Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 57681130892505f513df6d0902cbed0335f9dd29 / . / kubernetes / policy / components / policy-xacml-pdp / values.yaml
blob: 18ddfdfebad61d2dc14d50b8f54bbb22ccf6f596 [file] [log] [blame]
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]1# ============LICENSE_START=======================================================
jhh999c2242021-02-24 12:10:02 -0600[diff] [blame]2# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
Andreas Geissler57681132024-07-29 10:18:26 +0200[diff] [blame^]3# Modifications Copyright © 2024 Deutsche Telekom
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]4# ================================================================================
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17# SPDX-License-Identifier: Apache-2.0
18# ============LICENSE_END=========================================================
19
20#################################################################
21# Global configuration defaults.
22#################################################################
23global:
24 persistence: {}
25
26#################################################################
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200[diff] [blame]27# Secrets metaconfig
28#################################################################
29secrets:
30 - uid: db-secret
31 type: basicAuth
32 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
33 login: '{{ .Values.db.user }}'
34 password: '{{ .Values.db.password }}'
35 passwordPolicy: required
Dominik Mizync88bcc92020-04-14 18:20:20 +0200[diff] [blame]36 - uid: restserver-creds
37 type: basicAuth
38 externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
39 login: '{{ .Values.restServer.user }}'
40 password: '{{ .Values.restServer.password }}'
41 passwordPolicy: required
42 - uid: api-creds
43 type: basicAuth
44 externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
45 login: '{{ .Values.apiServer.user }}'
46 password: '{{ .Values.apiServer.password }}'
47 passwordPolicy: required
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200[diff] [blame]48
49#################################################################
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]50# Application configuration defaults.
51#################################################################
52# application image
saul.gill1fa9c252024-05-20 15:34:32 +0100[diff] [blame]53image: onap/policy-xacml-pdp:3.1.3
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]54pullPolicy: Always
55
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]56componentName: &componentName policy-xacml-pdp
57
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]58# flag to enable debugging - application support required
59debugEnabled: false
60
61# application configuration
62
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200[diff] [blame]63db:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]64 user: policy-user
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200[diff] [blame]65 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]66 service:
67 name: policy-mariadb
68 internalPort: 3306
69
Dominik Mizync88bcc92020-04-14 18:20:20 +0200[diff] [blame]70restServer:
71 user: healthcheck
72 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]73
Dominik Mizync88bcc92020-04-14 18:20:20 +0200[diff] [blame]74apiServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]75 user: policyadmin
Dominik Mizync88bcc92020-04-14 18:20:20 +0200[diff] [blame]76 password: zb!XztG34
Krzysztof Opasiak7e31efc2020-04-01 00:21:45 +0200[diff] [blame]77
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]78# default number of instances
ramverma39a79a42019-05-02 13:07:36 +0000[diff] [blame]79replicaCount: 1
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]80
81nodeSelector: {}
82
83affinity: {}
84
85# probe configuration parameters
86liveness:
87 initialDelaySeconds: 20
88 periodSeconds: 10
89 # necessary to disable liveness probe when setting breakpoints
90 # in debugger so K8s doesn't restart unresponsive container
91 enabled: true
92
93readiness:
94 initialDelaySeconds: 20
95 periodSeconds: 10
96
97service:
98 type: ClusterIP
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]99 name: *componentName
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]100 internalPort: 6969
Andreas Geisslerf10c5552023-03-21 18:09:46 +0100[diff] [blame]101 ports:
102 - name: http
103 port: 6969
Michael Mokryafae9972019-03-11 14:46:34 -0500[diff] [blame]104
105ingress:
106 enabled: false
107
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]108serviceMesh:
109 authorizationPolicy:
110 authorizedPrincipals:
111 - serviceAccount: dcae-datafile-collector-read
112 - serviceAccount: dcae-datalake-admin-ui-read
113 - serviceAccount: dcae-datalake-des-read
114 - serviceAccount: dcae-datalake-feeder-read
115 - serviceAccount: dcae-heartbeat-read
116 - serviceAccount: dcae-hv-ves-collector-read
117 - serviceAccount: dcae-kpi-ms-read
118 - serviceAccount: dcae-pm-mapper-read
119 - serviceAccount: dcae-pmsh-read
120 - serviceAccount: dcae-prh-read
121 - serviceAccount: dcae-restconf-collector-read
122 - serviceAccount: dcae-slice-analysis-ms-read
123 - serviceAccount: dcae-snmptrap-collector-read
124 - serviceAccount: dcae-son-handler-read
125 - serviceAccount: dcae-tcagen2-read
126 - serviceAccount: dcae-ves-collector-read
127 - serviceAccount: dcae-ves-mapper-read
128 - serviceAccount: dcae-ves-openapi-manager-read
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]129 - serviceAccount: strimzi-kafka-read
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100[diff] [blame]130 - serviceAccount: oof-read
131 - serviceAccount: sdnc-read
132
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]133flavor: small
134resources:
135 small:
136 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]137 cpu: "1"
138 memory: "1Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]139 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]140 cpu: "0.5"
141 memory: "1Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]142 large:
143 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]144 cpu: "2"
145 memory: "2Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]146 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]147 cpu: "1"
148 memory: "2Gi"
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]149 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]150
Andreas Geissler57681132024-07-29 10:18:26 +0200[diff] [blame^]151securityContext:
152 user_id: 100
153 group_id: 102
154
155dirSizes:
156 emptyDir:
157 sizeLimit: 1Gi
158 logDir:
159 sizeLimit: 500Mi
160 policyDir:
161 sizeLimit: 100Mi
162
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]163#Pods Service Account
164serviceAccount:
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]165 nameOverride: *componentName
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]166 roles:
167 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]168
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]169metrics:
170 serviceMonitor:
171 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
172 # The default operator for prometheus enforces the below label.
173 labels:
174 release: prometheus
175 enabled: true
176 port: policy-xacml-pdp
177 interval: 60s
Andreas Geisslerf10c5552023-03-21 18:09:46 +0100[diff] [blame]178 isHttps: false
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]179 basicAuth:
180 enabled: true
181 externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
182 externalSecretUserKey: login
183 externalSecretPasswordKey: password
184 selector:
185 app: '{{ include "common.name" . }}'
186 chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
187 release: '{{ include "common.release" . }}'
188 heritage: '{{ .Release.Service }}'
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]189
190config:
191 # Event consumption (kafka) properties
192 kafka:
193 consumer:
194 groupId: policy-xacml-pdp
195 app:
196 listener:
197 policyPdpPapTopic: policy-pdp-pap
198
199# Strimzi Kafka config
200kafkaUser:
201 authenticationType: scram-sha-512
202 acls:
203 - name: policy-xacml-pdp
204 type: group
205 operations: [ Create, Describe, Read, Write ]
206 - name: policy-pdp-pap
207 type: topic
208 patternType: prefix
209 operations: [ Create, Describe, Read, Write ]