X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fvalues.yaml;h=e244e767536cc0031e7eca5f76b4d0eeef0e8c63;hb=f298897e7e5871bef78ca49b9b4bf9d2b0741658;hp=5210a249d2433dab4c2f2a22d8a8a8c7003ad858;hpb=582c0436fb78854623608159b615d2b422c65149;p=oom.git

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 5210a249d2..e244e76753 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -24,9 +24,6 @@ global: # global defaults
     #Override it to aai-cassandra if localCluster is enabled.
     serviceName: cassandra
 
-  initContainers:
-    enabled: true
-
   # Specifies a list of jobs to be run
   jobs:
     # When enabled, it will create the schema based on oxm and edge rules
@@ -36,6 +33,8 @@ global: # global defaults
     migration:
       enabled: false
 
+  aafEnabled: false
+
   config:
     # Specifies that the cluster connected to a dynamic
     # cluster being spinned up by kubernetes deployment
@@ -52,7 +51,8 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      # aaf-auth profile will be automatically set if aaf enabled is set to true 
+      active: production,dmaap #,aaf-auth
 
     # Notification event specific properties
     notification:
@@ -95,21 +95,6 @@ global: # global defaults
         edge:
           label: v12
 
-    # Keystore configuration password and filename
-    keystore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
-    # Truststore configuration password and filename
-    truststore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
-    # Specifies a list of files to be included in auth volume
-    auth:
-      files:
-        - aai_keystore
-
     # Specifies which clients should always default to realtime graph connection
     realtime:
       clients: SDNC,MSO,SO,robot-ete
@@ -138,21 +123,71 @@ aai_enpoints:
     url: network
   - name: aai-externalSystem
     url: external-system
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-resources-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: aai-resources
+  fqi: aai-resources@aai-resources.onap.org
+  public_fqdn: aai-resources.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.aai-resources
+  aaf_add_config: |
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
 
 # application image
-image: onap/aai-resources:1.7.2
+image: onap/aai-resources:1.8.2
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
 flavorOverride: small
 # default number of instances
 replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+  type: RollingUpdate
+  # The number of pods that can be unavailable during the update process
+  maxUnavailable: 0
+  # The number of pods that can be created above the desired amount of pods during an update
+  maxSurge: 1
 
 # Configuration for the resources deployment
 config:
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
   keycloak:
-    host: localhost
+    host: keycloak.your.domain
     port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-resources
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-resources-app
+    # If set to true, additional criteria will be added that match the data-owner property with the given role
+    # to the user in keycloak
+    multiTenancy:
+      enabled: true
 
   # Specifies crud related operation timeouts and overrides
   crud:
@@ -190,18 +225,13 @@ readiness:
   initialDelaySeconds: 60
   periodSeconds: 10
 
-# application configuration
-sidecar:
-  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-  trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
 service:
   type: ClusterIP
-  portName: aai-resources-8447
+  portName: http
   internalPort: 8447
-  portName2: aai-resources-5005
+  portName2: tcp-5005
   internalPort2: 5005
+  terminationGracePeriodSeconds: 120
 
 ingress:
   enabled: false
@@ -239,3 +269,9 @@ resources:
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-resources
+  roles:
+    - read