# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
restartPolicy: Always
- installSidecarSecurity: false
aafEnabled: true
-
- fproxy:
- name: forward-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/fproxy:2.1.13
- port: 10680
-
- rproxy:
- name: reverse-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/rproxy:2.1.13
- port: 10692
-
- tproxyConfig:
- name: init-tproxy-config
- image: onap/tproxy-config:2.1.13
-
- # AAF server details. Only needed if the AAF DNS does not resolve from the pod
- aaf:
- serverIp: 10.12.6.214
- serverHostname: aaf.osaaf.org
- serverPort: 30247
+ msbEnabled: true
+ centralizedLoggingEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
passwd: AAI
# Active spring profiles for the resources microservice
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
version:
# Current version of the REST API
api:
- default: v21
+ default: v27
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
# Specifies from which version related link should appear
related:
link: v11
# Keystore configuration password and filename
keystore:
filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
# Truststore configuration password and filename
truststore:
filename: aai_keystore
- passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
# Specifies a list of files to be included in auth volume
auth:
# since when this is enabled, it prints a lot of information to console
enabled: false
+aai-babel:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-graphadmin:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-modelloader:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-resources:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-schema-service:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-sparky-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-traversal:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** transform AAF certs into pem files"
+ mkdir -p {{ .Values.credsPath }}/certs
+ keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+ -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+ -alias ca_local_0 \
+ -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** generating needed file"
+ cat {{ .Values.credsPath }}/certs/cert.pem \
+ {{ .Values.credsPath }}/certs/cacert.pem \
+ {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+ > {{ .Values.credsPath }}/certs/fullchain.pem;
+ chown 1001 {{ .Values.credsPath }}/certs/*
+
# application image
dockerhubRepository: registry.hub.docker.com
-image: aaionap/haproxy:1.4.2
+image: onap/aai-haproxy:1.9.5
pullPolicy: Always
flavor: small
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
+# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns
+haproxy:
+ initContainers:
+ resources:
+ memory: 100Mi
+ cpu: 50m
+ requestBlocking:
+ enabled: false
+ customConfigs: []
+ replicas:
+ aaiResources: 1
+ aaiTraversal: 1
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
# --set aai.global.cassandra.serviceName=aai-cassandra
cassandra:
nameOverride: aai-cassandra
+ serviceAccount:
+ nameOverride: aai-cassandra
replicaCount: 3
service:
name: aai-cassandra
service:
type: NodePort
- portName: aai-ssl
+ portName: http
externalPort: 8443
internalPort: 8443
nodePort: 33
- # POLICY hotfix - Note this must be temporary
- # See https://jira.onap.org/browse/POLICY-510
- aaiServiceClusterIp:
+ externalPlainPort: 80
+ internalPlainPort: 8080
+ nodeport: 33
+
+metricsService:
+ type: ClusterIP
+ portName: prometheus
+ externalPort: 8448
+ internalPort: 8448
+
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /metrics
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}-metrics'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
ingress:
enabled: false
service:
- - baseaddr: "aai.api"
+ - baseaddr: "aai-api"
name: "aai"
port: 8443
- config:
- ssl: "redirect"
+ plain_port: 80
+ config:
+ ssl: "redirect"
resources:
small:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read
Code Review / oom.git / blobdiff