X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=523cd8cc38c52d4c8bba962a14753784be0f7ff9;hb=refs%2Fheads%2Fmaster;hp=d382b80ba07ef0196834b73ca1c54e7751d9de2b;hpb=760f7d111e5ad6973a708a270f81bfff49ba0808;p=oom.git diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index d382b80ba0..d2f81a9717 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -2,6 +2,7 @@ # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,30 +25,42 @@ global: # global defaults dockerhubRepository: docker.io busyboxImage: busybox - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.3 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 restartPolicy: Always - aafEnabled: true - msbEnabled: true - centralizedLoggingEnabled: true + msbEnabled: false + centralizedLoggingEnabled: false cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false + # in case of a local cassandra cluster + # flag to enable the DB creation via k8ssandra-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false + #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. - serviceName: cassandra + #in case of using k8ssandra-operator in the common cassandra installation + #the service name is: + serviceName: cassandra-dc1-service + #in case of local k8ssandra-operator instance it is + #serviceName: aai-cassandra-dc1-service + #in case the older cassandra installation is used: + #serviceName: cassandra #This should be same as shared cassandra instance or if localCluster is enabled #then it should be same as aai-cassandra replicaCount replicas: 3 - #Cassanara login details + #Cassandra login details username: cassandra password: cassandra @@ -61,10 +74,6 @@ global: # global defaults serviceName: aai-resources sparkyBe: serviceName: aai-sparky-be - dataRouter: - serviceName: aai-data-router - gizmo: - serviceName: aai-gizmo modelloader: serviceName: aai-modelloader searchData: @@ -73,8 +82,6 @@ global: # global defaults serviceName: aai-traversal graphadmin: serviceName: aai-graphadmin - spike: - serviceName: aai-spike initContainers: enabled: true @@ -205,7 +212,7 @@ global: # global defaults # Active spring profiles for the resources microservice # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: - active: production,dmaap #,aaf-auth + active: production,kafka #,aaf-auth # Notification event specific properties notification: @@ -217,7 +224,7 @@ global: # global defaults # Specifies if the connection should be one way ssl, two way ssl or no auth # will be set to no-auth if tls is disabled service: - client: one-way-ssl + client: no-auth # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service @@ -231,11 +238,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v27 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -277,16 +284,12 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false - aaiSdcListenerKafkaUser: aai-sdc-list-user - aai-babel: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-graphadmin: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-modelloader: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}' aai-resources: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-schema-service: @@ -296,43 +299,9 @@ aai-sparky-be: aai-traversal: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "aai" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.aai" - fqi: "aai@aai.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** transform AAF certs into pem files" - mkdir -p {{ .Values.credsPath }}/certs - keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 - echo "*** generating needed file" - cat {{ .Values.credsPath }}/certs/cert.pem \ - {{ .Values.credsPath }}/certs/cacert.pem \ - {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - > {{ .Values.credsPath }}/certs/fullchain.pem; - chown 1001 {{ .Values.credsPath }}/certs/* - # application image dockerhubRepository: registry.hub.docker.com -image: onap/aai-haproxy:1.9.5 +image: onap/aai-haproxy:1.11.0 pullPolicy: Always flavor: small @@ -362,8 +331,8 @@ affinity: {} haproxy: initContainers: resources: - memory: 100Mi - cpu: 50m + cpu: "50m" + memory: "500Mi" requestBlocking: enabled: false customConfigs: [] @@ -394,6 +363,9 @@ cassandra: persistence: mountSubPath: aai/cassandra enabled: true + k8ssandraOperator: + config: + clusterName: aai-cassandra readiness: initialDelaySeconds: 10 @@ -402,18 +374,14 @@ readiness: service: type: NodePort portName: http - externalPort: 8443 - internalPort: 8443 + externalPort: 80 + internalPort: 8080 nodePort: 33 - externalPlainPort: 80 - internalPlainPort: 8080 - nodeport: 33 - aaiServiceClusterIp: sessionAffinity: None metricsService: type: ClusterIP - portName: prometheus + portName: http-pro externalPort: 8448 internalPort: 8448 @@ -440,26 +408,53 @@ ingress: service: - baseaddr: "aai-api" name: "aai" - port: 8443 - plain_port: 80 + port: 80 config: ssl: "redirect" +serviceMesh: + authorizationPolicy: + authorizedPrincipalsMetrics: [] + authorizedPrincipals: + - serviceAccount: aai-graphadmin-read + - serviceAccount: aai-modelloader-read + - serviceAccount: aai-resources-read + - serviceAccount: aai-schema-service-read + - serviceAccount: aai-traversal-read + - serviceAccount: cds-blueprints-processor-read + - serviceAccount: consul-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-tcagen2 + - serviceAccount: nbi-read + - serviceAccount: sdnc-read + - serviceAccount: so-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-cnf-adapter-read + - serviceAccount: so-nssmf-adapter-read + - serviceAccount: so-etsi-nfvo-ns-lcm-read + - serviceAccount: so-etsi-sol003-adapter-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-sdc-controller-read + - serviceAccount: so-ve-vnfm-adapter + - serviceAccount: istio-ingress + namespace: istio-ingress + resources: small: limits: - cpu: 2 - memory: 4Gi + cpu: "2" + memory: "4Gi" requests: - cpu: 1 - memory: 1Gi + cpu: "1" + memory: "1.2Gi" large: limits: - cpu: 4 - memory: 8Gi + cpu: "4" + memory: "8Gi" requests: - cpu: 2 - memory: 2Gi + cpu: "2" + memory: "2.4Gi" unlimited: {} #Pods Service Account