# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
-# Modifications Copyright (C) 2020 Bell Canada.
+# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
passwordPolicy: required
- uid: restserver-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- uid: api-secret
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
login: '{{ .Values.healthCheckRestClient.api.user }}'
password: '{{ .Values.healthCheckRestClient.api.password }}'
passwordPolicy: required
externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
password: '{{ .Values.certStores.trustStorePassword }}'
passwordPolicy: required
+ - uid: policy-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
certStores:
keyStorePassword: Pol1cy_0nap
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.5.0
+image: onap/policy-pap:2.8.1
pullPolicy: Always
# flag to enable debugging - application support required
internalPort: 3306
restServer:
- user: healthcheck
+ user: policyadmin
password: zb!XztG34
healthCheckRestClient:
api:
- user: healthcheck
- password: zb!XztG34
+ user: policyadmin
+ password: none
distribution:
user: healthcheck
password: zb!XztG34
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
+ initialDelaySeconds: 10
+ periodSeconds: 120
port: http-api
+ api: /policy/pap/v1/healthcheck
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 60
service:
type: ClusterIP
nameOverride: policy-pap
roles:
- read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: http-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-pap-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.