X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-traversal%2Fvalues.yaml;h=297de153089655fa393a1bdcf9446dd6abf7303d;hb=63db716df5e8a66512a5e843b9b3588c3fc07ed4;hp=0242cedd0b5379af6be0b32f3793f61f44977f02;hpb=cacfe7b32bcd951a2bb173d8beab8cf22da67ac4;p=oom.git diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 0242cedd0b..e4c0abe81e 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -26,8 +26,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -61,7 +59,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth + active: production,dmaap #,aaf-auth ,keycloak # Notification event specific properties notification: @@ -86,11 +84,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 @@ -104,32 +102,57 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-traversal-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-traversal + fqi: aai-traversal@aai-traversal.onap.org + public_fqdn: aai-traversal.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-traversal + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.7.2 +image: onap/aai-traversal:1.11.1 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 api_list: - 11 @@ -153,6 +176,20 @@ aai_enpoints: # application configuration config: + # configure keycloak according to your environment. + # don't forget to add keycloak in active profiles above (global.config.profiles) + keycloak: + host: keycloak.your.domain + port: 8180 + # Specifies a set of users, credentials, roles, and groups + realm: aai-traversal + # Used by any client application for enabling fine-grained authorization for their protected resources + resource: aai-traversal-app + # If set to true, additional criteria will be added into traversal query to returns all the vertices that match + # the data-owner property with the given role to the user in keycloak + multiTenancy: + enabled: true + # Specifies timeout information such as application specific and limits timeout: # If set to true application will timeout for queries taking longer than limit @@ -194,6 +231,12 @@ persistence: # default number of instances replicaCount: 1 +minReadySeconds: 10 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} @@ -212,14 +255,27 @@ readiness: service: type: ClusterIP - portName: aai-traversal-8446 + portName: http internalPort: 8446 - portName2: aai-traversal-5005 + portName2: tcp-5005 internalPort2: 5005 + terminationGracePeriodSeconds: 120 ingress: enabled: false +# To make logback capping values configurable +logback: + logToFileEnabled: true + maxHistory: 7 + totalSizeCap: 6GB + queueSize: 1000 + +accessLogback: + logToFileEnabled: true + maxHistory: 7 + totalSizeCap: 6GB + # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: @@ -238,3 +294,14 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-traversal + roles: + - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}'