[OOM] Fixing k8s resources and limits

[oom.git] / kubernetes / msb / components / msb-eag / values.yaml

diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index ff158b5..836673f 100644 (file)
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -35,33 +35,24 @@ certInitializer:
   app_ns: org.osaaf.aaf
   credsPath: /opt/app/osaaf/local
   aaf_add_config: |
-    echo "*** retrieving passwords for certificates"
-    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
-      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
-    if [ -z "$cadi_keystore_password_p12" ]
-    then
-      echo "  /!\ certificates retrieval failed"
-      exit 1
-    else
-      mkdir -p {{ .Values.credsPath }}/certs
-      echo "*** retrieve certificate from pkcs12"
-      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
-        -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
-        -passin pass:$cadi_keystore_password_p12 \
-        -passout pass:$cadi_keystore_password_p12
-      echo "*** copy key to relevant place"
-      cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
-      echo "*** change ownership and read/write attributes"
-      chown -R 1000 {{ .Values.credsPath }}/certs
-      chmod 600 {{ .Values.credsPath }}/certs/cert.crt
-      chmod 600 {{ .Values.credsPath }}/certs/cert.key
-    fi
+    mkdir -p {{ .Values.credsPath }}/certs
+    echo "*** retrieve certificate from pkcs12"
+    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+      -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+      -passin pass:$cadi_keystore_password_p12 \
+      -passout pass:$cadi_keystore_password_p12
+    echo "*** copy key to relevant place"
+    cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+    echo "*** change ownership and read/write attributes"
+    chown -R 1000 {{ .Values.credsPath }}/certs
+    chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+    chmod 600 {{ .Values.credsPath }}/certs/cert.key
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.6.0
 pullPolicy: Always
 istioSidecar: true
 
@@ -91,18 +82,25 @@ readiness:
 service:
   type: NodePort
   name: msb-eag
-  externalPort: 80
-  internalPort: 80
-  externalPortHttps: 443
-  internalPortHttps: 443
-  nodePortHttps: 84
+  both_tls_and_plain: true
+  # for liveness and readiness probe only
+  # internalPort:
+  internalPort: 443
+  internalPlainPort: 80
+  ports:
+    - name: msb-eag
+      port: 443
+      plain_port: 80
+      port_protocol: http
+      nodePort: '84'
 
 ingress:
   enabled: false
   service:
-    - baseaddr: "msbeag"
+    - baseaddr: "msb-eag-ui"
       name: "msb-eag"
       port: 443
+      plain_port: 80
   config:
     ssl: "redirect"
 
@@ -112,16 +110,27 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 200m
-      memory: 500Mi
+      cpu: 999
+      memory: 0.5Gi
     requests:
-      cpu: 100m
-      memory: 200Mi
+      cpu: 0.5
+      memory: 0.5Gi
   large:
     limits:
-      cpu: 400m
-      memory: 800Mi
+      cpu: 999
+      memory: 1Gi
     requests:
-      cpu: 200m
-      memory: 400Mi
+      cpu: 1
+      memory: 1Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: msb-eag
+  roles:
+    - read
+
+#Logs configuration
+log:
+  path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'