kubernetes/aai/components/aai-resources/values.yaml

# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for resources.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global: # global defaults
  nodePortPrefix: 302
  cassandra:
    #Service Name of the cassandra cluster to connect to.
    #Override it to aai-cassandra if localCluster is enabled.
    serviceName: cassandra

  # Specifies a list of jobs to be run
  jobs:
    # When enabled, it will create the schema based on oxm and edge rules
    createSchema:
      enabled: true
    #migration using helm hooks
    migration:
      enabled: false

  aafEnabled: false

  config:
    # Specifies that the cluster connected to a dynamic
    # cluster being spinned up by kubernetes deployment
    cluster:
      cassandra:
        dynamic: true

    # Specifies if the basic authorization is enabled
    basic:
      auth:
        enabled: true
        username: AAI
        passwd: AAI

    # Active spring profiles for the resources microservice
    profiles:
      # aaf-auth profile will be automatically set if aaf enabled is set to true
      active: production,dmaap #,aaf-auth

    # Notification event specific properties
    notification:
      eventType: AAI-EVENT
      domain: dev

    # Schema specific properties that include supported versions of api
    schema:
      # Specifies if the connection should be one way ssl, two way ssl or no auth
      service:
        client: one-way-ssl
      # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
      translator:
        list: schema-service
      source:
        # Specifies which folder to take a look at
        name: onap
      uri:
        # Base URI Path of the application
        base:
          path: /aai
      version:
        # Current version of the REST API
        api:
          default: v27
        # Specifies which version the depth parameter is configurable
        depth: v11
        # List of all the supported versions of the API
        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
        # Specifies from which version related link should appear
        related:
          link: v11
        # Specifies from which version the app root change happened
        app:
          root: v11
        # Specifies from which version the xml namespace changed
        namespace:
          change: v12
        # Specifies from which version the edge label appeared in API
        edge:
          label: v12

    # Specifies which clients should always default to realtime graph connection
    realtime:
      clients: SDNC,MSO,SO,robot-ete

api_list:
  - 11
  - 12
  - 13
  - 14
  - 15
  - 16
  - 17
  - 18
  - 19

aai_enpoints:
  - name: aai-cloudInfrastructure
    url: cloud-infrastructure
  - name: aai-business
    url: business
  - name: aai-actions
    url: actions
  - name: aai-service-design-and-creation
    url: service-design-and-creation
  - name: aai-network
    url: network
  - name: aai-externalSystem
    url: external-system
#################################################################
# Certificate configuration
#################################################################
certInitializer:
  nameOverride: aai-resources-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: aai-resources
  fqi: aai-resources@aai-resources.onap.org
  public_fqdn: aai-resources.onap.org
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  fqi_namespace: org.onap.aai-resources
  aaf_add_config: |
    echo "*** changing them into shell safe ones"
    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    cd {{ .Values.credsPath }}
    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
      -storepass "${cadi_keystore_password_p12}" \
      -keystore {{ .Values.fqi_namespace }}.p12
    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
      -storepass "${cadi_truststore_password}" \
      -keystore {{ .Values.fqi_namespace }}.trust.jks
    echo "*** save the generated passwords"
    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
    echo "*** change ownership of certificates to targeted user"
    chown -R 1000 {{ .Values.credsPath }}

# application image
image: onap/aai-resources:1.11.0
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
  type: RollingUpdate
  # The number of pods that can be unavailable during the update process
  maxUnavailable: 0
  # The number of pods that can be created above the desired amount of pods during an update
  maxSurge: 1

# Configuration for the resources deployment
config:
  # configure keycloak according to your environment.
  # don't forget to add keycloak in active profiles above (global.config.profiles)
  keycloak:
    host: keycloak.your.domain
    port: 8180
    # Specifies a set of users, credentials, roles, and groups
    realm: aai-resources
    # Used by any client application for enabling fine-grained authorization for their protected resources
    resource: aai-resources-app
    # If set to true, additional criteria will be added that match the data-owner property with the given role
    # to the user in keycloak
    multiTenancy:
      enabled: true

  # Specifies crud related operation timeouts and overrides
  crud:
    timeout:
      # Specifies if the timeout for REST GET calls should be enabled
      enabled: true
      # Specifies the timeout values for application specific
      # Its a pipe seperated list where each element before comma represents
      # the X-FromAppId and the comma after specifies the timeout limit in ms
      # If the timeout limit is -1 then it means for these apps no timeout
      appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1
      # Specifies what is the maximum timeout limit in milliseconds
      limit: 100000

  # Specifies configuration for bulk apis
  bulk:
    # Specifies for a bulk payload how many transactions in total allowed
    limit: 30
    # Specifies if the bulk can be override and if it can the value
    override: false

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 60
  periodSeconds: 60
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: false

readiness:
  initialDelaySeconds: 60
  periodSeconds: 10

service:
  type: ClusterIP
  portName: http
  internalPort: 8447
  portName2: tcp-5005
  internalPort2: 5005
  portName3: aai-resources-8448
  internalPort3: 8448
  terminationGracePeriodSeconds: 120
  sessionAffinity: None

ingress:
  enabled: false

  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  #
  # Example:
  # Configure resource requests and limits
  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
  # Minimum memory for development is 2 CPU cores and 4GB memory
  # Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
#  limits:
#    cpu: 2
#    memory: 4Gi
#  requests:
#    cpu: 2
#    memory: 4Gi
resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 1
      memory: 3Gi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}

metrics:
  serviceMonitor:
    enabled: false
    targetPort: 8448
    path: /prometheus
    basicAuth:
      enabled: false
      externalSecretName: mysecretname
      externalSecretUserKey: login
      externalSecretPasswordKey: password

    ## Namespace in which Prometheus is running
    ##
    # namespace: monitoring

    ## Interval at which metrics should be scraped.
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    #interval: 30s

    ## Timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    # scrapeTimeout: 10s

    ## ServiceMonitor selector labels
    ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
    ##
    selector:
      app: '{{ include "common.name" . }}'
      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
      release: '{{ include "common.release" . }}'
      heritage: '{{ .Release.Service }}'

    ## RelabelConfigs to apply to samples before scraping
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
    ## Value is evalued as a template
    ##
    relabelings: []

    ## MetricRelabelConfigs to apply to samples before ingestion
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
    ## Value is evalued as a template
    ##
    metricRelabelings: []
    #  - sourceLabels:
    #      - "__name__"
    #    targetLabel: "__name__"
    #    action: replace
    #    regex: '(.*)'
    #    replacement: 'example_prefix_$1'

#Pods Service Account
serviceAccount:
  nameOverride: aai-resources
  roles:
    - read

#Log configuration
log:
  path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'

# To make logback capping values configurable
logback:
  logToFileEnabled: true
  maxHistory: 7
  totalSizeCap: 1GB
  queueSize: 1000

accessLogback:
  logToFileEnabled: true
  maxHistory: 7
  totalSizeCap: 1GB