# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- aafEnabled: true
-
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ aaiTravKafkaUser: aai-trav-kafka-user
cassandra:
#Service Name of the cassandra cluster to connect to.
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
+ # Cassandra datacenter name
+ localDataCenter: dc1
+ tracing:
+ enabled: false
+ collector:
+ baseUrl: http://jaeger-collector.istio-config:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
# Specifies a list of jobs to be run
jobs:
#migration using helm hooks
migration:
enabled: false
-
+ # Specifies if basic authorization is enabled
+ auth:
+ enabled: true
+ users:
+ - username: aai@aai.onap.org
+ password: demo123456!
+ - username: AAI
+ password: AAI
+ - username: DCAE
+ password: DCAE
+ - username: MSO
+ password: MSO
+ - username: POLICY
+ password: POLICY
+ - username: ASDC
+ password: ASDC
+ - username: ModelLoader
+ password: ModelLoader
+ - username: AaiUI
+ password: AaiUI
# Common configuration for resources traversal and graphadmin
config:
# User information for the admin user in container
cassandra:
dynamic: true
- # Specifies if the basic authorization is enabled
- basic:
- auth:
- enabled: true
- username: AAI
- passwd: AAI
-
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap #,aaf-auth ,keycloak
+ active: production,kafka
# Notification event specific properties
notification:
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
version:
# Current version of the REST API
api:
- default: v21
+ default: v30
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
# Specifies from which version related link should appear
related:
link: v11
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,MSO,SO,robot-ete
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-traversal-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-traversal
- fqi: aai-traversal@aai-traversal.onap.org
- public_fqdn: aai-traversal.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-traversal
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}'
+ someConfig: random
# application image
-image: onap/aai-traversal:1.8.0
+image: onap/aai-traversal:1.16.0
pullPolicy: Always
restartPolicy: Always
flavor: small
-flavorOverride: small
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
- 17
- 18
- 19
+ - 20
+ - 21
+ - 22
+ - 23
+ - 24
+ - 25
+ - 26
+ - 27
+ - 28
+ - 29
aai_enpoints:
- name: aai-generic-query
# application configuration
config:
-
- # configure keycloak according to your environment.
- # don't forget to add keycloak in active profiles above (global.config.profiles)
- keycloak:
- host: keycloak.your.domain
- port: 8180
- # Specifies a set of users, credentials, roles, and groups
- realm: aai-traversal
- # Used by any client application for enabling fine-grained authorization for their protected resources
- resource: aai-traversal-app
- # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
- # the data-owner property with the given role to the user in keycloak
- multiTenancy:
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (traversal) will only be visible
+ # after time specified in db-cache-time
enabled: true
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
# Specifies timeout information such as application specific and limits
timeout:
# Specifies how long should it wait before timing out the REST request
limit: 180000
+ # environment variables added to the launch of the image in deployment
+ env:
+ MIN_HEAP_SIZE: "512m"
+ MAX_METASPACE_SIZE: "512m"
+ # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
# Disables the updateQueryData script to run as part of traversal
disableUpdateQuery: true
# default number of instances
replicaCount: 1
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
+ path: /actuator/health
initialDelaySeconds: 60
periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ enabled: true
readiness:
+ path: /actuator/health/readiness
initialDelaySeconds: 10
periodSeconds: 10
+actuator:
+ echo:
+ enabled: true
+
service:
type: ClusterIP
- portName: http
- internalPort: 8446
- portName2: tcp-5005
- internalPort2: 5005
- terminationGracePeriodSeconds: 120
+ traversalPortName: http
+ traversalPort: 8446
+ debugPortName: tcp-5005
+ debugPort: 5005
+ metricsPortName: metrics
+ metricsPort: 8448
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+ terminationGracePeriodSeconds: 30
+ sessionAffinity: None
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
+# To make logback capping values configurable
+logback:
+ logToFileEnabled: false
+ maxHistory: 7
+ totalSizeCap: 6GB
+ queueSize: 1000
+
+accessLogback:
+ logToFileEnabled: false
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
+ maxHistory: 7
+ totalSizeCap: 6GB
+
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
+# define the heap size for the JVM
+# according to the resource flavor
+small:
+ maxHeapSize: "2500m"
+large:
+ maxHeapSize: "3g"
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 80
+
+tracing:
+ ignorePatterns:
+ - /aai/util.*
+
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8448
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
#Pods Service Account
serviceAccount:
nameOverride: aai-traversal
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+ level:
+ root: INFO
+ base: INFO # base package (org.onap.aai)
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 50Mi
+ logmiscSizeLimit: 50Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for_migration:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-migration'
+ wait_for_createSchema:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ wait_for_cassandra:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+ wait_for_traversal:
+ services:
+ - aai-traversal
+
+jobAnnotations:
+ "helm.sh/hook": pre-upgrade,pre-rollback,post-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: aai-trav-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: AAI-EVENT
+ type: topic
+ operations: [Read, Write]
Code Review / oom.git / blobdiff