Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / edb388e0f53cdc483734811183d487f5965c2caa / . / kubernetes / policy / components / policy-pap / values.yaml
blob: 0dc6dbe4dc7ee583d1746b3422bf51235edf8414 [file] [log] [blame]
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]1# ============LICENSE_START=======================================================
2# Copyright (C) 2019 Nordix Foundation.
jhh999c2242021-02-24 12:10:02 -0600[diff] [blame]3# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]4# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]5# Modifications Copyright © 2022 Nordix Foundation
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]6# ================================================================================
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#
19# SPDX-License-Identifier: Apache-2.0
20# ============LICENSE_END=========================================================
21
22#################################################################
23# Global configuration defaults.
24#################################################################
25global:
Bruno Sakoto425d5be2020-05-20 07:25:41 -0400[diff] [blame]26 nodePortPrefixExt: 304
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]27 persistence: {}
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]28 aafEnabled: true
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]29
30#################################################################
31# Secrets metaconfig
32#################################################################
33secrets:
34 - uid: db-secret
35 type: basicAuth
36 externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
37 login: '{{ .Values.db.user }}'
38 password: '{{ .Values.db.password }}'
39 passwordPolicy: required
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]40 - uid: restserver-secret
41 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]42 externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]43 login: '{{ .Values.restServer.user }}'
44 password: '{{ .Values.restServer.password }}'
45 passwordPolicy: required
46 - uid: api-secret
47 type: basicAuth
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]48 externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]49 login: '{{ .Values.healthCheckRestClient.api.user }}'
50 password: '{{ .Values.healthCheckRestClient.api.password }}'
51 passwordPolicy: required
52 - uid: distribution-secret
53 type: basicAuth
54 externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
55 login: '{{ .Values.healthCheckRestClient.distribution.user }}'
56 password: '{{ .Values.healthCheckRestClient.distribution.password }}'
57 passwordPolicy: required
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]58 - uid: keystore-password
59 type: password
60 externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
61 password: '{{ .Values.certStores.keyStorePassword }}'
62 passwordPolicy: required
63 - uid: truststore-password
64 type: password
65 externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
66 password: '{{ .Values.certStores.trustStorePassword }}'
67 passwordPolicy: required
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]68 - uid: policy-kafka-user
69 externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
70 type: genericKV
71 envs:
72 - name: sasl.jaas.config
73 value: '{{ .Values.config.someConfig }}'
74 policy: generate
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]75
76certStores:
77 keyStorePassword: Pol1cy_0nap
78 trustStorePassword: Pol1cy_0nap
79
80certInitializer:
81 nameOverride: policy-pap-cert-initializer
82 aafDeployFqi: deployer@people.osaaf.org
83 aafDeployPass: demo123456!
84 fqdn: policy
85 fqi: policy@policy.onap.org
86 public_fqdn: policy.onap.org
87 cadi_latitude: "0.0"
88 cadi_longitude: "0.0"
89 credsPath: /opt/app/osaaf/local
90 app_ns: org.osaaf.aaf
91 uid: 100
92 gid: 101
93 aaf_add_config: >
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]94 echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
95 echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
96 chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
97
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]98
99#################################################################
100# Application configuration defaults.
101#################################################################
102# application image
liamfallonedb388e2022-09-23 17:56:37 +0100[diff] [blame^]103image: onap/policy-pap:2.7.0
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]104pullPolicy: Always
105
106# flag to enable debugging - application support required
107debugEnabled: false
108
109# application configuration
110
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]111db:
112 user: policy_user
113 password: policy_user
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]114 service:
115 name: policy-mariadb
116 internalPort: 3306
117
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]118restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]119 user: policyadmin
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]120 password: zb!XztG34
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]121
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]122healthCheckRestClient:
123 api:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]124 user: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]125 password: none
Dominik Mizyn389fca12020-04-09 22:37:00 +0200[diff] [blame]126 distribution:
127 user: healthcheck
128 password: zb!XztG34
Krzysztof Opasiak3d9dc8b2020-03-31 23:05:16 +0200[diff] [blame]129
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]130# default number of instances
131replicaCount: 1
132
133nodeSelector: {}
134
135affinity: {}
136
137# probe configuration parameters
138liveness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]139 initialDelaySeconds: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]140 periodSeconds: 10
141 # necessary to disable liveness probe when setting breakpoints
142 # in debugger so K8s doesn't restart unresponsive container
143 enabled: true
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]144 port: http-api
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]145
146readiness:
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]147 initialDelaySeconds: 10
148 periodSeconds: 120
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]149 port: http-api
a.sreekumar2f377362022-02-09 12:40:57 +0000[diff] [blame]150 api: /policy/pap/v1/healthcheck
151 scheme: HTTPS
152 successThreshold: 1
153 failureThreshold: 3
154 timeout: 60
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]155
156service:
157 type: ClusterIP
158 name: policy-pap
Bruno Sakoto0644c262020-05-22 16:56:35 -0400[diff] [blame]159 useNodePortExt: true
160 ports:
161 - name: http-api
162 port: 6969
163 nodePort: 42
ramverma1a3b8ad2019-02-25 12:45:11 +0000[diff] [blame]164
165ingress:
166 enabled: false
167
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]168flavor: small
169resources:
170 small:
171 limits:
172 cpu: 1
173 memory: 4Gi
174 requests:
175 cpu: 100m
176 memory: 1Gi
177 large:
178 limits:
179 cpu: 2
180 memory: 8Gi
181 requests:
182 cpu: 200m
183 memory: 2Gi
184 unlimited: {}
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]185
186#Pods Service Account
187serviceAccount:
188 nameOverride: policy-pap
189 roles:
190 - read
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]191
Rashmi Pujara8b09262022-03-15 21:58:57 -0400[diff] [blame]192metrics:
193 serviceMonitor:
194 # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
195 # The default operator for prometheus enforces the below label.
196 labels:
197 release: prometheus
198 enabled: true
199 port: http-api
200 interval: 60s
201 isHttps: true
202 basicAuth:
203 enabled: true
204 externalSecretNameSuffix: policy-pap-user-creds
205 externalSecretUserKey: login
206 externalSecretPasswordKey: password
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]207
208# application configuration
209config:
210# Event consumption (kafka) properties
211 useStrimziKafka: true
212 kafkaBootstrap: strimzi-kafka-bootstrap
213 kafka:
214 consumer:
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]215 groupId: policy-group
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]216 app:
217 listener:
218 policyPdpPapTopic: policy-pdp-pap
219# If targeting a custom kafka cluster, ie useStrimziKakfa: false
220# uncomment below config and target your kafka bootstrap servers,
221# along with any other security config.
222#
223# eventConsumption:
224# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
225# spring.kafka.security.protocol: PLAINTEXT
226# spring.kafka.consumer.group-id: policy-group
227#
228# Any new property can be added in the env by setting in overrides in the format mentioned below
229# All the added properties must be in "key: value" format instead of yaml.