# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version:
# Current version of the REST API
api:
- default: v24
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
edge:
label: v12
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-schema-service-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-schema-service
- fqi: aai-schema-service@aai-schema-service.onap.org
- public_fqdn: aai-schema-service.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-schema-service
- user_id: &user_id 1000
- group_id: &group_id 1000
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
-
# application image
-image: onap/aai-schema-service:1.9.2
+image: onap/aai-schema-service:1.12.5
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
# default number of instances
replicaCount: 1
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
service:
type: ClusterIP
- portName: http
- internalPort: 8452
- portName2: tcp-5005
- internalPort2: 5005
+ appPortName: http
+ appPort: 8452
+ debugPortName: tcp-5005
+ debugPort: 5005
+ profilingPortName: jmx-9999
+ profilingPort: 9999
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-traversal-read
+
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
# limits:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
# requests:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
#Pods Service Account
# Not fully used for now
securityContext:
- user_id: *user_id
- group_id: *group_id
+ user_id: 1000
+ group_id: 1000
#Log configuration
log: