#################################################################
global:
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-xacml-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.0
+image: onap/policy-xacml-pdp:2.8.2
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
db:
- user: policy_user
+ user: policy-user
password: policy_user
service:
name: policy-mariadb
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: policy-xacml-pdp
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: dcae-datafile-collector-read
+ - serviceAccount: dcae-datalake-admin-ui-read
+ - serviceAccount: dcae-datalake-des-read
+ - serviceAccount: dcae-datalake-feeder-read
+ - serviceAccount: dcae-heartbeat-read
+ - serviceAccount: dcae-hv-ves-collector-read
+ - serviceAccount: dcae-kpi-ms-read
+ - serviceAccount: dcae-pm-mapper-read
+ - serviceAccount: dcae-pmsh-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-restconf-collector-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-snmptrap-collector-read
+ - serviceAccount: dcae-son-handler-read
+ - serviceAccount: dcae-tcagen2-read
+ - serviceAccount: dcae-ves-collector-read
+ - serviceAccount: dcae-ves-mapper-read
+ - serviceAccount: dcae-ves-openapi-manager-read
+ - serviceAccount: message-router-read
+ - serviceAccount: oof-read
+ - serviceAccount: sdnc-read
+
flavor: small
resources:
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 1Gi
requests:
- cpu: 100m
+ cpu: 0.5
memory: 1Gi
large:
limits:
cpu: 2
- memory: 8Gi
+ memory: 2Gi
requests:
- cpu: 200m
+ cpu: 1
memory: 2Gi
unlimited: {}
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
enabled: true
port: policy-xacml-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-xacml-pdp-restserver-creds