# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
-# Modifications Copyright (C) 2020 Bell Canada.
+# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefixExt: 304
persistence: {}
- envsubstImage: dibi/envsubst
aafEnabled: true
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
passwordPolicy: required
- uid: restserver-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- uid: api-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
login: '{{ .Values.healthCheckRestClient.api.user }}'
password: '{{ .Values.healthCheckRestClient.api.password }}'
passwordPolicy: required
uid: 100
gid: 101
aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass
- {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.3
+image: onap/policy-pap:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
internalPort: 3306
restServer:
- user: healthcheck
+ user: policyadmin
password: zb!XztG34
healthCheckRestClient:
api:
- user: healthcheck
- password: zb!XztG34
+ user: policyadmin
+ password: none
distribution:
user: healthcheck
password: zb!XztG34
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
+ initialDelaySeconds: 10
+ periodSeconds: 120
port: http-api
+ api: /policy/pap/v1/healthcheck
+ scheme: HTTPS
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
service:
type: ClusterIP
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-pap
+ roles:
+ - read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: http-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-pap-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password