Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 1 | # ============LICENSE_START======================================================= |
jhh | 999c224 | 2021-02-24 12:10:02 -0600 | [diff] [blame] | 2 | # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 3 | # ================================================================================ |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # |
| 16 | # SPDX-License-Identifier: Apache-2.0 |
| 17 | # ============LICENSE_END========================================================= |
| 18 | |
| 19 | ################################################################# |
| 20 | # Global configuration defaults. |
| 21 | ################################################################# |
| 22 | global: |
| 23 | persistence: {} |
| 24 | |
| 25 | ################################################################# |
Krzysztof Opasiak | 7e31efc | 2020-04-01 00:21:45 +0200 | [diff] [blame] | 26 | # Secrets metaconfig |
| 27 | ################################################################# |
| 28 | secrets: |
| 29 | - uid: db-secret |
| 30 | type: basicAuth |
| 31 | externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' |
| 32 | login: '{{ .Values.db.user }}' |
| 33 | password: '{{ .Values.db.password }}' |
| 34 | passwordPolicy: required |
Dominik Mizyn | c88bcc9 | 2020-04-14 18:20:20 +0200 | [diff] [blame] | 35 | - uid: restserver-creds |
| 36 | type: basicAuth |
| 37 | externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' |
| 38 | login: '{{ .Values.restServer.user }}' |
| 39 | password: '{{ .Values.restServer.password }}' |
| 40 | passwordPolicy: required |
| 41 | - uid: api-creds |
| 42 | type: basicAuth |
| 43 | externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' |
| 44 | login: '{{ .Values.apiServer.user }}' |
| 45 | password: '{{ .Values.apiServer.password }}' |
| 46 | passwordPolicy: required |
Krzysztof Opasiak | 7e31efc | 2020-04-01 00:21:45 +0200 | [diff] [blame] | 47 | |
| 48 | ################################################################# |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 49 | # Application configuration defaults. |
| 50 | ################################################################# |
| 51 | # application image |
saul.gill | ef208b0 | 2023-04-26 16:16:05 +0100 | [diff] [blame] | 52 | image: onap/policy-xacml-pdp:2.8.2 |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 53 | pullPolicy: Always |
| 54 | |
| 55 | # flag to enable debugging - application support required |
| 56 | debugEnabled: false |
| 57 | |
| 58 | # application configuration |
| 59 | |
Krzysztof Opasiak | 7e31efc | 2020-04-01 00:21:45 +0200 | [diff] [blame] | 60 | db: |
| 61 | user: policy_user |
| 62 | password: policy_user |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 63 | service: |
| 64 | name: policy-mariadb |
| 65 | internalPort: 3306 |
| 66 | |
Dominik Mizyn | c88bcc9 | 2020-04-14 18:20:20 +0200 | [diff] [blame] | 67 | restServer: |
| 68 | user: healthcheck |
| 69 | password: zb!XztG34 |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 70 | |
Dominik Mizyn | c88bcc9 | 2020-04-14 18:20:20 +0200 | [diff] [blame] | 71 | apiServer: |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 72 | user: policyadmin |
Dominik Mizyn | c88bcc9 | 2020-04-14 18:20:20 +0200 | [diff] [blame] | 73 | password: zb!XztG34 |
Krzysztof Opasiak | 7e31efc | 2020-04-01 00:21:45 +0200 | [diff] [blame] | 74 | |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 75 | # default number of instances |
ramverma | 39a79a4 | 2019-05-02 13:07:36 +0000 | [diff] [blame] | 76 | replicaCount: 1 |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 77 | |
| 78 | nodeSelector: {} |
| 79 | |
| 80 | affinity: {} |
| 81 | |
| 82 | # probe configuration parameters |
| 83 | liveness: |
| 84 | initialDelaySeconds: 20 |
| 85 | periodSeconds: 10 |
| 86 | # necessary to disable liveness probe when setting breakpoints |
| 87 | # in debugger so K8s doesn't restart unresponsive container |
| 88 | enabled: true |
| 89 | |
| 90 | readiness: |
| 91 | initialDelaySeconds: 20 |
| 92 | periodSeconds: 10 |
| 93 | |
| 94 | service: |
| 95 | type: ClusterIP |
| 96 | name: policy-xacml-pdp |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 97 | internalPort: 6969 |
Andreas Geissler | f10c555 | 2023-03-21 18:09:46 +0100 | [diff] [blame] | 98 | ports: |
| 99 | - name: http |
| 100 | port: 6969 |
Michael Mokry | afae997 | 2019-03-11 14:46:34 -0500 | [diff] [blame] | 101 | |
| 102 | ingress: |
| 103 | enabled: false |
| 104 | |
AndrewLamb | 7ef78ae | 2023-04-20 16:24:13 +0100 | [diff] [blame] | 105 | serviceMesh: |
| 106 | authorizationPolicy: |
| 107 | authorizedPrincipals: |
| 108 | - serviceAccount: dcae-datafile-collector-read |
| 109 | - serviceAccount: dcae-datalake-admin-ui-read |
| 110 | - serviceAccount: dcae-datalake-des-read |
| 111 | - serviceAccount: dcae-datalake-feeder-read |
| 112 | - serviceAccount: dcae-heartbeat-read |
| 113 | - serviceAccount: dcae-hv-ves-collector-read |
| 114 | - serviceAccount: dcae-kpi-ms-read |
| 115 | - serviceAccount: dcae-pm-mapper-read |
| 116 | - serviceAccount: dcae-pmsh-read |
| 117 | - serviceAccount: dcae-prh-read |
| 118 | - serviceAccount: dcae-restconf-collector-read |
| 119 | - serviceAccount: dcae-slice-analysis-ms-read |
| 120 | - serviceAccount: dcae-snmptrap-collector-read |
| 121 | - serviceAccount: dcae-son-handler-read |
| 122 | - serviceAccount: dcae-tcagen2-read |
| 123 | - serviceAccount: dcae-ves-collector-read |
| 124 | - serviceAccount: dcae-ves-mapper-read |
| 125 | - serviceAccount: dcae-ves-openapi-manager-read |
| 126 | - serviceAccount: message-router-read |
| 127 | - serviceAccount: oof-read |
| 128 | - serviceAccount: sdnc-read |
| 129 | |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 130 | flavor: small |
| 131 | resources: |
| 132 | small: |
| 133 | limits: |
Andreas Geissler | 555db9c | 2023-06-20 11:38:39 +0200 | [diff] [blame] | 134 | cpu: 999 |
| 135 | memory: 1Gi |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 136 | requests: |
Andreas Geissler | 555db9c | 2023-06-20 11:38:39 +0200 | [diff] [blame] | 137 | cpu: 0.5 |
| 138 | memory: 1Gi |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 139 | large: |
| 140 | limits: |
Andreas Geissler | 555db9c | 2023-06-20 11:38:39 +0200 | [diff] [blame] | 141 | cpu: 999 |
| 142 | memory: 2Gi |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 143 | requests: |
Andreas Geissler | 555db9c | 2023-06-20 11:38:39 +0200 | [diff] [blame] | 144 | cpu: 1 |
| 145 | memory: 2Gi |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 146 | unlimited: {} |
farida azmy | c117837 | 2021-04-11 12:55:33 +0200 | [diff] [blame] | 147 | |
| 148 | #Pods Service Account |
| 149 | serviceAccount: |
| 150 | nameOverride: policy-xacml-pdp |
| 151 | roles: |
| 152 | - read |
Rashmi Pujar | a8b0926 | 2022-03-15 21:58:57 -0400 | [diff] [blame] | 153 | |
Rashmi Pujar | a8b0926 | 2022-03-15 21:58:57 -0400 | [diff] [blame] | 154 | metrics: |
| 155 | serviceMonitor: |
| 156 | # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. |
| 157 | # The default operator for prometheus enforces the below label. |
| 158 | labels: |
| 159 | release: prometheus |
| 160 | enabled: true |
| 161 | port: policy-xacml-pdp |
| 162 | interval: 60s |
Andreas Geissler | f10c555 | 2023-03-21 18:09:46 +0100 | [diff] [blame] | 163 | isHttps: false |
Rashmi Pujar | a8b0926 | 2022-03-15 21:58:57 -0400 | [diff] [blame] | 164 | basicAuth: |
| 165 | enabled: true |
| 166 | externalSecretNameSuffix: policy-xacml-pdp-restserver-creds |
| 167 | externalSecretUserKey: login |
| 168 | externalSecretPasswordKey: password |
| 169 | selector: |
| 170 | app: '{{ include "common.name" . }}' |
| 171 | chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' |
| 172 | release: '{{ include "common.release" . }}' |
| 173 | heritage: '{{ .Release.Service }}' |