X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-graphadmin%2Fvalues.yaml;h=09396cc104d9161b1ba8f37c0859024e4d14f865;hb=2ff7f1c46d3e9a6b05e830ac4bc8f56c230b22aa;hp=2774609e8f1a3035ee0d6730cfbdfbc9ee6943d3;hpb=09e9875bd082c067b251189456e821c6ce785bc8;p=oom.git diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 2774609e8f..09396cc104 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -5,6 +5,7 @@ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,8 @@ global: # global defaults cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false + # flag to enable the DB creation via k8ssandra-operator + useOperator: true initContainers: enabled: true jobs: @@ -61,7 +64,7 @@ global: # global defaults # Specifies if the connection should be one way ssl, two way ssl or no auth # will be set to no-auth if tls is disabled service: - client: one-way-ssl + client: no-auth # Specifies which translator to use if it has schema-service, then it will # make a rest request to schema service translator: @@ -76,11 +79,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 @@ -96,55 +99,10 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: - clients: SDNC,MSO,SO,robot-ete - -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-graphadmin-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: aai - fqi: aai@aai.onap.org - public_fqdn: aai.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.aai - user_id: &user_id 1000 - group_id: &group_id 1000 - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ - -storepass "${cadi_keystore_password_jks}" \ - -keystore {{ .Values.fqi_namespace }}.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_jks}" \ - -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }} - echo "*** writing passwords into prop file" - echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop - echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} + clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 # application image -image: onap/aai-graphadmin:1.9.1 +image: onap/aai-graphadmin:1.11.2 pullPolicy: Always restartPolicy: Always flavor: small @@ -165,9 +123,8 @@ config: # Specify the profiles for the graphadmin microservice profiles: - # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and - # serviceMesh.tls is set to tru - active: dmaap #,one-way-ssl" + + active: dmaap # Specifies the timeout limit for the REST API requests timeout: @@ -240,11 +197,18 @@ service: internalPort: 8449 portName2: tcp-5005 internalPort2: 5005 + portName3: http-graphadmin + internalPort3: 8448 terminationGracePeriodSeconds: 120 ingress: enabled: false +# No inbound communications. +serviceMesh: + authorizationPolicy: + authorizedPrincipals: [] + persistence: enabled: true ## A manually managed Persistent Volume and Claim @@ -267,27 +231,57 @@ persistence: mountSubPath: aai/aai-graphadmin mountSubPath1: aai/migration +# To make logback capping values configurable +logback: + logToFileEnabled: true + maxHistory: 7 + totalSizeCap: 6GB + queueSize: 1000 + +accessLogback: + logToFileEnabled: true + maxHistory: 7 + totalSizeCap: 6GB + resources: small: limits: - cpu: 2 + cpu: 1 memory: 4Gi requests: cpu: 0.5 - memory: 1536Mi + memory: 1.6Gi large: limits: - cpu: 4 + cpu: 2 memory: 8Gi requests: cpu: 1 - memory: 2Gi + memory: 3.2Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] + # Not fully used for now securityContext: - user_id: *user_id - group_id: *group_id + user_id: 1000 + group_id: 1000 #Pods Service Account serviceAccount: