Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 1 | # |
| 2 | # ============LICENSE_START======================================================= |
| 3 | # org.onap.aai |
| 4 | # ================================================================================ |
| 5 | # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. |
| 6 | # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. |
Sylvain Desbureaux | c57b58d | 2021-02-23 18:07:34 +0100 | [diff] [blame] | 7 | # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 8 | # ================================================================================ |
| 9 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 10 | # you may not use this file except in compliance with the License. |
| 11 | # You may obtain a copy of the License at |
| 12 | # |
| 13 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 14 | # |
| 15 | # Unless required by applicable law or agreed to in writing, software |
| 16 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 18 | # See the License for the specific language governing permissions and |
| 19 | # limitations under the License. |
| 20 | # ============LICENSE_END========================================================= |
| 21 | |
| 22 | # Default values for resources. |
| 23 | # This is a YAML-formatted file. |
| 24 | # Declare variables to be passed into your templates. |
| 25 | global: # global defaults |
| 26 | nodePortPrefix: 302 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 27 | cassandra: |
| 28 | #This will instantiate AAI cassandra cluster, default:shared cassandra. |
| 29 | localCluster: false |
| 30 | initContainers: |
| 31 | enabled: true |
| 32 | jobs: |
| 33 | # When enabled, it will create the schema based on oxm and edge rules |
| 34 | createSchema: |
| 35 | enabled: true |
| 36 | #migration using helm hooks |
| 37 | migration: |
| 38 | enabled: false |
| 39 | config: |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 40 | |
| 41 | # Specifies that the cluster connected to a dynamic |
| 42 | # cluster being spinned up by kubernetes deployment |
| 43 | cluster: |
| 44 | cassandra: |
| 45 | dynamic: true |
| 46 | |
| 47 | # Specifies if the basic authorization is enabled |
| 48 | basic: |
| 49 | auth: |
| 50 | enabled: true |
| 51 | username: AAI |
| 52 | passwd: AAI |
| 53 | |
| 54 | # Notification event specific properties |
| 55 | notification: |
| 56 | eventType: AAI-EVENT |
| 57 | domain: dev |
| 58 | |
| 59 | # Schema specific properties that include supported versions of api |
| 60 | schema: |
| 61 | # Specifies if the connection should be one way ssl, two way ssl or no auth |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 62 | # will be set to no-auth if tls is disabled |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 63 | service: |
| 64 | client: one-way-ssl |
| 65 | # Specifies which translator to use if it has schema-service, then it will |
| 66 | # make a rest request to schema service |
| 67 | translator: |
| 68 | list: schema-service |
| 69 | source: |
| 70 | # Specifies which folder to take a look at |
| 71 | name: onap |
| 72 | uri: |
| 73 | # Base URI Path of the application |
| 74 | base: |
| 75 | path: /aai |
| 76 | version: |
| 77 | # Current version of the REST API |
| 78 | api: |
wr148d | 77086d7 | 2021-08-27 16:15:36 -0400 | [diff] [blame] | 79 | default: v24 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 80 | # Specifies which version the depth parameter is configurable |
| 81 | depth: v11 |
| 82 | # List of all the supported versions of the API |
wr148d | 77086d7 | 2021-08-27 16:15:36 -0400 | [diff] [blame] | 83 | list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 84 | # Specifies from which version related link should appear |
| 85 | related: |
| 86 | link: v11 |
| 87 | # Specifies from which version the app root change happened |
| 88 | app: |
| 89 | root: v11 |
| 90 | # Specifies from which version the xml namespace changed |
| 91 | namespace: |
| 92 | change: v12 |
| 93 | # Specifies from which version the edge label appeared in API |
| 94 | edge: |
| 95 | label: v12 |
| 96 | |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 97 | # Specifies which clients should always default to realtime graph connection |
| 98 | realtime: |
| 99 | clients: SDNC,MSO,SO,robot-ete |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 100 | |
Sylvain Desbureaux | c57b58d | 2021-02-23 18:07:34 +0100 | [diff] [blame] | 101 | ################################################################# |
| 102 | # Certificate configuration |
| 103 | ################################################################# |
| 104 | certInitializer: |
| 105 | nameOverride: aai-graphadmin-cert-initializer |
| 106 | aafDeployFqi: deployer@people.osaaf.org |
| 107 | aafDeployPass: demo123456! |
| 108 | # aafDeployCredsExternalSecret: some secret |
| 109 | fqdn: aai |
| 110 | fqi: aai@aai.onap.org |
| 111 | public_fqdn: aai.onap.org |
| 112 | cadi_longitude: "0.0" |
| 113 | cadi_latitude: "0.0" |
| 114 | app_ns: org.osaaf.aaf |
| 115 | credsPath: /opt/app/osaaf/local |
| 116 | fqi_namespace: org.onap.aai |
| 117 | user_id: &user_id 1000 |
| 118 | group_id: &group_id 1000 |
| 119 | aaf_add_config: | |
| 120 | echo "*** changing them into shell safe ones" |
| 121 | export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| 122 | export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| 123 | export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| 124 | cd {{ .Values.credsPath }} |
| 125 | keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ |
| 126 | -storepass "${cadi_keystore_password_p12}" \ |
| 127 | -keystore {{ .Values.fqi_namespace }}.p12 |
| 128 | keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ |
| 129 | -storepass "${cadi_truststore_password}" \ |
| 130 | -keystore {{ .Values.fqi_namespace }}.trust.jks |
| 131 | keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ |
| 132 | -storepass "${cadi_keystore_password_jks}" \ |
| 133 | -keystore {{ .Values.fqi_namespace }}.jks |
| 134 | echo "*** set key password as same password as keystore password" |
| 135 | keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ |
| 136 | -keystore {{ .Values.fqi_namespace }}.jks \ |
| 137 | -keypass "${cadi_keystore_password_jks}" \ |
| 138 | -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }} |
| 139 | echo "*** writing passwords into prop file" |
| 140 | echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop |
| 141 | echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop |
| 142 | echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop |
| 143 | echo "*** change ownership of certificates to targeted user" |
| 144 | chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 145 | |
| 146 | # application image |
wr148d | f63b16e | 2022-01-31 12:47:12 -0500 | [diff] [blame] | 147 | image: onap/aai-graphadmin:1.9.2 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 148 | pullPolicy: Always |
| 149 | restartPolicy: Always |
| 150 | flavor: small |
| 151 | flavorOverride: small |
| 152 | # default number of instances |
| 153 | replicaCount: 1 |
M.Hosnidokht | 6c80653 | 2021-08-25 09:19:41 -0400 | [diff] [blame] | 154 | # the minimum number of seconds that a newly created Pod should be ready |
| 155 | minReadySeconds: 30 |
| 156 | updateStrategy: |
| 157 | type: RollingUpdate |
| 158 | # The number of pods that can be unavailable during the update process |
| 159 | maxUnavailable: 0 |
| 160 | # The number of pods that can be created above the desired amount of pods during an update |
| 161 | maxSurge: 1 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 162 | |
| 163 | # Configuration for the graphadmin deployment |
| 164 | config: |
| 165 | |
| 166 | # Specify the profiles for the graphadmin microservice |
| 167 | profiles: |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 168 | # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and |
| 169 | # serviceMesh.tls is set to tru |
| 170 | active: dmaap #,one-way-ssl" |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 171 | |
| 172 | # Specifies the timeout limit for the REST API requests |
| 173 | timeout: |
| 174 | enabled: true |
| 175 | limit: 180000 |
| 176 | |
| 177 | # Default maximum records to fix for the data grooming and dupeTool |
| 178 | maxFix: |
| 179 | dataGrooming: 150 |
| 180 | dupeTool: 25 |
| 181 | |
| 182 | # Default number of sleep minutes for dataGrooming and dupeTool |
| 183 | sleepMinutes: |
| 184 | dataGrooming: 7 |
| 185 | dupeTool: 7 |
| 186 | |
| 187 | # Cron specific attributes to be triggered for the graphadmin spring cron tasks |
| 188 | cron: |
| 189 | # Specifies that the data grooming tool which runs duplicates should be enabled |
| 190 | dataGrooming: |
| 191 | enabled: true |
| 192 | # Specifies that the data snapshot which takes a graphson snapshot should be enabled |
| 193 | dataSnapshot: |
| 194 | enabled: true |
| 195 | params: JUST_TAKE_SNAPSHOT |
| 196 | |
| 197 | # Data cleanup which zips snapshots older than x days and deletes older than y days |
| 198 | dataCleanup: |
| 199 | |
| 200 | dataGrooming: |
| 201 | enabled: true |
| 202 | # Zips up the dataGrooming files older than 5 days |
| 203 | ageZip: 5 |
| 204 | # Deletes the dataGrooming files older than 30 days |
| 205 | ageDelete: 30 |
| 206 | |
| 207 | dataSnapshot: |
| 208 | enabled: true |
| 209 | # Zips up the dataSnapshot graphson files older than 5 days |
| 210 | ageZip: 5 |
| 211 | # Deletes the dataSnapshot graphson files older than 30 days |
| 212 | ageDelete: 30 |
| 213 | # Concurrency lock control flag |
| 214 | aai: |
| 215 | lock: |
| 216 | uri: |
| 217 | enabled: false |
| 218 | |
| 219 | |
| 220 | nodeSelector: {} |
| 221 | |
| 222 | affinity: {} |
| 223 | |
| 224 | # probe configuration parameters |
| 225 | liveness: |
| 226 | initialDelaySeconds: 60 |
| 227 | periodSeconds: 60 |
| 228 | # necessary to disable liveness probe when setting breakpoints |
| 229 | # in debugger so K8s doesn't restart unresponsive container |
| 230 | enabled: false |
| 231 | |
| 232 | readiness: |
| 233 | initialDelaySeconds: 60 |
| 234 | periodSeconds: 10 |
| 235 | |
| 236 | service: |
| 237 | type: ClusterIP |
| 238 | # REST API port for the graphadmin microservice |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 239 | portName: http |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 240 | internalPort: 8449 |
osk11461 | 27fd7d8 | 2021-06-18 00:51:17 +0200 | [diff] [blame] | 241 | portName2: tcp-5005 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 242 | internalPort2: 5005 |
M.Hosnidokht | 6c80653 | 2021-08-25 09:19:41 -0400 | [diff] [blame] | 243 | terminationGracePeriodSeconds: 120 |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 244 | |
| 245 | ingress: |
| 246 | enabled: false |
| 247 | |
| 248 | persistence: |
| 249 | enabled: true |
| 250 | ## A manually managed Persistent Volume and Claim |
| 251 | ## Requires persistence.enabled: true |
| 252 | ## If defined, PVC must be created manually before volume will be bound |
| 253 | # existingClaim: |
| 254 | volumeReclaimPolicy: Retain |
| 255 | ## database data Persistent Volume Storage Class |
| 256 | ## If defined, storageClassName: <storageClass> |
| 257 | ## If set to "-", storageClassName: "", which disables dynamic provisioning |
| 258 | ## If undefined (the default) or set to null, no storageClassName spec is |
| 259 | ## set, choosing the default provisioner. (gp2 on AWS, standard on |
| 260 | ## GKE, AWS & OpenStack) |
| 261 | ## |
| 262 | # storageClass: "-" |
| 263 | accessMode: ReadWriteMany |
| 264 | size: 2Gi |
| 265 | |
| 266 | mountPath: /dockerdata-nfs |
| 267 | mountSubPath: aai/aai-graphadmin |
| 268 | mountSubPath1: aai/migration |
| 269 | |
| 270 | resources: |
| 271 | small: |
| 272 | limits: |
| 273 | cpu: 2 |
| 274 | memory: 4Gi |
| 275 | requests: |
| 276 | cpu: 0.5 |
| 277 | memory: 1536Mi |
| 278 | large: |
| 279 | limits: |
| 280 | cpu: 4 |
| 281 | memory: 8Gi |
| 282 | requests: |
| 283 | cpu: 1 |
| 284 | memory: 2Gi |
| 285 | unlimited: {} |
farida azmy | d893733 | 2021-03-09 12:20:42 +0200 | [diff] [blame] | 286 | |
Sylvain Desbureaux | c57b58d | 2021-02-23 18:07:34 +0100 | [diff] [blame] | 287 | # Not fully used for now |
| 288 | securityContext: |
| 289 | user_id: *user_id |
| 290 | group_id: *group_id |
| 291 | |
farida azmy | d893733 | 2021-03-09 12:20:42 +0200 | [diff] [blame] | 292 | #Pods Service Account |
| 293 | serviceAccount: |
| 294 | nameOverride: aai-graphadmin |
| 295 | roles: |
| 296 | - read |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 297 | #Log configuration |
| 298 | log: |
| 299 | path: /var/log/onap |
| 300 | logConfigMapNamePrefix: '{{ include "common.fullname" . }}' |