# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
+ aafEnabled: true
+ cassandra:
+ #Service Name of the cassandra cluster to connect to.
+ #Override it to aai-cassandra if localCluster is enabled.
+ serviceName: cassandra
+
+ # Specifies a list of jobs to be run
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ # When enabled, it will create the widget models via REST API to haproxy
+ updateQueryData:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+
+ # Common configuration for resources traversal and graphadmin
+ config:
+ # User information for the admin user in container
+ userId: 1000
+ groupId: 1000
+
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+
+ # Specifies if the basic authorization is enabled
+ basic:
+ auth:
+ enabled: true
+ username: AAI
+ passwd: AAI
+
+ # Active spring profiles for the resources microservice
+ profiles:
+ active: production,dmaap,aaf-auth #,keycloak
+
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ service:
+ client: one-way-ssl
+ # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v21
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,MSO,SO,robot-ete
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-traversal-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aai-traversal
+ fqi: aai-traversal@aai-traversal.onap.org
+ public_fqdn: aai-traversal.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.aai-traversal
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
-repository: nexus3.onap.org:10001
-image: onap/aai-traversal:1.7.2
+image: onap/aai-traversal:1.8.0
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
+
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+
+aai_enpoints:
+ - name: aai-generic-query
+ url: search/generic-query
+ - name: aai-nodes-query
+ url: search/nodes-query
+ - name: aai-nquery
+ url: query
+
# application configuration
config:
+ # configure keycloak according to your environment.
+ # don't forget to add keycloak in active profiles above (global.config.profiles)
+ keycloak:
+ host: keycloak.your.domain
+ port: 8180
+ # Specifies a set of users, credentials, roles, and groups
+ realm: aai-traversal
+ # Used by any client application for enabling fine-grained authorization for their protected resources
+ resource: aai-traversal-app
+ # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
+ # the data-owner property with the given role to the user in keycloak
+ multiTenancy:
+ enabled: true
+
# Specifies timeout information such as application specific and limits
timeout:
# If set to true application will timeout for queries taking longer than limit
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read