blob: a190fb0cdd0f151ac058f62071bd0f3557b16c3b [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +00001# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -06003# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +00004# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
Sirisha_Manchikantib402a592022-09-09 12:01:20 +01005# Modifications Copyright © 2022 Nordix Foundation
ramverma1a3b8ad2019-02-25 12:45:11 +00006# ================================================================================
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#
19# SPDX-License-Identifier: Apache-2.0
20# ============LICENSE_END=========================================================
21
22#################################################################
23# Global configuration defaults.
24#################################################################
25global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -040026 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +000027 persistence: {}
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +020028
29#################################################################
30# Secrets metaconfig
31#################################################################
32secrets:
33 - uid: db-secret
34 type: basicAuth
35 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
36 login: '{{ .Values.db.user }}'
37 password: '{{ .Values.db.password }}'
38 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +020039 - uid: restserver-secret
40 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010041 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020042 login: '{{ .Values.restServer.user }}'
43 password: '{{ .Values.restServer.password }}'
44 passwordPolicy: required
45 - uid: api-secret
46 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010047 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020048 login: '{{ .Values.healthCheckRestClient.api.user }}'
49 password: '{{ .Values.healthCheckRestClient.api.password }}'
50 passwordPolicy: required
51 - uid: distribution-secret
52 type: basicAuth
53 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
54 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
55 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
56 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +010057 - uid: policy-kafka-user
58 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
59 type: genericKV
60 envs:
61 - name: sasl.jaas.config
62 value: '{{ .Values.config.someConfig }}'
63 policy: generate
jhhd4258672020-08-09 12:08:08 -050064
ramverma1a3b8ad2019-02-25 12:45:11 +000065#################################################################
66# Application configuration defaults.
67#################################################################
68# application image
saul.gill5e611402023-03-02 11:49:23 +000069image: onap/policy-pap:2.8.1
ramverma1a3b8ad2019-02-25 12:45:11 +000070pullPolicy: Always
71
72# flag to enable debugging - application support required
73debugEnabled: false
74
75# application configuration
76
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +020077db:
78 user: policy_user
79 password: policy_user
jhhd4258672020-08-09 12:08:08 -050080 service:
81 name: policy-mariadb
82 internalPort: 3306
83
Dominik Mizyn389fca12020-04-09 22:37:00 +020084restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +000085 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +000086 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -050087
Dominik Mizyn389fca12020-04-09 22:37:00 +020088healthCheckRestClient:
89 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +000090 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +010091 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +020092 distribution:
93 user: healthcheck
94 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +020095
ramverma1a3b8ad2019-02-25 12:45:11 +000096# default number of instances
97replicaCount: 1
98
99nodeSelector: {}
100
101affinity: {}
102
103# probe configuration parameters
104liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000105 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000106 periodSeconds: 10
107 # necessary to disable liveness probe when setting breakpoints
108 # in debugger so K8s doesn't restart unresponsive container
109 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400110 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000111
112readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000113 initialDelaySeconds: 10
114 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400115 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000116 api: /policy/pap/v1/healthcheck
a.sreekumar2f377362022-02-09 12:40:57 +0000117 successThreshold: 1
118 failureThreshold: 3
119 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000120
121service:
122 type: ClusterIP
123 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400124 ports:
125 - name: http-api
126 port: 6969
ramverma1a3b8ad2019-02-25 12:45:11 +0000127
128ingress:
129 enabled: false
130
AndrewLamb7ef78ae2023-04-20 16:24:13 +0100131serviceMesh:
132 authorizationPolicy:
133 authorizedPrincipals:
134 - serviceAccount: message-router-read
135 - serviceAccount: portal-app-read
136
jhhd4258672020-08-09 12:08:08 -0500137flavor: small
138resources:
139 small:
140 limits:
141 cpu: 1
142 memory: 4Gi
143 requests:
144 cpu: 100m
145 memory: 1Gi
146 large:
147 limits:
148 cpu: 2
149 memory: 8Gi
150 requests:
151 cpu: 200m
152 memory: 2Gi
153 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200154
155#Pods Service Account
156serviceAccount:
157 nameOverride: policy-pap
158 roles:
159 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400160
Rashmi Pujara8b09262022-03-15 21:58:57 -0400161metrics:
162 serviceMonitor:
163 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
164 # The default operator for prometheus enforces the below label.
165 labels:
166 release: prometheus
167 enabled: true
168 port: http-api
169 interval: 60s
Andreas Geisslerf10c5552023-03-21 18:09:46 +0100170 isHttps: false
Rashmi Pujara8b09262022-03-15 21:58:57 -0400171 basicAuth:
172 enabled: true
173 externalSecretNameSuffix: policy-pap-user-creds
174 externalSecretUserKey: login
175 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100176
177# application configuration
178config:
179# Event consumption (kafka) properties
180 useStrimziKafka: true
181 kafkaBootstrap: strimzi-kafka-bootstrap
182 kafka:
183 consumer:
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100184 groupId: policy-group
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100185 app:
186 listener:
187 policyPdpPapTopic: policy-pdp-pap
188# If targeting a custom kafka cluster, ie useStrimziKakfa: false
189# uncomment below config and target your kafka bootstrap servers,
190# along with any other security config.
191#
192# eventConsumption:
193# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
194# spring.kafka.security.protocol: PLAINTEXT
195# spring.kafka.consumer.group-id: policy-group
196#
197# Any new property can be added in the env by setting in overrides in the format mentioned below
198# All the added properties must be in "key: value" format instead of yaml.