X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-modelloader%2Fvalues.yaml;h=09bb32dd43aeaf472f39aeabb61e7d5aa552048b;hb=c87dbc30928b4a9d05062ac842ec6749ee25ab3c;hp=443bf40122d76592a2fb7978395ef8c801bde81d;hpb=d523d125eb435b5516961aa39329bb5c3fd2d657;p=oom.git diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 443bf40122..09bb32dd43 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020-2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,19 +18,82 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + aaiSdcListenerKafkaUser: aai-sdc-list-user +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: aai-sdc-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-ml-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + appMountPath: /opt/app/model-loader/config/auth/aaf + fqi_namespace: org.onap.aai + user_id: &user_id 1000 + group_id: &group_id 1000 + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** writing passwords into prop file" + echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/model-loader:1.9.1 +image: onap/model-loader:1.12.0 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small + # application configuration -config: {} +config: + someConfig: blah + kafka: + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: aai + clientId: aai-model-loader # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} @@ -47,26 +110,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - portName: http - externalPort: 8080 - internalPort: 8080 - nodePort: 10 - portName2: https - externalPort2: 8443 - internalPort2: 8443 - nodePort2: 29 - -ingress: - enabled: false - service: - - baseaddr: "aaimodelloader" - name: "aai-modelloader" - port: 8443 - config: - ssl: "redirect" - resources: small: limits: @@ -90,6 +133,11 @@ serviceAccount: roles: - read +# Not fully used for now +securityContext: + user_id: *user_id + group_id: *group_id + #Log configuration log: path: /var/log/onap