blob: 665ef789f99ab48704e94c458a300c106be9a6ff [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +00001# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -06003# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +00004# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
Sirisha_Manchikantib402a592022-09-09 12:01:20 +01005# Modifications Copyright © 2022 Nordix Foundation
ramverma1a3b8ad2019-02-25 12:45:11 +00006# ================================================================================
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#
19# SPDX-License-Identifier: Apache-2.0
20# ============LICENSE_END=========================================================
21
22#################################################################
23# Global configuration defaults.
24#################################################################
25global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -040026 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +000027 persistence: {}
jhhd4258672020-08-09 12:08:08 -050028 aafEnabled: true
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +020029
30#################################################################
31# Secrets metaconfig
32#################################################################
33secrets:
34 - uid: db-secret
35 type: basicAuth
36 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
37 login: '{{ .Values.db.user }}'
38 password: '{{ .Values.db.password }}'
39 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +020040 - uid: restserver-secret
41 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010042 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020043 login: '{{ .Values.restServer.user }}'
44 password: '{{ .Values.restServer.password }}'
45 passwordPolicy: required
46 - uid: api-secret
47 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +010048 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +020049 login: '{{ .Values.healthCheckRestClient.api.user }}'
50 password: '{{ .Values.healthCheckRestClient.api.password }}'
51 passwordPolicy: required
52 - uid: distribution-secret
53 type: basicAuth
54 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
55 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
56 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
57 passwordPolicy: required
jhhd4258672020-08-09 12:08:08 -050058 - uid: keystore-password
59 type: password
60 externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
61 password: '{{ .Values.certStores.keyStorePassword }}'
62 passwordPolicy: required
63 - uid: truststore-password
64 type: password
65 externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
66 password: '{{ .Values.certStores.trustStorePassword }}'
67 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +010068 - uid: policy-kafka-user
69 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
70 type: genericKV
71 envs:
72 - name: sasl.jaas.config
73 value: '{{ .Values.config.someConfig }}'
74 policy: generate
jhhd4258672020-08-09 12:08:08 -050075
76certStores:
77 keyStorePassword: Pol1cy_0nap
78 trustStorePassword: Pol1cy_0nap
79
80certInitializer:
81 nameOverride: policy-pap-cert-initializer
82 aafDeployFqi: deployer@people.osaaf.org
83 aafDeployPass: demo123456!
84 fqdn: policy
85 fqi: policy@policy.onap.org
86 public_fqdn: policy.onap.org
87 cadi_latitude: "0.0"
88 cadi_longitude: "0.0"
89 credsPath: /opt/app/osaaf/local
90 app_ns: org.osaaf.aaf
91 uid: 100
92 gid: 101
93 aaf_add_config: >
jhhd4258672020-08-09 12:08:08 -050094 echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
95 echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
96 chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
97
ramverma1a3b8ad2019-02-25 12:45:11 +000098
99#################################################################
100# Application configuration defaults.
101#################################################################
102# application image
saul.gill5e611402023-03-02 11:49:23 +0000103image: onap/policy-pap:2.8.1
ramverma1a3b8ad2019-02-25 12:45:11 +0000104pullPolicy: Always
105
106# flag to enable debugging - application support required
107debugEnabled: false
108
109# application configuration
110
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200111db:
112 user: policy_user
113 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500114 service:
115 name: policy-mariadb
116 internalPort: 3306
117
Dominik Mizyn389fca12020-04-09 22:37:00 +0200118restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000119 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000120 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500121
Dominik Mizyn389fca12020-04-09 22:37:00 +0200122healthCheckRestClient:
123 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000124 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100125 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200126 distribution:
127 user: healthcheck
128 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200129
ramverma1a3b8ad2019-02-25 12:45:11 +0000130# default number of instances
131replicaCount: 1
132
133nodeSelector: {}
134
135affinity: {}
136
137# probe configuration parameters
138liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000139 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000140 periodSeconds: 10
141 # necessary to disable liveness probe when setting breakpoints
142 # in debugger so K8s doesn't restart unresponsive container
143 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400144 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000145
146readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000147 initialDelaySeconds: 10
148 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400149 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000150 api: /policy/pap/v1/healthcheck
a.sreekumar2f377362022-02-09 12:40:57 +0000151 successThreshold: 1
152 failureThreshold: 3
153 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000154
155service:
156 type: ClusterIP
157 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400158 useNodePortExt: true
159 ports:
160 - name: http-api
161 port: 6969
162 nodePort: 42
ramverma1a3b8ad2019-02-25 12:45:11 +0000163
164ingress:
165 enabled: false
166
jhhd4258672020-08-09 12:08:08 -0500167flavor: small
168resources:
169 small:
170 limits:
171 cpu: 1
172 memory: 4Gi
173 requests:
174 cpu: 100m
175 memory: 1Gi
176 large:
177 limits:
178 cpu: 2
179 memory: 8Gi
180 requests:
181 cpu: 200m
182 memory: 2Gi
183 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200184
185#Pods Service Account
186serviceAccount:
187 nameOverride: policy-pap
188 roles:
189 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400190
Rashmi Pujara8b09262022-03-15 21:58:57 -0400191metrics:
192 serviceMonitor:
193 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
194 # The default operator for prometheus enforces the below label.
195 labels:
196 release: prometheus
197 enabled: true
198 port: http-api
199 interval: 60s
200 isHttps: true
201 basicAuth:
202 enabled: true
203 externalSecretNameSuffix: policy-pap-user-creds
204 externalSecretUserKey: login
205 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100206
207# application configuration
208config:
209# Event consumption (kafka) properties
210 useStrimziKafka: true
211 kafkaBootstrap: strimzi-kafka-bootstrap
212 kafka:
213 consumer:
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100214 groupId: policy-group
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100215 app:
216 listener:
217 policyPdpPapTopic: policy-pdp-pap
218# If targeting a custom kafka cluster, ie useStrimziKakfa: false
219# uncomment below config and target your kafka bootstrap servers,
220# along with any other security config.
221#
222# eventConsumption:
223# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
224# spring.kafka.security.protocol: PLAINTEXT
225# spring.kafka.consumer.group-id: policy-group
226#
227# Any new property can be added in the env by setting in overrides in the format mentioned below
228# All the added properties must be in "key: value" format instead of yaml.