blob: 41978331a401b6e20fba144267aaa04efa677c0d [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +00001# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -06003# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +00004# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
ramverma1a3b8ad2019-02-25 12:45:11 +00005# ================================================================================
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17#
18# SPDX-License-Identifier: Apache-2.0
19# ============LICENSE_END=========================================================
20
21#################################################################
22# Global configuration defaults.
23#################################################################
24global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -040025 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +000026 persistence: {}
jhhd4258672020-08-09 12:08:08 -050027 aafEnabled: true
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +020028
29#################################################################
30# Secrets metaconfig
31#################################################################
32secrets:
33 - uid: db-secret
34 type: basicAuth
35 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
36 login: '{{ .Values.db.user }}'
37 password: '{{ .Values.db.password }}'
38 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +020039 - uid: restserver-secret
40 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010041 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020042 login: '{{ .Values.restServer.user }}'
43 password: '{{ .Values.restServer.password }}'
44 passwordPolicy: required
45 - uid: api-secret
46 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010047 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020048 login: '{{ .Values.healthCheckRestClient.api.user }}'
49 password: '{{ .Values.healthCheckRestClient.api.password }}'
50 passwordPolicy: required
51 - uid: distribution-secret
52 type: basicAuth
53 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
54 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
55 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
56 passwordPolicy: required
jhhd4258672020-08-09 12:08:08 -050057 - uid: keystore-password
58 type: password
59 externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
60 password: '{{ .Values.certStores.keyStorePassword }}'
61 passwordPolicy: required
62 - uid: truststore-password
63 type: password
64 externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
65 password: '{{ .Values.certStores.trustStorePassword }}'
66 passwordPolicy: required
67
68certStores:
69 keyStorePassword: Pol1cy_0nap
70 trustStorePassword: Pol1cy_0nap
71
72certInitializer:
73 nameOverride: policy-pap-cert-initializer
74 aafDeployFqi: deployer@people.osaaf.org
75 aafDeployPass: demo123456!
76 fqdn: policy
77 fqi: policy@policy.onap.org
78 public_fqdn: policy.onap.org
79 cadi_latitude: "0.0"
80 cadi_longitude: "0.0"
81 credsPath: /opt/app/osaaf/local
82 app_ns: org.osaaf.aaf
83 uid: 100
84 gid: 101
85 aaf_add_config: >
jhhd4258672020-08-09 12:08:08 -050086 echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
87 echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
88 chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
89
ramverma1a3b8ad2019-02-25 12:45:11 +000090
91#################################################################
92# Application configuration defaults.
93#################################################################
94# application image
jhh8f95be22022-04-13 11:56:40 -050095image: onap/policy-pap:2.6.2
ramverma1a3b8ad2019-02-25 12:45:11 +000096pullPolicy: Always
97
98# flag to enable debugging - application support required
99debugEnabled: false
100
101# application configuration
102
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200103db:
104 user: policy_user
105 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500106 service:
107 name: policy-mariadb
108 internalPort: 3306
109
Dominik Mizyn389fca12020-04-09 22:37:00 +0200110restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000111 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000112 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500113
Dominik Mizyn389fca12020-04-09 22:37:00 +0200114healthCheckRestClient:
115 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000116 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100117 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200118 distribution:
119 user: healthcheck
120 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200121
ramverma1a3b8ad2019-02-25 12:45:11 +0000122# default number of instances
123replicaCount: 1
124
125nodeSelector: {}
126
127affinity: {}
128
129# probe configuration parameters
130liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000131 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000132 periodSeconds: 10
133 # necessary to disable liveness probe when setting breakpoints
134 # in debugger so K8s doesn't restart unresponsive container
135 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400136 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000137
138readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000139 initialDelaySeconds: 10
140 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400141 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000142 api: /policy/pap/v1/healthcheck
143 scheme: HTTPS
144 successThreshold: 1
145 failureThreshold: 3
146 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000147
148service:
149 type: ClusterIP
150 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400151 useNodePortExt: true
152 ports:
153 - name: http-api
154 port: 6969
155 nodePort: 42
ramverma1a3b8ad2019-02-25 12:45:11 +0000156
157ingress:
158 enabled: false
159
jhhd4258672020-08-09 12:08:08 -0500160flavor: small
161resources:
162 small:
163 limits:
164 cpu: 1
165 memory: 4Gi
166 requests:
167 cpu: 100m
168 memory: 1Gi
169 large:
170 limits:
171 cpu: 2
172 memory: 8Gi
173 requests:
174 cpu: 200m
175 memory: 2Gi
176 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200177
178#Pods Service Account
179serviceAccount:
180 nameOverride: policy-pap
181 roles:
182 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400183
Rashmi Pujara8b09262022-03-15 21:58:57 -0400184metrics:
185 serviceMonitor:
186 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
187 # The default operator for prometheus enforces the below label.
188 labels:
189 release: prometheus
190 enabled: true
191 port: http-api
192 interval: 60s
193 isHttps: true
194 basicAuth:
195 enabled: true
196 externalSecretNameSuffix: policy-pap-user-creds
197 externalSecretUserKey: login
198 externalSecretPasswordKey: password