Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 1 | # Copyright (c) 2017 Amdocs, Bell Canada |
| 2 | # Modifications Copyright (c) 2018 AT&T |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 3 | # Modifications Copyright (c) 2020 Nokia, Orange |
Sylvain Desbureaux | 6212bb2 | 2021-01-18 11:43:33 +0100 | [diff] [blame] | 4 | # Modifications Copyright (c) 2021 Orange |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 5 | # |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | |
| 18 | # Default values for aai. |
| 19 | # This is a YAML-formatted file. |
| 20 | # Declare variables to be passed into your templates. |
| 21 | global: # global defaults |
| 22 | nodePortPrefix: 302 |
| 23 | repository: nexus3.onap.org:10001 |
| 24 | dockerhubRepository: docker.io |
| 25 | busyboxImage: busybox |
| 26 | |
| 27 | readinessImage: onap/oom/readiness:3.0.1 |
| 28 | |
| 29 | loggingRepository: docker.elastic.co |
| 30 | loggingImage: beats/filebeat:5.5.0 |
| 31 | |
| 32 | restartPolicy: Always |
| 33 | |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 34 | aafEnabled: true |
Sylvain Desbureaux | 6212bb2 | 2021-01-18 11:43:33 +0100 | [diff] [blame] | 35 | msbEnabled: true |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 36 | centralizedLoggingEnabled: true |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 37 | |
| 38 | cassandra: |
| 39 | #This will instantiate AAI cassandra cluster, default:shared cassandra. |
| 40 | localCluster: false |
| 41 | |
| 42 | #Service Name of the cassandra cluster to connect to. |
| 43 | #Override it to aai-cassandra if localCluster is enabled. |
| 44 | serviceName: cassandra |
| 45 | |
| 46 | #This should be same as shared cassandra instance or if localCluster is enabled |
| 47 | #then it should be same as aai-cassandra replicaCount |
| 48 | replicas: 3 |
| 49 | |
| 50 | #Cassanara login details |
| 51 | username: cassandra |
| 52 | password: cassandra |
| 53 | |
| 54 | aai: |
| 55 | serviceName: aai |
| 56 | babel: |
| 57 | serviceName: aai-babel |
| 58 | aaiElasticsearch: |
| 59 | serviceName: aai-elasticsearch |
| 60 | resources: |
| 61 | serviceName: aai-resources |
| 62 | sparkyBe: |
| 63 | serviceName: aai-sparky-be |
| 64 | dataRouter: |
| 65 | serviceName: aai-data-router |
| 66 | gizmo: |
| 67 | serviceName: aai-gizmo |
| 68 | modelloader: |
| 69 | serviceName: aai-modelloader |
| 70 | searchData: |
| 71 | serviceName: aai-search-data |
| 72 | traversal: |
| 73 | serviceName: aai-traversal |
| 74 | graphadmin: |
| 75 | serviceName: aai-graphadmin |
| 76 | spike: |
| 77 | serviceName: aai-spike |
| 78 | |
| 79 | initContainers: |
| 80 | enabled: true |
| 81 | # Specifies a list of jobs to be run |
| 82 | jobs: |
| 83 | # When enabled, it will create the schema based on oxm and edge rules |
| 84 | createSchema: |
| 85 | enabled: true |
| 86 | # When enabled, it will create the widget models via REST API to haproxy |
| 87 | updateQueryData: |
| 88 | enabled: true |
| 89 | #migration using helm hooks |
| 90 | migration: |
| 91 | enabled: false |
| 92 | remoteCassandra: |
| 93 | enabled: false |
| 94 | storage: |
| 95 | backend: cassandra |
| 96 | hostname: 10.10.10.10 |
| 97 | connectionTimeout: 100000 |
| 98 | cacheSize: 1000000 |
| 99 | keyConsistent: true |
| 100 | |
| 101 | #If backend is cql or cassandra it should be keyspace name |
| 102 | #else backend is hbase it should be hbase table name |
| 103 | name: aaigraph |
| 104 | |
| 105 | ## CQL driver specific properties for janusgraph |
| 106 | # cql: |
| 107 | # #Name of the Cassandra Cluster |
| 108 | # cluster: someclustername |
| 109 | # readConsistency: QUORUM |
| 110 | # writeConsistency: QUORUM |
| 111 | # replicationFactor: 3 |
| 112 | # localConsistencyForSysOps: true |
| 113 | |
| 114 | ## Cassandra driver specific properties for janusgraph |
| 115 | cassandra: |
| 116 | #Name of the Cassandra Cluster |
| 117 | clusterName: aai-cluster |
| 118 | localDataCenter: Pod lab |
| 119 | readConsistency: LOCAL_QUORUM |
| 120 | writeConsistency: LOCAL_QUORUM |
| 121 | replicationFactor: 3 |
| 122 | |
| 123 | #storage: |
| 124 | # backend: cassandra |
| 125 | # hostname: somehost1,somehost2,somehost3 |
| 126 | # connectionTimeout: 100000 |
| 127 | # cacheSize: 1000000 |
| 128 | # clusterName: someClusterName |
| 129 | # localDataCenter: someDataCenter |
| 130 | # keyConsistent: true |
| 131 | # #If backend is cql or cassandra it should be keyspace name |
| 132 | # #else backend is hbase it should be hbase table name |
| 133 | # name: your_hbase_table_or_keyspace_name |
| 134 | |
| 135 | ## CQL driver specific properties for janusgraph |
| 136 | # cql: |
| 137 | # #Name of the Cassandra Cluster |
| 138 | # cluster: someclustername |
| 139 | # readConsistency: QUORUM |
| 140 | # writeConsistency: QUORUM |
| 141 | # replicationFactor: 3 |
| 142 | # localConsistencyForSysOps: true |
| 143 | |
| 144 | ## Cassandra driver specific properties for janusgraph |
| 145 | # cassandra: |
| 146 | # #Name of the Cassandra Cluster |
| 147 | # cluster: someclustername |
| 148 | # readConsistency: LOCAL_QUORUM |
| 149 | # writeConsistency: LOCAL_QUORUM |
| 150 | # replicationFactor: 3 |
| 151 | |
| 152 | |
| 153 | # Common configuration for resources traversal and graphadmin |
| 154 | config: |
| 155 | # User information for the admin user in container |
| 156 | userId: 1000 |
| 157 | groupId: 1000 |
| 158 | |
| 159 | # Specifies that the cluster connected to a dynamic |
| 160 | # cluster being spinned up by kubernetes deployment |
| 161 | cluster: |
| 162 | cassandra: |
| 163 | dynamic: true |
| 164 | |
| 165 | # If cluster.cassandra.dynamic is set to false |
| 166 | # Then the following configuration should be uncommented |
| 167 | # This is if you are planning to connect to a existing |
| 168 | # Cassandra cluster instead of doing the deployment |
| 169 | #storage: |
| 170 | # backend: cassandra |
| 171 | # hostname: somehost1,somehost2,somehost3 |
| 172 | # connectionTimeout: 100000 |
| 173 | # cacheSize: 1000000 |
| 174 | # clusterName: someClusterName |
| 175 | # localDataCenter: someDataCenter |
| 176 | # keyConsistent: true |
| 177 | # # If backend is cql or cassandra it should be keyspace name |
| 178 | # # else backend is hbase it should be hbase table name |
| 179 | # name: your_hbase_table_or_keyspace_name |
| 180 | |
| 181 | # # CQL driver specific properties for janusgraph |
| 182 | # cql: |
| 183 | # # Name of the Cassandra Cluster |
| 184 | # cluster: someclustername |
| 185 | # readConsistency: QUORUM |
| 186 | # writeConsistency: QUORUM |
| 187 | # replicationFactor: 3 |
| 188 | # localConsistencyForSysOps: true |
| 189 | |
| 190 | # # Cassandra driver specific properties for janusgraph |
| 191 | # cassandra: |
| 192 | # # Name of the Cassandra Cluster |
| 193 | # cluster: someclustername |
| 194 | # readConsistency: LOCAL_QUORUM |
| 195 | # writeConsistency: LOCAL_QUORUM |
| 196 | # replicationFactor: 3 |
| 197 | |
| 198 | # Specifies if the basic authorization is enabled |
| 199 | basic: |
| 200 | auth: |
| 201 | enabled: true |
| 202 | username: AAI |
| 203 | passwd: AAI |
| 204 | |
| 205 | # Active spring profiles for the resources microservice |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 206 | # aaf-auth profile will be automatically set if aaf enabled is set to true |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 207 | profiles: |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 208 | active: production,dmaap #,aaf-auth |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 209 | |
| 210 | # Notification event specific properties |
| 211 | notification: |
| 212 | eventType: AAI-EVENT |
| 213 | domain: dev |
| 214 | |
| 215 | # Schema specific properties that include supported versions of api |
| 216 | schema: |
| 217 | # Specifies if the connection should be one way ssl, two way ssl or no auth |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 218 | # will be set to no-auth if tls is disabled |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 219 | service: |
| 220 | client: one-way-ssl |
| 221 | # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service |
| 222 | translator: |
| 223 | list: schema-service |
| 224 | source: |
| 225 | # Specifies which folder to take a look at |
| 226 | name: onap |
| 227 | uri: |
| 228 | # Base URI Path of the application |
| 229 | base: |
| 230 | path: /aai |
| 231 | version: |
| 232 | # Current version of the REST API |
| 233 | api: |
wr148d | 9ed6e5f | 2022-02-23 11:45:25 -0500 | [diff] [blame] | 234 | default: v26 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 235 | # Specifies which version the depth parameter is configurable |
| 236 | depth: v11 |
| 237 | # List of all the supported versions of the API |
wr148d | 9ed6e5f | 2022-02-23 11:45:25 -0500 | [diff] [blame] | 238 | list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 239 | # Specifies from which version related link should appear |
| 240 | related: |
| 241 | link: v11 |
| 242 | # Specifies from which version the app root change happened |
| 243 | app: |
| 244 | root: v11 |
| 245 | # Specifies from which version the xml namespace changed |
| 246 | namespace: |
| 247 | change: v12 |
| 248 | # Specifies from which version the edge label appeared in API |
| 249 | edge: |
| 250 | label: v12 |
| 251 | |
| 252 | # Keystore configuration password and filename |
| 253 | keystore: |
| 254 | filename: aai_keystore |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 255 | passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 256 | |
| 257 | # Truststore configuration password and filename |
| 258 | truststore: |
| 259 | filename: aai_keystore |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 260 | passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 261 | |
| 262 | # Specifies a list of files to be included in auth volume |
| 263 | auth: |
| 264 | files: |
| 265 | - aai_keystore |
| 266 | |
| 267 | # Specifies which clients should always default to realtime graph connection |
| 268 | realtime: |
| 269 | clients: SDNC,MSO,SO,robot-ete |
| 270 | |
| 271 | # Logback debug enabled |
| 272 | logback: |
| 273 | console: |
| 274 | # If enabled, container will print all logback to standard output |
| 275 | # This will make debugging much easier but it should only be done |
| 276 | # when debugging the issue and changed back as it can affect performance |
| 277 | # since when this is enabled, it prints a lot of information to console |
| 278 | enabled: false |
| 279 | |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 280 | aai-babel: |
| 281 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 282 | aai-graphadmin: |
| 283 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 284 | aai-modelloader: |
| 285 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 286 | aai-resources: |
| 287 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 288 | aai-schema-service: |
| 289 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 290 | aai-sparky-be: |
| 291 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 292 | aai-traversal: |
| 293 | logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' |
| 294 | |
Sylvain Desbureaux | 87f49af | 2020-12-15 11:56:51 +0100 | [diff] [blame] | 295 | ################################################################# |
| 296 | # Certificate configuration |
| 297 | ################################################################# |
| 298 | certInitializer: |
| 299 | nameOverride: aai-cert-initializer |
| 300 | aafDeployFqi: deployer@people.osaaf.org |
| 301 | aafDeployPass: demo123456! |
| 302 | # aafDeployCredsExternalSecret: some secret |
| 303 | fqdn: "aai" |
| 304 | app_ns: "org.osaaf.aaf" |
| 305 | fqi_namespace: "org.onap.aai" |
| 306 | fqi: "aai@aai.onap.org" |
| 307 | public_fqdn: "aaf.osaaf.org" |
| 308 | cadi_longitude: "0.0" |
| 309 | cadi_latitude: "0.0" |
| 310 | credsPath: /opt/app/osaaf/local |
| 311 | aaf_add_config: | |
Sylvain Desbureaux | 87f49af | 2020-12-15 11:56:51 +0100 | [diff] [blame] | 312 | echo "*** transform AAF certs into pem files" |
| 313 | mkdir -p {{ .Values.credsPath }}/certs |
| 314 | keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ |
| 315 | -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ |
| 316 | -alias ca_local_0 \ |
| 317 | -storepass $cadi_truststore_password |
| 318 | openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ |
| 319 | -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ |
| 320 | -passin pass:$cadi_keystore_password_p12 \ |
| 321 | -passout pass:$cadi_keystore_password_p12 |
| 322 | echo "*** generating needed file" |
| 323 | cat {{ .Values.credsPath }}/certs/cert.pem \ |
| 324 | {{ .Values.credsPath }}/certs/cacert.pem \ |
| 325 | {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ |
| 326 | > {{ .Values.credsPath }}/certs/fullchain.pem; |
| 327 | chown 1001 {{ .Values.credsPath }}/certs/* |
| 328 | |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 329 | # application image |
| 330 | dockerhubRepository: registry.hub.docker.com |
| 331 | image: aaionap/haproxy:1.4.2 |
| 332 | pullPolicy: Always |
| 333 | |
| 334 | flavor: small |
| 335 | flavorOverride: small |
| 336 | |
| 337 | # flag to enable debugging - application support required |
| 338 | debugEnabled: false |
| 339 | |
| 340 | # application configuration |
| 341 | config: |
| 342 | logstashServiceName: log-ls |
| 343 | logstashPort: 5044 |
| 344 | |
| 345 | # default number of instances |
| 346 | replicaCount: 1 |
| 347 | |
| 348 | nodeSelector: {} |
| 349 | |
| 350 | affinity: {} |
| 351 | |
Suresh Charan | c1aa758 | 2022-01-31 06:25:37 -0500 | [diff] [blame] | 352 | # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns |
| 353 | haproxy: |
| 354 | requestBlocking: |
| 355 | enabled: false |
| 356 | customConfigs: [] |
| 357 | |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 358 | # probe configuration parameters |
| 359 | liveness: |
| 360 | initialDelaySeconds: 10 |
| 361 | periodSeconds: 10 |
| 362 | # necessary to disable liveness probe when setting breakpoints |
| 363 | # in debugger so K8s doesn't restart unresponsive container |
| 364 | enabled: true |
| 365 | |
| 366 | #This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use. |
| 367 | #Below command will instantiate the aai cassandra instances: |
| 368 | #helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \ |
| 369 | # --set aai.global.cassandra.localCluster=true \ |
| 370 | # --set aai.global.cassandra.serviceName=aai-cassandra |
| 371 | cassandra: |
| 372 | nameOverride: aai-cassandra |
Andreas Geissler | 3072a89 | 2022-01-07 17:41:42 +0000 | [diff] [blame] | 373 | serviceAccount: |
| 374 | nameOverride: aai-cassandra |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 375 | replicaCount: 3 |
| 376 | service: |
| 377 | name: aai-cassandra |
| 378 | persistence: |
| 379 | mountSubPath: aai/cassandra |
| 380 | enabled: true |
| 381 | |
| 382 | readiness: |
| 383 | initialDelaySeconds: 10 |
| 384 | periodSeconds: 10 |
| 385 | |
| 386 | service: |
| 387 | type: NodePort |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 388 | portName: http |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 389 | externalPort: 8443 |
| 390 | internalPort: 8443 |
| 391 | nodePort: 33 |
| 392 | # POLICY hotfix - Note this must be temporary |
| 393 | # See https://jira.onap.org/browse/POLICY-510 |
| 394 | aaiServiceClusterIp: |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 395 | externalPlainPort: 80 |
| 396 | internalPlainPort: 8080 |
| 397 | nodeport: 33 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 398 | |
| 399 | ingress: |
| 400 | enabled: false |
| 401 | service: |
| 402 | - baseaddr: "aai.api" |
| 403 | name: "aai" |
| 404 | port: 8443 |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 405 | config: |
| 406 | ssl: "redirect" |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 407 | |
| 408 | resources: |
| 409 | small: |
| 410 | limits: |
| 411 | cpu: 2 |
| 412 | memory: 4Gi |
| 413 | requests: |
| 414 | cpu: 1 |
| 415 | memory: 1Gi |
| 416 | large: |
| 417 | limits: |
| 418 | cpu: 4 |
| 419 | memory: 8Gi |
| 420 | requests: |
| 421 | cpu: 2 |
| 422 | memory: 2Gi |
| 423 | unlimited: {} |
farida azmy | d893733 | 2021-03-09 12:20:42 +0200 | [diff] [blame] | 424 | |
| 425 | #Pods Service Account |
| 426 | serviceAccount: |
| 427 | nameOverride: aai |
| 428 | roles: |
| 429 | - read |