Merge "[STRIMZI] Solve Security Policy violations"

[oom.git] / kubernetes / aai / components / aai-resources / values.yaml

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 3023d86..14ae2de 100644 (file)
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -20,6 +20,8 @@
 # Declare variables to be passed into your templates.
 global: # global defaults
   nodePortPrefix: 302
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  aaiKafkaUser: aai-kafka-user
   cassandra:
     #Service Name of the cassandra cluster to connect to.
     #Override it to aai-cassandra if localCluster is enabled.
@@ -50,7 +52,7 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap
+      active: production,kafka
 
     # Notification event specific properties
     notification:
@@ -75,11 +77,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v28
+          default: v29
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -96,7 +98,6 @@ global: # global defaults
     # Specifies which clients should always default to realtime graph connection
     realtime:
       clients: SDNC,MSO,SO,robot-ete
-
 api_list:
   - 11
   - 12
@@ -107,6 +108,16 @@ api_list:
   - 17
   - 18
   - 19
+  - 20
+  - 21
+  - 22
+  - 23
+  - 24
+  - 25
+  - 26
+  - 27
+  - 28
+  - 29
 
 aai_enpoints:
   - name: aai-cloudInfrastructure
@@ -123,13 +134,17 @@ aai_enpoints:
     url: external-system
 
 # application image
-image: onap/aai-resources:1.13.0
+image: onap/aai-resources:1.14.6
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
 flavorOverride: small
 # default number of instances
 replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
 # the minimum number of seconds that a newly created Pod should be ready
 minReadySeconds: 30
 updateStrategy:
@@ -160,11 +175,15 @@ config:
       # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
       # modifications to graph done by other services (traversal) will only be visible
       # after time specified in db-cache-time
-      enabled: false
+      enabled: true
       # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
       dbCacheTime: 180000 # in milliseconds
       dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
       dbCacheCleanWait: 20 # in milliseconds
+    # temporarily enable this to update the graph storage version
+    # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+    allowUpgrade: true
+
 
 
   # Specifies crud related operation timeouts and overrides
@@ -190,7 +209,7 @@ config:
   # environment variables added to the launch of the image in deployment
   env:
     MIN_HEAP_SIZE: "512m"
-    MAX_HEAP_SIZE: "1024m"
+    MAX_HEAP_SIZE: "2g"
     MAX_METASPACE_SIZE: "512m"
 
   # adds jvm args for remote debugging the application
@@ -222,9 +241,7 @@ affinity: {}
 liveness:
   initialDelaySeconds: 60
   periodSeconds: 60
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: false
+  enabled: true
 
 readiness:
   initialDelaySeconds: 60
@@ -232,13 +249,15 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: http
-  internalPort: 8447
-  portName2: tcp-5005
-  internalPort2: 5005
-  portName3: http-resources
-  internalPort3: 8448
-  terminationGracePeriodSeconds: 120
+  resourcesPortName: http
+  resourcesPort: 8447
+  debugPortName: tcp-5005
+  debugPort: 5005
+  metricsPortName: metrics
+  metricsPort: 8448
+  profilingPortName: jmx-9999
+  profilingPort: 9999
+  terminationGracePeriodSeconds: 30
   sessionAffinity: None
 
 ingress:
@@ -260,13 +279,6 @@ serviceMesh:
   # ref: http://kubernetes.io/docs/user-guide/compute-resources/
   # Minimum memory for development is 2 CPU cores and 4GB memory
   # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: "2"
-#    memory: "4Gi"
-#  requests:
-#    cpu: "2"
-#    memory: "4Gi"
 resources:
   small:
     limits:
@@ -277,10 +289,10 @@ resources:
       memory: "3Gi"
   large:
     limits:
-      cpu: "4"
-      memory: "8Gi"
+      cpu: "8"
+      memory: "12Gi"
     requests:
-      cpu: "2"
+      cpu: "4"
       memory: "6Gi"
   unlimited: {}
 
@@ -377,3 +389,20 @@ accessLogback:
   logToFileEnabled: false
   maxHistory: 7
   totalSizeCap: 1GB
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: aai-kafka-user
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
+kafkaUser:
+  authenticationType: scram-sha-512
+  acls:
+    - name: AAI-EVENT
+      type: topic
+      operations: [Read, Write]