Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 57681130892505f513df6d0902cbed0335f9dd29 / . / kubernetes / policy / components / policy-pap / values.yaml
blob: d7384a5e654bcfa966a32d07172f9580c235a87f [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]1# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -0600[diff] [blame]3# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]4# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]5# Modifications Copyright © 2022 Nordix Foundation
Andreas Geissler57681132024-07-29 10:18:26 +0200[diff] [blame^]6# Modifications Copyright © 2024 Deutsche Telekom
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]7# ================================================================================
8# Licensed under the Apache License, Version 2.0 (the "License");
9# you may not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS,
16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# SPDX-License-Identifier: Apache-2.0
21# ============LICENSE_END=========================================================
22
23#################################################################
24# Global configuration defaults.
25#################################################################
26global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -0400[diff] [blame]27 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]28 persistence: {}
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]29 postgres:
30 localCluster: false
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]31
32#################################################################
33# Secrets metaconfig
34#################################################################
35secrets:
36 - uid: db-secret
37 type: basicAuth
38 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
39 login: '{{ .Values.db.user }}'
40 password: '{{ .Values.db.password }}'
41 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]42 - uid: restserver-secret
43 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]44 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]45 login: '{{ .Values.restServer.user }}'
46 password: '{{ .Values.restServer.password }}'
47 passwordPolicy: required
48 - uid: api-secret
49 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]50 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]51 login: '{{ .Values.healthCheckRestClient.api.user }}'
52 password: '{{ .Values.healthCheckRestClient.api.password }}'
53 passwordPolicy: required
54 - uid: distribution-secret
55 type: basicAuth
56 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
57 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
58 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
59 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]60 - uid: policy-kafka-user
61 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
62 type: genericKV
63 envs:
64 - name: sasl.jaas.config
65 value: '{{ .Values.config.someConfig }}'
66 policy: generate
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]67
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]68#################################################################
69# Application configuration defaults.
70#################################################################
71# application image
saul.gill1fa9c252024-05-20 15:34:32 +0100[diff] [blame]72image: onap/policy-pap:3.1.3
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]73pullPolicy: Always
74
75# flag to enable debugging - application support required
76debugEnabled: false
77
78# application configuration
79
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]80db:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]81 user: policy-user
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]82 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]83 service:
84 name: policy-mariadb
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]85 pgName: policy-pg-primary
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]86 internalPort: 3306
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]87 internalPgPort: 5432
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]88
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]89restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]90 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]91 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]92
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]93healthCheckRestClient:
94 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]95 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]96 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]97 distribution:
98 user: healthcheck
99 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]100
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]101# default number of instances
102replicaCount: 1
103
104nodeSelector: {}
105
106affinity: {}
107
108# probe configuration parameters
109liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]110 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]111 periodSeconds: 10
112 # necessary to disable liveness probe when setting breakpoints
113 # in debugger so K8s doesn't restart unresponsive container
114 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]115 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]116
117readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]118 initialDelaySeconds: 10
119 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]120 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]121 api: /policy/pap/v1/healthcheck
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]122 successThreshold: 1
123 failureThreshold: 3
124 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]125
126service:
127 type: ClusterIP
128 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]129 ports:
130 - name: http-api
131 port: 6969
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]132 - name: debug-port
133 port: 5005
134 protocol: TCP
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]135
136ingress:
137 enabled: false
138
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]139serviceMesh:
140 authorizationPolicy:
141 authorizedPrincipals:
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]142 - serviceAccount: strimzi-kafka-read
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]143 - serviceAccount: portal-app-read
144
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]145flavor: small
146resources:
147 small:
148 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]149 cpu: "1"
150 memory: "1Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]151 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]152 cpu: "0.5"
153 memory: "1Gi"
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]154 large:
155 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]156 cpu: "2"
157 memory: "2Gi"
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]158 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]159 cpu: "1"
160 memory: "2Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]161 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]162
Andreas Geissler57681132024-07-29 10:18:26 +0200[diff] [blame^]163securityContext:
164 user_id: 100
165 group_id: 102
166
167dirSizes:
168 emptyDir:
169 sizeLimit: 1Gi
170 logDir:
171 sizeLimit: 500Mi
172
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]173#Pods Service Account
174serviceAccount:
175 nameOverride: policy-pap
176 roles:
177 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]178
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]179metrics:
180 serviceMonitor:
181 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
182 # The default operator for prometheus enforces the below label.
183 labels:
184 release: prometheus
185 enabled: true
186 port: http-api
187 interval: 60s
Andreas Geisslerf10c5552023-03-21 18:09:46 +0100[diff] [blame]188 isHttps: false
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]189 basicAuth:
190 enabled: true
191 externalSecretNameSuffix: policy-pap-user-creds
192 externalSecretUserKey: login
193 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]194
195# application configuration
196config:
197# Event consumption (kafka) properties
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]198 kafka:
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]199 topics:
200 policyHeartbeat: policy-heartbeat
201 policyNotification: policy-notification
202 policyPdpPap: policy-pdp-pap
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]203 consumer:
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]204 groupId: policy-pap
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]205 app:
206 listener:
207 policyPdpPapTopic: policy-pdp-pap
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]208
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]209# If targeting a custom kafka cluster, ie useStrimziKakfa: false
210# uncomment below config and target your kafka bootstrap servers,
211# along with any other security config.
212#
213# eventConsumption:
214# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
215# spring.kafka.security.protocol: PLAINTEXT
216# spring.kafka.consumer.group-id: policy-group
217#
218# Any new property can be added in the env by setting in overrides in the format mentioned below
219# All the added properties must be in "key: value" format instead of yaml.
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]220kafkaUser:
221 authenticationType: scram-sha-512
222 acls:
223 - name: policy-pap
224 type: group
225 operations: [Create, Describe, Read, Write]
226 - name: policy-pdp-pap
227 type: topic
228 patternType: prefix
229 operations: [Create, Describe, Read, Write]
230 - name: policy-heartbeat
231 type: topic
232 patternType: prefix
233 operations: [Create, Describe, Read, Write]
234 - name: policy-notification
235 type: topic
236 patternType: prefix
237 operations: [Create, Describe, Read, Write]