Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 1 | # Copyright (c) 2018 Amdocs, Bell Canada, AT&T |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 2 | # Copyright (c) 2020 Nokia, Orange |
Sylvain Desbureaux | 331f004 | 2021-01-18 11:38:49 +0100 | [diff] [blame] | 3 | # Modifications Copyright (c) 2021 Orange |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | |
| 17 | # Default values for resources. |
| 18 | # This is a YAML-formatted file. |
| 19 | # Declare variables to be passed into your templates. |
| 20 | global: # global defaults |
| 21 | nodePortPrefix: 302 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 22 | cassandra: |
| 23 | #Service Name of the cassandra cluster to connect to. |
| 24 | #Override it to aai-cassandra if localCluster is enabled. |
| 25 | serviceName: cassandra |
| 26 | |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 27 | # Specifies a list of jobs to be run |
| 28 | jobs: |
| 29 | # When enabled, it will create the schema based on oxm and edge rules |
| 30 | createSchema: |
| 31 | enabled: true |
| 32 | #migration using helm hooks |
| 33 | migration: |
| 34 | enabled: false |
| 35 | |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 36 | aafEnabled: false |
| 37 | |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 38 | config: |
| 39 | # Specifies that the cluster connected to a dynamic |
| 40 | # cluster being spinned up by kubernetes deployment |
| 41 | cluster: |
| 42 | cassandra: |
| 43 | dynamic: true |
| 44 | |
| 45 | # Specifies if the basic authorization is enabled |
| 46 | basic: |
| 47 | auth: |
| 48 | enabled: true |
| 49 | username: AAI |
| 50 | passwd: AAI |
| 51 | |
| 52 | # Active spring profiles for the resources microservice |
| 53 | profiles: |
guillaume.lambert | 600dc98 | 2021-10-20 20:42:32 +0200 | [diff] [blame] | 54 | # aaf-auth profile will be automatically set if aaf enabled is set to true |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 55 | active: production,dmaap #,aaf-auth |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 56 | |
| 57 | # Notification event specific properties |
| 58 | notification: |
| 59 | eventType: AAI-EVENT |
| 60 | domain: dev |
| 61 | |
| 62 | # Schema specific properties that include supported versions of api |
| 63 | schema: |
| 64 | # Specifies if the connection should be one way ssl, two way ssl or no auth |
| 65 | service: |
| 66 | client: one-way-ssl |
| 67 | # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service |
| 68 | translator: |
| 69 | list: schema-service |
| 70 | source: |
| 71 | # Specifies which folder to take a look at |
| 72 | name: onap |
| 73 | uri: |
| 74 | # Base URI Path of the application |
| 75 | base: |
| 76 | path: /aai |
| 77 | version: |
| 78 | # Current version of the REST API |
| 79 | api: |
wr148d | 77086d7 | 2021-08-27 16:15:36 -0400 | [diff] [blame] | 80 | default: v24 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 81 | # Specifies which version the depth parameter is configurable |
| 82 | depth: v11 |
| 83 | # List of all the supported versions of the API |
wr148d | 77086d7 | 2021-08-27 16:15:36 -0400 | [diff] [blame] | 84 | list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 85 | # Specifies from which version related link should appear |
| 86 | related: |
| 87 | link: v11 |
| 88 | # Specifies from which version the app root change happened |
| 89 | app: |
| 90 | root: v11 |
| 91 | # Specifies from which version the xml namespace changed |
| 92 | namespace: |
| 93 | change: v12 |
| 94 | # Specifies from which version the edge label appeared in API |
| 95 | edge: |
| 96 | label: v12 |
| 97 | |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 98 | # Specifies which clients should always default to realtime graph connection |
| 99 | realtime: |
| 100 | clients: SDNC,MSO,SO,robot-ete |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 101 | |
Sylvain Desbureaux | 331f004 | 2021-01-18 11:38:49 +0100 | [diff] [blame] | 102 | api_list: |
| 103 | - 11 |
| 104 | - 12 |
| 105 | - 13 |
| 106 | - 14 |
| 107 | - 15 |
| 108 | - 16 |
| 109 | - 17 |
| 110 | - 18 |
| 111 | - 19 |
| 112 | |
| 113 | aai_enpoints: |
| 114 | - name: aai-cloudInfrastructure |
| 115 | url: cloud-infrastructure |
| 116 | - name: aai-business |
| 117 | url: business |
| 118 | - name: aai-actions |
| 119 | url: actions |
| 120 | - name: aai-service-design-and-creation |
| 121 | url: service-design-and-creation |
| 122 | - name: aai-network |
| 123 | url: network |
| 124 | - name: aai-externalSystem |
| 125 | url: external-system |
Sylvain Desbureaux | b4e038d | 2020-12-15 12:00:26 +0100 | [diff] [blame] | 126 | ################################################################# |
| 127 | # Certificate configuration |
| 128 | ################################################################# |
| 129 | certInitializer: |
| 130 | nameOverride: aai-resources-cert-initializer |
| 131 | aafDeployFqi: deployer@people.osaaf.org |
| 132 | aafDeployPass: demo123456! |
| 133 | # aafDeployCredsExternalSecret: some secret |
| 134 | fqdn: aai-resources |
| 135 | fqi: aai-resources@aai-resources.onap.org |
| 136 | public_fqdn: aai-resources.onap.org |
| 137 | cadi_longitude: "0.0" |
| 138 | cadi_latitude: "0.0" |
| 139 | app_ns: org.osaaf.aaf |
| 140 | credsPath: /opt/app/osaaf/local |
| 141 | fqi_namespace: org.onap.aai-resources |
| 142 | aaf_add_config: | |
Krzysztof Opasiak | 5880794 | 2021-04-02 08:56:15 +0200 | [diff] [blame] | 143 | echo "*** changing them into shell safe ones" |
| 144 | export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| 145 | export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| 146 | cd {{ .Values.credsPath }} |
| 147 | keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ |
| 148 | -storepass "${cadi_keystore_password_p12}" \ |
| 149 | -keystore {{ .Values.fqi_namespace }}.p12 |
| 150 | keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ |
| 151 | -storepass "${cadi_truststore_password}" \ |
| 152 | -keystore {{ .Values.fqi_namespace }}.trust.jks |
Krzysztof Opasiak | 5880794 | 2021-04-02 08:56:15 +0200 | [diff] [blame] | 153 | echo "*** save the generated passwords" |
| 154 | echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop |
| 155 | echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop |
Sylvain Desbureaux | 6b83dab | 2021-02-23 16:03:21 +0100 | [diff] [blame] | 156 | echo "*** change ownership of certificates to targeted user" |
| 157 | chown -R 1000 {{ .Values.credsPath }} |
Sylvain Desbureaux | 331f004 | 2021-01-18 11:38:49 +0100 | [diff] [blame] | 158 | |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 159 | # application image |
wr148d | 77086d7 | 2021-08-27 16:15:36 -0400 | [diff] [blame] | 160 | image: onap/aai-resources:1.9.1 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 161 | pullPolicy: Always |
| 162 | restartPolicy: Always |
| 163 | flavor: small |
| 164 | flavorOverride: small |
| 165 | # default number of instances |
| 166 | replicaCount: 1 |
M.Hosnidokht | 09523be | 2021-08-24 09:00:42 -0400 | [diff] [blame] | 167 | # the minimum number of seconds that a newly created Pod should be ready |
| 168 | minReadySeconds: 30 |
| 169 | updateStrategy: |
| 170 | type: RollingUpdate |
| 171 | # The number of pods that can be unavailable during the update process |
| 172 | maxUnavailable: 0 |
| 173 | # The number of pods that can be created above the desired amount of pods during an update |
| 174 | maxSurge: 1 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 175 | |
| 176 | # Configuration for the resources deployment |
| 177 | config: |
roger yuan | a08006e | 2021-04-20 09:20:38 -0600 | [diff] [blame] | 178 | # configure keycloak according to your environment. |
| 179 | # don't forget to add keycloak in active profiles above (global.config.profiles) |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 180 | keycloak: |
roger yuan | a08006e | 2021-04-20 09:20:38 -0600 | [diff] [blame] | 181 | host: keycloak.your.domain |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 182 | port: 8180 |
roger yuan | a08006e | 2021-04-20 09:20:38 -0600 | [diff] [blame] | 183 | # Specifies a set of users, credentials, roles, and groups |
| 184 | realm: aai-resources |
| 185 | # Used by any client application for enabling fine-grained authorization for their protected resources |
| 186 | resource: aai-resources-app |
| 187 | # If set to true, additional criteria will be added that match the data-owner property with the given role |
| 188 | # to the user in keycloak |
| 189 | multiTenancy: |
| 190 | enabled: true |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 191 | |
| 192 | # Specifies crud related operation timeouts and overrides |
| 193 | crud: |
| 194 | timeout: |
| 195 | # Specifies if the timeout for REST GET calls should be enabled |
| 196 | enabled: true |
| 197 | # Specifies the timeout values for application specific |
| 198 | # Its a pipe seperated list where each element before comma represents |
| 199 | # the X-FromAppId and the comma after specifies the timeout limit in ms |
| 200 | # If the timeout limit is -1 then it means for these apps no timeout |
| 201 | appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1 |
| 202 | # Specifies what is the maximum timeout limit in milliseconds |
| 203 | limit: 100000 |
| 204 | |
| 205 | # Specifies configuration for bulk apis |
| 206 | bulk: |
| 207 | # Specifies for a bulk payload how many transactions in total allowed |
| 208 | limit: 30 |
| 209 | # Specifies if the bulk can be override and if it can the value |
| 210 | override: false |
| 211 | |
| 212 | nodeSelector: {} |
| 213 | |
| 214 | affinity: {} |
| 215 | |
| 216 | # probe configuration parameters |
| 217 | liveness: |
| 218 | initialDelaySeconds: 60 |
| 219 | periodSeconds: 60 |
| 220 | # necessary to disable liveness probe when setting breakpoints |
| 221 | # in debugger so K8s doesn't restart unresponsive container |
| 222 | enabled: false |
| 223 | |
| 224 | readiness: |
| 225 | initialDelaySeconds: 60 |
| 226 | periodSeconds: 10 |
| 227 | |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 228 | service: |
| 229 | type: ClusterIP |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 230 | portName: http |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 231 | internalPort: 8447 |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 232 | portName2: tcp-5005 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 233 | internalPort2: 5005 |
M.Hosnidokht | 09523be | 2021-08-24 09:00:42 -0400 | [diff] [blame] | 234 | terminationGracePeriodSeconds: 120 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 235 | |
| 236 | ingress: |
| 237 | enabled: false |
| 238 | |
| 239 | # We usually recommend not to specify default resources and to leave this as a conscious |
| 240 | # choice for the user. This also increases chances charts run on environments with little |
| 241 | # resources, such as Minikube. If you do want to specify resources, uncomment the following |
| 242 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
| 243 | # |
| 244 | # Example: |
| 245 | # Configure resource requests and limits |
| 246 | # ref: http://kubernetes.io/docs/user-guide/compute-resources/ |
| 247 | # Minimum memory for development is 2 CPU cores and 4GB memory |
| 248 | # Minimum memory for production is 4 CPU cores and 8GB memory |
| 249 | #resources: |
| 250 | # limits: |
| 251 | # cpu: 2 |
| 252 | # memory: 4Gi |
| 253 | # requests: |
| 254 | # cpu: 2 |
| 255 | # memory: 4Gi |
| 256 | resources: |
| 257 | small: |
| 258 | limits: |
| 259 | cpu: 2 |
| 260 | memory: 4Gi |
| 261 | requests: |
| 262 | cpu: 1 |
| 263 | memory: 3Gi |
| 264 | large: |
| 265 | limits: |
| 266 | cpu: 4 |
| 267 | memory: 8Gi |
| 268 | requests: |
| 269 | cpu: 2 |
| 270 | memory: 4Gi |
| 271 | unlimited: {} |
farida azmy | d893733 | 2021-03-09 12:20:42 +0200 | [diff] [blame] | 272 | |
| 273 | #Pods Service Account |
| 274 | serviceAccount: |
| 275 | nameOverride: aai-resources |
| 276 | roles: |
| 277 | - read |