# application image
liamfallonedb388e2022-09-23 17:56:37 +010086image: onap/policy-xacml-pdp:2.7.0
Michael Mokryafae9972019-03-11 14:46:34 -050087pullPolicy: Always
88
89# flag to enable debugging - application support required
90debugEnabled: false
91
92# application configuration
93
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +020094db:
95 user: policy_user
96 password: policy_user
jhhd4258672020-08-09 12:08:08 -050097 service:
98 name: policy-mariadb
99 internalPort: 3306
100
Dominik Mizync88bcc92020-04-14 18:20:20 +0200101restServer:
102 user: healthcheck
103 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500104
Dominik Mizync88bcc92020-04-14 18:20:20 +0200105apiServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000106 user: policyadmin
Dominik Mizync88bcc92020-04-14 18:20:20 +0200107 password: zb!XztG34
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200108
Michael Mokryafae9972019-03-11 14:46:34 -0500109# default number of instances
ramverma39a79a42019-05-02 13:07:36 +0000110replicaCount: 1
Michael Mokryafae9972019-03-11 14:46:34 -0500111
112nodeSelector: {}
113
114affinity: {}
115
116# probe configuration parameters
117liveness:
118 initialDelaySeconds: 20
119 periodSeconds: 10
120 # necessary to disable liveness probe when setting breakpoints
121 # in debugger so K8s doesn't restart unresponsive container
122 enabled: true
123
124readiness:
125 initialDelaySeconds: 20
126 periodSeconds: 10
127
128service:
129 type: ClusterIP
130 name: policy-xacml-pdp
amatthews736bf372021-12-14 16:04:15 +0000131 portName: http
Michael Mokryafae9972019-03-11 14:46:34 -0500132 externalPort: 6969
133 internalPort: 6969
134
135ingress:
136 enabled: false
137
jhhd4258672020-08-09 12:08:08 -0500138flavor: small
139resources:
140 small:
141 limits:
142 cpu: 1
143 memory: 4Gi
144 requests:
145 cpu: 100m
146 memory: 1Gi
147 large:
148 limits:
149 cpu: 2
150 memory: 8Gi
151 requests:
152 cpu: 200m
153 memory: 2Gi
154 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200155
156#Pods Service Account
157serviceAccount:
158 nameOverride: policy-xacml-pdp
159 roles:
160 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400161
Rashmi Pujara8b09262022-03-15 21:58:57 -0400162metrics:
163 serviceMonitor:
164 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
165 # The default operator for prometheus enforces the below label.
166 labels:
167 release: prometheus
168 enabled: true
169 port: policy-xacml-pdp
170 interval: 60s
171 isHttps: true
172 basicAuth:
173 enabled: true
174 externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
175 externalSecretUserKey: login
176 externalSecretPasswordKey: password
177 selector:
178 app: '{{ include "common.name" . }}'
179 chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
180 release: '{{ include "common.release" . }}'
181 heritage: '{{ .Release.Service }}'