ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 1 | # ============LICENSE_START======================================================= |
| 2 | # Copyright (C) 2019 Nordix Foundation. |
jhh | 999c224 | 2021-02-24 12:10:02 -0600 | [diff] [blame] | 3 | # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. |
a.sreekumar | 2f37736 | 2022-02-09 12:40:57 +0000 | [diff] [blame] | 4 | # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 5 | # ================================================================================ |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | # |
| 18 | # SPDX-License-Identifier: Apache-2.0 |
| 19 | # ============LICENSE_END========================================================= |
| 20 | |
| 21 | ################################################################# |
| 22 | # Global configuration defaults. |
| 23 | ################################################################# |
| 24 | global: |
Bruno Sakoto | 425d5be | 2020-05-20 07:25:41 -0400 | [diff] [blame] | 25 | nodePortPrefixExt: 304 |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 26 | persistence: {} |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 27 | aafEnabled: true |
Krzysztof Opasiak | 3d9dc8b | 2020-03-31 23:05:16 +0200 | [diff] [blame] | 28 | |
| 29 | ################################################################# |
| 30 | # Secrets metaconfig |
| 31 | ################################################################# |
| 32 | secrets: |
| 33 | - uid: db-secret |
| 34 | type: basicAuth |
| 35 | externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' |
| 36 | login: '{{ .Values.db.user }}' |
| 37 | password: '{{ .Values.db.password }}' |
| 38 | passwordPolicy: required |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 39 | - uid: restserver-secret |
| 40 | type: basicAuth |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 41 | externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 42 | login: '{{ .Values.restServer.user }}' |
| 43 | password: '{{ .Values.restServer.password }}' |
| 44 | passwordPolicy: required |
| 45 | - uid: api-secret |
| 46 | type: basicAuth |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 47 | externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 48 | login: '{{ .Values.healthCheckRestClient.api.user }}' |
| 49 | password: '{{ .Values.healthCheckRestClient.api.password }}' |
| 50 | passwordPolicy: required |
| 51 | - uid: distribution-secret |
| 52 | type: basicAuth |
| 53 | externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' |
| 54 | login: '{{ .Values.healthCheckRestClient.distribution.user }}' |
| 55 | password: '{{ .Values.healthCheckRestClient.distribution.password }}' |
| 56 | passwordPolicy: required |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 57 | - uid: keystore-password |
| 58 | type: password |
| 59 | externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' |
| 60 | password: '{{ .Values.certStores.keyStorePassword }}' |
| 61 | passwordPolicy: required |
| 62 | - uid: truststore-password |
| 63 | type: password |
| 64 | externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' |
| 65 | password: '{{ .Values.certStores.trustStorePassword }}' |
| 66 | passwordPolicy: required |
| 67 | |
| 68 | certStores: |
| 69 | keyStorePassword: Pol1cy_0nap |
| 70 | trustStorePassword: Pol1cy_0nap |
| 71 | |
| 72 | certInitializer: |
| 73 | nameOverride: policy-pap-cert-initializer |
| 74 | aafDeployFqi: deployer@people.osaaf.org |
| 75 | aafDeployPass: demo123456! |
| 76 | fqdn: policy |
| 77 | fqi: policy@policy.onap.org |
| 78 | public_fqdn: policy.onap.org |
| 79 | cadi_latitude: "0.0" |
| 80 | cadi_longitude: "0.0" |
| 81 | credsPath: /opt/app/osaaf/local |
| 82 | app_ns: org.osaaf.aaf |
| 83 | uid: 100 |
| 84 | gid: 101 |
| 85 | aaf_add_config: > |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 86 | echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; |
| 87 | echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; |
| 88 | chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); |
| 89 | |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 90 | |
| 91 | ################################################################# |
| 92 | # Application configuration defaults. |
| 93 | ################################################################# |
| 94 | # application image |
jhh | 8f95be2 | 2022-04-13 11:56:40 -0500 | [diff] [blame] | 95 | image: onap/policy-pap:2.6.2 |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 96 | pullPolicy: Always |
| 97 | |
| 98 | # flag to enable debugging - application support required |
| 99 | debugEnabled: false |
| 100 | |
| 101 | # application configuration |
| 102 | |
Krzysztof Opasiak | 3d9dc8b | 2020-03-31 23:05:16 +0200 | [diff] [blame] | 103 | db: |
| 104 | user: policy_user |
| 105 | password: policy_user |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 106 | service: |
| 107 | name: policy-mariadb |
| 108 | internalPort: 3306 |
| 109 | |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 110 | restServer: |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 111 | user: policyadmin |
a.sreekumar | 2f37736 | 2022-02-09 12:40:57 +0000 | [diff] [blame] | 112 | password: zb!XztG34 |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 113 | |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 114 | healthCheckRestClient: |
| 115 | api: |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 116 | user: policyadmin |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 117 | password: none |
Dominik Mizyn | 389fca1 | 2020-04-09 22:37:00 +0200 | [diff] [blame] | 118 | distribution: |
| 119 | user: healthcheck |
| 120 | password: zb!XztG34 |
Krzysztof Opasiak | 3d9dc8b | 2020-03-31 23:05:16 +0200 | [diff] [blame] | 121 | |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 122 | # default number of instances |
| 123 | replicaCount: 1 |
| 124 | |
| 125 | nodeSelector: {} |
| 126 | |
| 127 | affinity: {} |
| 128 | |
| 129 | # probe configuration parameters |
| 130 | liveness: |
a.sreekumar | 2f37736 | 2022-02-09 12:40:57 +0000 | [diff] [blame] | 131 | initialDelaySeconds: 60 |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 132 | periodSeconds: 10 |
| 133 | # necessary to disable liveness probe when setting breakpoints |
| 134 | # in debugger so K8s doesn't restart unresponsive container |
| 135 | enabled: true |
Bruno Sakoto | 0644c26 | 2020-05-22 16:56:35 -0400 | [diff] [blame] | 136 | port: http-api |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 137 | |
| 138 | readiness: |
a.sreekumar | 2f37736 | 2022-02-09 12:40:57 +0000 | [diff] [blame] | 139 | initialDelaySeconds: 10 |
| 140 | periodSeconds: 120 |
Bruno Sakoto | 0644c26 | 2020-05-22 16:56:35 -0400 | [diff] [blame] | 141 | port: http-api |
a.sreekumar | 2f37736 | 2022-02-09 12:40:57 +0000 | [diff] [blame] | 142 | api: /policy/pap/v1/healthcheck |
| 143 | scheme: HTTPS |
| 144 | successThreshold: 1 |
| 145 | failureThreshold: 3 |
| 146 | timeout: 60 |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 147 | |
| 148 | service: |
| 149 | type: ClusterIP |
| 150 | name: policy-pap |
Bruno Sakoto | 0644c26 | 2020-05-22 16:56:35 -0400 | [diff] [blame] | 151 | useNodePortExt: true |
| 152 | ports: |
| 153 | - name: http-api |
| 154 | port: 6969 |
| 155 | nodePort: 42 |
ramverma | 1a3b8ad | 2019-02-25 12:45:11 +0000 | [diff] [blame] | 156 | |
| 157 | ingress: |
| 158 | enabled: false |
| 159 | |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 160 | flavor: small |
| 161 | resources: |
| 162 | small: |
| 163 | limits: |
| 164 | cpu: 1 |
| 165 | memory: 4Gi |
| 166 | requests: |
| 167 | cpu: 100m |
| 168 | memory: 1Gi |
| 169 | large: |
| 170 | limits: |
| 171 | cpu: 2 |
| 172 | memory: 8Gi |
| 173 | requests: |
| 174 | cpu: 200m |
| 175 | memory: 2Gi |
| 176 | unlimited: {} |
farida azmy | c117837 | 2021-04-11 12:55:33 +0200 | [diff] [blame] | 177 | |
| 178 | #Pods Service Account |
| 179 | serviceAccount: |
| 180 | nameOverride: policy-pap |
| 181 | roles: |
| 182 | - read |
Rashmi Pujar | a8b0926 | 2022-03-15 21:58:57 -0400 | [diff] [blame] | 183 | |
Rashmi Pujar | a8b0926 | 2022-03-15 21:58:57 -0400 | [diff] [blame] | 184 | metrics: |
| 185 | serviceMonitor: |
| 186 | # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. |
| 187 | # The default operator for prometheus enforces the below label. |
| 188 | labels: |
| 189 | release: prometheus |
| 190 | enabled: true |
| 191 | port: http-api |
| 192 | interval: 60s |
| 193 | isHttps: true |
| 194 | basicAuth: |
| 195 | enabled: true |
| 196 | externalSecretNameSuffix: policy-pap-user-creds |
| 197 | externalSecretUserKey: login |
| 198 | externalSecretPasswordKey: password |