Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / ba86c11f138127067d533dbfa9c6729386e438f7 / . / kubernetes / policy / components / policy-pap / values.yaml
blob: 2c240d23479687adedbda119b00d276ab002f3ff [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]1# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -0600[diff] [blame]3# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]4# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]5# ================================================================================
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17#
18# SPDX-License-Identifier: Apache-2.0
19# ============LICENSE_END=========================================================
20
21#################################################################
22# Global configuration defaults.
23#################################################################
24global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -0400[diff] [blame]25 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]26 persistence: {}
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]27 aafEnabled: true
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]28
29#################################################################
30# Secrets metaconfig
31#################################################################
32secrets:
33 - uid: db-secret
34 type: basicAuth
35 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
36 login: '{{ .Values.db.user }}'
37 password: '{{ .Values.db.password }}'
38 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]39 - uid: restserver-secret
40 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]41 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]42 login: '{{ .Values.restServer.user }}'
43 password: '{{ .Values.restServer.password }}'
44 passwordPolicy: required
45 - uid: api-secret
46 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]47 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]48 login: '{{ .Values.healthCheckRestClient.api.user }}'
49 password: '{{ .Values.healthCheckRestClient.api.password }}'
50 passwordPolicy: required
51 - uid: distribution-secret
52 type: basicAuth
53 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
54 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
55 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
56 passwordPolicy: required
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]57 - uid: keystore-password
58 type: password
59 externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
60 password: '{{ .Values.certStores.keyStorePassword }}'
61 passwordPolicy: required
62 - uid: truststore-password
63 type: password
64 externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
65 password: '{{ .Values.certStores.trustStorePassword }}'
66 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]67 - uid: policy-kafka-user
68 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
69 type: genericKV
70 envs:
71 - name: sasl.jaas.config
72 value: '{{ .Values.config.someConfig }}'
73 policy: generate
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]74
75certStores:
76 keyStorePassword: Pol1cy_0nap
77 trustStorePassword: Pol1cy_0nap
78
79certInitializer:
80 nameOverride: policy-pap-cert-initializer
81 aafDeployFqi: deployer@people.osaaf.org
82 aafDeployPass: demo123456!
83 fqdn: policy
84 fqi: policy@policy.onap.org
85 public_fqdn: policy.onap.org
86 cadi_latitude: "0.0"
87 cadi_longitude: "0.0"
88 credsPath: /opt/app/osaaf/local
89 app_ns: org.osaaf.aaf
90 uid: 100
91 gid: 101
92 aaf_add_config: >
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]93 echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
94 echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
95 chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
96
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]97
98#################################################################
99# Application configuration defaults.
100#################################################################
101# application image
jhh2a5d1bb2022-05-04 13:44:26 -0500[diff] [blame]102image: onap/policy-pap:2.6.3
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]103pullPolicy: Always
104
105# flag to enable debugging - application support required
106debugEnabled: false
107
108# application configuration
109
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]110db:
111 user: policy_user
112 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]113 service:
114 name: policy-mariadb
115 internalPort: 3306
116
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]117restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]118 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]119 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]120
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]121healthCheckRestClient:
122 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]123 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]124 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]125 distribution:
126 user: healthcheck
127 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]128
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]129# default number of instances
130replicaCount: 1
131
132nodeSelector: {}
133
134affinity: {}
135
136# probe configuration parameters
137liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]138 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]139 periodSeconds: 10
140 # necessary to disable liveness probe when setting breakpoints
141 # in debugger so K8s doesn't restart unresponsive container
142 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]143 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]144
145readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]146 initialDelaySeconds: 10
147 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]148 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]149 api: /policy/pap/v1/healthcheck
150 scheme: HTTPS
151 successThreshold: 1
152 failureThreshold: 3
153 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]154
155service:
156 type: ClusterIP
157 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]158 useNodePortExt: true
159 ports:
160 - name: http-api
161 port: 6969
162 nodePort: 42
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]163
164ingress:
165 enabled: false
166
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]167flavor: small
168resources:
169 small:
170 limits:
171 cpu: 1
172 memory: 4Gi
173 requests:
174 cpu: 100m
175 memory: 1Gi
176 large:
177 limits:
178 cpu: 2
179 memory: 8Gi
180 requests:
181 cpu: 200m
182 memory: 2Gi
183 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]184
185#Pods Service Account
186serviceAccount:
187 nameOverride: policy-pap
188 roles:
189 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]190
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]191metrics:
192 serviceMonitor:
193 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
194 # The default operator for prometheus enforces the below label.
195 labels:
196 release: prometheus
197 enabled: true
198 port: http-api
199 interval: 60s
200 isHttps: true
201 basicAuth:
202 enabled: true
203 externalSecretNameSuffix: policy-pap-user-creds
204 externalSecretUserKey: login
205 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]206
207# application configuration
208config:
209# Event consumption (kafka) properties
210 useStrimziKafka: true
211 kafkaBootstrap: strimzi-kafka-bootstrap
212 kafka:
213 consumer:
214 groupId: poicy-group
215 app:
216 listener:
217 policyPdpPapTopic: policy-pdp-pap
218# If targeting a custom kafka cluster, ie useStrimziKakfa: false
219# uncomment below config and target your kafka bootstrap servers,
220# along with any other security config.
221#
222# eventConsumption:
223# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
224# spring.kafka.security.protocol: PLAINTEXT
225# spring.kafka.consumer.group-id: policy-group
226#
227# Any new property can be added in the env by setting in overrides in the format mentioned below
228# All the added properties must be in "key: value" format instead of yaml.