X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=523cd8cc38c52d4c8bba962a14753784be0f7ff9;hb=HEAD;hp=b162de7de4953b5fdc7c93d3f6397b2d10776d6f;hpb=65e8f785c1ab86a761970161bb1e754a0e03c895;p=oom.git

diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index b162de7de4..6c8157b84d 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -25,38 +25,59 @@ global: # global defaults
   dockerhubRepository: docker.io
   busyboxImage: busybox
 
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.1.2
 
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
 
   restartPolicy: Always
 
-  msbEnabled: false
   centralizedLoggingEnabled: false
 
+  tracing:
+    enabled: false
+    collector:
+      baseUrl: http://jaeger-collector.istio-config:9411
+    sampling:
+      probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+
   cassandra:
     #This will instantiate AAI cassandra cluster, default:shared cassandra.
     localCluster: false
 
+    # in case of a local cassandra cluster
+    # flag to enable the DB creation via k8ssandra-operator
+    useOperator: true
+    # if useOperator set to "true", set "enableServiceAccount to "false"
+    # as the SA is created by the Operator
+    enableServiceAccount: false
+
     #Service Name of the cassandra cluster to connect to.
     #Override it to aai-cassandra if localCluster is enabled.
     #in case of using k8ssandra-operator in the common cassandra installation
     #the service name is:
-    #serviceName: cassandra-dc1-service
+    serviceName: cassandra-dc1-service
     #in case of local k8ssandra-operator instance it is
     #serviceName: aai-cassandra-dc1-service
     #in case the older cassandra installation is used:
-    serviceName: cassandra
+    #serviceName: cassandra
 
     #This should be same as shared cassandra instance or if localCluster is enabled
     #then it should be same as aai-cassandra replicaCount
     replicas: 3
 
-    #Cassanara login details
+    #Cassandra login details
     username: cassandra
     password: cassandra
 
+    #Cassandra datacenter name
+    localDataCenter: dc1
+
+    # The name of Cassandra cluster's partitioner.
+    # It will be retrieved by client if not provided.
+    # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql
+    partitionerName: org.apache.cassandra.dht.Murmur3Partitioner
+
   aai:
     serviceName: aai
   babel:
@@ -205,7 +226,7 @@ global: # global defaults
     # Active spring profiles for the resources microservice
     # aaf-auth profile will be automatically set if aaf enabled is set to true
     profiles:
-      active: production,dmaap #,aaf-auth
+      active: production,kafka #,aaf-auth
 
     # Notification event specific properties
     notification:
@@ -231,11 +252,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v27
+          default: v30
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -294,11 +315,10 @@ aai-traversal:
 
 # application image
 dockerhubRepository: registry.hub.docker.com
-image: onap/aai-haproxy:1.11.0
+image: onap/aai-haproxy:1.15.2
 pullPolicy: Always
 
 flavor: small
-flavorOverride: small
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -307,13 +327,21 @@ debugEnabled: false
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
+  # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file.
+  # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same.
+  NAME_SERVER: coredns.kube-system
+  # hold interval in seconds
+  DNS_REFRESH_INTERVAL: 5
 
 # default number of instances
 replicaCount: 1
 
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 1
+
 updateStrategy:
   type: RollingUpdate
-  maxUnavailable: 0
+  maxUnavailable: 33%
   maxSurge: 1
 
 nodeSelector: {}
@@ -324,14 +352,17 @@ affinity: {}
 haproxy:
   initContainers:
     resources:
-      memory: 100Mi
-      cpu: 50m
+      cpu: "50m"
+      memory: "500Mi"
   requestBlocking:
     enabled: false
     customConfigs: []
   replicas:
-    aaiResources: 1
-    aaiTraversal: 1
+    aaiResources: 3
+    aaiTraversal: 3
+  # stickiness based on path.
+  # For multiple replicas, requests will not be distributed evenly
+  stickOnPath: true
 
 # probe configuration parameters
 liveness:
@@ -357,7 +388,6 @@ cassandra:
     mountSubPath: aai/cassandra
     enabled: true
   k8ssandraOperator:
-    enabled: false
     config:
       clusterName: aai-cassandra
 
@@ -375,13 +405,13 @@ service:
 
 metricsService:
   type: ClusterIP
-  portName: http-prometheus
+  portName: http-pro
   externalPort: 8448
   internalPort: 8448
 
 metrics:
   serviceMonitor:
-    enabled: false
+    enabled: true
     targetPort: 8448
     path: /metrics
     basicAuth:
@@ -389,9 +419,9 @@ metrics:
 
     selector:
       app: '{{ include "common.name" . }}-metrics'
-      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
-      release: '{{ include "common.release" . }}'
-      heritage: '{{ .Release.Service }}'
+      helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      app.kubernetes.io/instance: '{{ include "common.release" . }}'
+      app.kubernetes.io/managed-by: '{{ .Release.Service }}'
 
     relabelings: []
 
@@ -406,21 +436,49 @@ ingress:
       config:
        ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipalsMetrics: []
+    authorizedPrincipals:
+      - serviceAccount: aai-graphadmin-read
+      - serviceAccount: aai-modelloader-read
+      - serviceAccount: aai-resources-read
+      - serviceAccount: aai-schema-service-read
+      - serviceAccount: aai-traversal-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: dcae-prh-read
+      - serviceAccount: dcae-slice-analysis-ms-read
+      - serviceAccount: dcae-tcagen2
+      - serviceAccount: nbi-read
+      - serviceAccount: sdnc-read
+      - serviceAccount: so-read
+      - serviceAccount: so-bpmn-infra-read
+      - serviceAccount: so-cnf-adapter-read
+      - serviceAccount: so-nssmf-adapter-read
+      - serviceAccount: so-etsi-nfvo-ns-lcm-read
+      - serviceAccount: so-etsi-sol003-adapter-read
+      - serviceAccount: so-openstack-adapter-read
+      - serviceAccount: so-sdc-controller-read
+      - serviceAccount: so-ve-vnfm-adapter
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 4Gi
+      cpu: "2"
+      memory: "4Gi"
     requests:
-      cpu: 1
-      memory: 1Gi
+      cpu: "500m"
+      memory: "1200Mi"
   large:
     limits:
-      cpu: 4
-      memory: 8Gi
+      cpu: "4"
+      memory: "8Gi"
     requests:
-      cpu: 2
-      memory: 2Gi
+      cpu: "1"
+      memory: "2400Mi"
   unlimited: {}
 
 #Pods Service Account
@@ -428,3 +486,13 @@ serviceAccount:
   nameOverride: aai
   roles:
     - read
+
+securityContext:
+  user_id: 99
+  group_id: 99
+
+volumes:
+  haProxySizeLimit: 20Mi
+
+podAnnotations:
+  checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'