Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / bf35e55286a0ac2f4fe05f595cda7109f22a5e6a / . / kubernetes / policy / components / policy-pap / values.yaml
blob: 5f6fb212656cacb6e029ef4528c85defd2713dc5 [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]1# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -0600[diff] [blame]3# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]4# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]5# Modifications Copyright © 2022 Nordix Foundation
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]6# ================================================================================
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#
19# SPDX-License-Identifier: Apache-2.0
20# ============LICENSE_END=========================================================
21
22#################################################################
23# Global configuration defaults.
24#################################################################
25global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -0400[diff] [blame]26 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]27 persistence: {}
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]28 postgres:
29 localCluster: false
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]30
31#################################################################
32# Secrets metaconfig
33#################################################################
34secrets:
35 - uid: db-secret
36 type: basicAuth
37 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
38 login: '{{ .Values.db.user }}'
39 password: '{{ .Values.db.password }}'
40 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]41 - uid: restserver-secret
42 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]43 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]44 login: '{{ .Values.restServer.user }}'
45 password: '{{ .Values.restServer.password }}'
46 passwordPolicy: required
47 - uid: api-secret
48 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]49 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]50 login: '{{ .Values.healthCheckRestClient.api.user }}'
51 password: '{{ .Values.healthCheckRestClient.api.password }}'
52 passwordPolicy: required
53 - uid: distribution-secret
54 type: basicAuth
55 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
56 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
57 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
58 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]59 - uid: policy-kafka-user
60 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
61 type: genericKV
62 envs:
63 - name: sasl.jaas.config
64 value: '{{ .Values.config.someConfig }}'
65 policy: generate
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]66
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]67#################################################################
68# Application configuration defaults.
69#################################################################
70# application image
saul.gill1fa9c252024-05-20 15:34:32 +0100[diff] [blame]71image: onap/policy-pap:3.1.3
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]72pullPolicy: Always
73
74# flag to enable debugging - application support required
75debugEnabled: false
76
77# application configuration
78
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]79db:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]80 user: policy-user
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]81 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]82 service:
83 name: policy-mariadb
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]84 pgName: policy-pg-primary
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]85 internalPort: 3306
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]86 internalPgPort: 5432
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]87
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]88restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]89 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]90 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]91
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]92healthCheckRestClient:
93 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]94 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]95 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]96 distribution:
97 user: healthcheck
98 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]99
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]100# default number of instances
101replicaCount: 1
102
103nodeSelector: {}
104
105affinity: {}
106
107# probe configuration parameters
108liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]109 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]110 periodSeconds: 10
111 # necessary to disable liveness probe when setting breakpoints
112 # in debugger so K8s doesn't restart unresponsive container
113 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]114 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]115
116readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]117 initialDelaySeconds: 10
118 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]119 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]120 api: /policy/pap/v1/healthcheck
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]121 successThreshold: 1
122 failureThreshold: 3
123 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]124
125service:
126 type: ClusterIP
127 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]128 ports:
129 - name: http-api
130 port: 6969
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]131 - name: debug-port
132 port: 5005
133 protocol: TCP
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]134
135ingress:
136 enabled: false
137
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]138serviceMesh:
139 authorizationPolicy:
140 authorizedPrincipals:
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]141 - serviceAccount: strimzi-kafka-read
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]142 - serviceAccount: portal-app-read
143
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]144flavor: small
145resources:
146 small:
147 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]148 cpu: "1"
149 memory: "1Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]150 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]151 cpu: "0.5"
152 memory: "1Gi"
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]153 large:
154 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]155 cpu: "2"
156 memory: "2Gi"
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]157 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]158 cpu: "1"
159 memory: "2Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]160 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]161
162#Pods Service Account
163serviceAccount:
164 nameOverride: policy-pap
165 roles:
166 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]167
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]168metrics:
169 serviceMonitor:
170 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
171 # The default operator for prometheus enforces the below label.
172 labels:
173 release: prometheus
174 enabled: true
175 port: http-api
176 interval: 60s
Andreas Geisslerf10c5552023-03-21 18:09:46 +0100[diff] [blame]177 isHttps: false
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]178 basicAuth:
179 enabled: true
180 externalSecretNameSuffix: policy-pap-user-creds
181 externalSecretUserKey: login
182 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]183
184# application configuration
185config:
186# Event consumption (kafka) properties
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]187 kafka:
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]188 topics:
189 policyHeartbeat: policy-heartbeat
190 policyNotification: policy-notification
191 policyPdpPap: policy-pdp-pap
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]192 consumer:
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]193 groupId: policy-pap
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]194 app:
195 listener:
196 policyPdpPapTopic: policy-pdp-pap
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]197
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]198# If targeting a custom kafka cluster, ie useStrimziKakfa: false
199# uncomment below config and target your kafka bootstrap servers,
200# along with any other security config.
201#
202# eventConsumption:
203# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
204# spring.kafka.security.protocol: PLAINTEXT
205# spring.kafka.consumer.group-id: policy-group
206#
207# Any new property can be added in the env by setting in overrides in the format mentioned below
208# All the added properties must be in "key: value" format instead of yaml.
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]209kafkaUser:
210 authenticationType: scram-sha-512
211 acls:
212 - name: policy-pap
213 type: group
214 operations: [Create, Describe, Read, Write]
215 - name: policy-pdp-pap
216 type: topic
217 patternType: prefix
218 operations: [Create, Describe, Read, Write]
219 - name: policy-heartbeat
220 type: topic
221 patternType: prefix
222 operations: [Create, Describe, Read, Write]
223 - name: policy-notification
224 type: topic
225 patternType: prefix
226 operations: [Create, Describe, Read, Write]
227