# Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright (c) 2020 Nokia, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for sparky-be. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 aai: serviceName: aai aaiElasticsearch: serviceName: aai-elasticsearch gizmo: serviceName: aai-gizmo searchData: serviceName: aai-search-data ################################################################# # Certificate configuration ################################################################# certInitializer: nameOverride: aai-sparky-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: "aai" app_ns: "org.osaaf.aaf" fqi_namespace: "org.onap.aai" fqi: "aai@aai.onap.org" public_fqdn: "aaf.osaaf.org" cadi_longitude: "0.0" cadi_latitude: "0.0" credsPath: /opt/app/osaaf/local aaf_add_config: | echo "*** changing passwords into shell safe ones" export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks echo "*** save the generated passwords" echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} # application image image: onap/sparky-be:2.0.3 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small dockerhubRepository: registry.hub.docker.com ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 # application configuration config: elasticsearchHttpPort: 9200 gerritBranch: 3.0.0-ONAP gerritProject: http://gerrit.onap.org/r/aai/test-config portalUsername: aaiui portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will # prevent the portal interface's login processing from searching for a user # specific cookie, and will instead allow passage if a valid session cookie is discovered. portalOnapEnabled: true # # override chart name (sparky-be) to share a common namespace # suffix with parent chart (aai) nsSuffix: aai # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 10 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 service: type: NodePort portName: http internalPort: 8000 nodePort: 20 ingress: enabled: false service: - baseaddr: "aaisparkybe" name: "aai-sparky-be" port: 8000 config: ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 0.25 memory: 1Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 0.5 memory: 2Gi unlimited: {}