#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022 Nokia. All rights reserved.
+# Copyright (c) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
+ centralizedLoggingEnabled: true
#################################################################
# Filebeat configuration defaults.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.10.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
-# if absent, no sidecar will be deployed
-logDirectory: /opt/app/prh/logs
-
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/prh/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
+# if path is set to null sidecar won't be deployed in spite of
+# global.centralizedLoggingEnabled setting.
+log:
+ path: /opt/app/prh/logs
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
secrets:
- uid: &aaiCredsUID aaicreds
password: '{{ .Values.aaiCreds.password }}'
passwordPolicy: required
-# dependencies
-readinessCheck:
- wait_for:
- - dcae-config-binding-service
- - aaf-cm
-
# probe configuration
readiness:
initialDelaySeconds: 5
- port: 8100
name: http
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
aaiCreds:
user: AAI
password: AAI
uid: *aaiCredsUID
key: password
-customEnvVars:
-- name: AUTH_HDR
- value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
-
# initial application configuration
-# Configuration used for in-app substitution must be defined as $${undefined}{<parameter>} under applicationConfig
-# inorder to get ${<parameter>} post envsubst (done part of dcae helm service-common templates)
applicationConfig:
dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapConsumerConfiguration.consumerId: "c12"
dmaap.dmaapConsumerConfiguration.timeoutMs: -1
dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json"
- aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v23/network/pnfs/pnf
- aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v23
- aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local
- aai.aaiClientConfiguration.aaiHostPortNumber: 8443
- aai.aaiClientConfiguration.aaiProtocol: "https"
+ aai.aaiClientConfiguration.pnfUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23/network/pnfs/pnf
+ aai.aaiClientConfiguration.baseUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23
+ aai.aaiClientConfiguration.aaiHost: aai-internal.onap.svc.cluster.local
+ aai.aaiClientConfiguration.aaiHostPortNumber: 80
+ aai.aaiClientConfiguration.aaiProtocol: "http"
aai.aaiClientConfiguration.aaiUserName: ${AAI_USER}
aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD}
aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
X-TransactionId: "9999"
Accept: "application/json"
Real-Time: "true"
- Authorization: $AUTH_HDR
+ Authorization: ${AUTH_HDR}
security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks"
security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass"
security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks"
dmaap_info:
topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT
+applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}'
+ BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+ JAAS_CONFIG:
+ externalSecret: true
+ externalSecretUid: '{{ include "common.name" . }}-ku'
+ key: sasl.jaas.config
+
+# Strimzi Kafka User config
+kafkaUser:
+ acls:
+ - name: OpenDCAE-c12
+ type: group
+ patternType: literal
+ operations: [Read]
+ - name: \"*\"
+ type: topic
+ patternType: literal
+ operations: [DescribeConfigs]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: unauthenticated.PNF_READY
+ type: topic
+ patternType: literal
+ operations: [Write]
+ - name: unauthenticated.PNF_UPDATE
+ type: topic
+ patternType: literal
+ operations: [Write]
+
+# Strimzi Kafka Topics
+kafkaTopic:
+ - name: unauthenticated.PNF_READY
+ strimziTopicName: unauthenticated.pnf-ready
+ - name: unauthenticated.PNF_UPDATE
+ strimziTopicName: unauthenticated.pnf-update
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "3Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "2"
+ memory: "6Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "6Gi"
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-prh
+ roles:
+ - read