X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fvalues.yaml;h=b1d32028c24331b2995a18fd97a28155cf957b38;hb=refs%2Fheads%2Fmaster;hp=2dfbfeebe57a4bbfd50127a0efe1b71dee17d09c;hpb=702d68ae02195cbe56ab5f5cd61bddc816880076;p=oom.git diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 2dfbfeebe5..6229992e94 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +20,8 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + kafkaBootstrap: strimzi-kafka-bootstrap + aaiKafkaUser: aai-kafka-user cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. @@ -33,8 +36,6 @@ global: # global defaults migration: enabled: false - aafEnabled: false - config: # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment @@ -51,8 +52,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - # aaf-auth profile will be automatically set if aaf enabled is set to true - active: production,dmaap #,aaf-auth + active: production,kafka # Notification event specific properties notification: @@ -63,7 +63,7 @@ global: # global defaults schema: # Specifies if the connection should be one way ssl, two way ssl or no auth service: - client: one-way-ssl + client: no-auth # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service @@ -77,11 +77,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v27 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -98,6 +98,10 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete + kafkaBootstrap: strimzi-kafka-bootstrap + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}' + someConfig: random + aaiTopic: AAI-EVENT api_list: - 11 @@ -123,41 +127,9 @@ aai_enpoints: url: network - name: aai-externalSystem url: external-system -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-resources-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: aai-resources - fqi: aai-resources@aai-resources.onap.org - public_fqdn: aai-resources.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.aai-resources - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-resources:1.11.0 +image: onap/aai-resources:1.13.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -188,6 +160,18 @@ config: # to the user in keycloak multiTenancy: enabled: true + janusgraph: + caching: + # enable when running read-heavy workloads + # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache + # modifications to graph done by other services (traversal) will only be visible + # after time specified in db-cache-time + enabled: false + # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching + dbCacheTime: 180000 # in milliseconds + dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running + dbCacheCleanWait: 20 # in milliseconds + # Specifies crud related operation timeouts and overrides crud: @@ -209,6 +193,33 @@ config: # Specifies if the bulk can be override and if it can the value override: false + # environment variables added to the launch of the image in deployment + env: + MIN_HEAP_SIZE: "512m" + MAX_HEAP_SIZE: "1024m" + MAX_METASPACE_SIZE: "512m" + + # adds jvm args for remote debugging the application + debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + + # adds jvm args for remote profiling the application + # port-forward, i.e: + # $ PODNAME=traversal + # $ kubectl -n ${NAMESPACE:=onap} port-forward pod/$(kubectl -n ${NAMESPACE:=onap} + # get pods | awk '{print $1}' | grep -m1 -e "$PODNAME") 9999:9999 + profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" + nodeSelector: {} affinity: {} @@ -231,11 +242,20 @@ service: internalPort: 8447 portName2: tcp-5005 internalPort2: 5005 + portName3: http-resources + internalPort3: 8448 terminationGracePeriodSeconds: 120 + sessionAffinity: None ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: aai-read + - serviceAccount: consul-read + # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -248,28 +268,95 @@ ingress: # Minimum memory for production is 4 CPU cores and 8GB memory #resources: # limits: -# cpu: 2 -# memory: 4Gi +# cpu: "2" +# memory: "4Gi" # requests: -# cpu: 2 -# memory: 4Gi +# cpu: "2" +# memory: "4Gi" resources: small: limits: - cpu: 2 - memory: 4Gi + cpu: "2" + memory: "4Gi" requests: - cpu: 1 - memory: 3Gi + cpu: "1" + memory: "3Gi" large: limits: - cpu: 4 - memory: 8Gi + cpu: "4" + memory: "8Gi" requests: - cpu: 2 - memory: 4Gi + cpu: "2" + memory: "6Gi" unlimited: {} +tracing: + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + ignorePatterns: + - /aai/util.* + +endpoints: + enabled: true + health: + enabled: true + info: + enabled: true + +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /actuator/prometheus + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + #interval: 30s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + #Pods Service Account serviceAccount: nameOverride: aai-resources @@ -279,16 +366,37 @@ serviceAccount: #Log configuration log: path: /var/log/onap + level: + root: DEBUG + base: DEBUG # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # To make logback capping values configurable logback: - logToFileEnabled: true + logToFileEnabled: false maxHistory: 7 totalSizeCap: 1GB queueSize: 1000 accessLogback: - logToFileEnabled: true + livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes + logToFileEnabled: false maxHistory: 7 totalSizeCap: 1GB +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: aai-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: AAI-EVENT + type: topic + operations: [Read, Write]