X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=62d1d2eabdbbab8f1597ab41fcb35c519b71c446;hb=116dcb01068e8ab4e79642f2affd7e8a2952307e;hp=08a1fb8b174a5b77d12bd4621d0126e97fc5d1f6;hpb=fbd5c5ae348d31f62b3f5e5212ddce8752b964e8;p=oom.git diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 08a1fb8b17..62d1d2eabd 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,9 @@ global: # global defaults restartPolicy: Always - installSidecarSecurity: false aafEnabled: true - - fproxy: - name: forward-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/fproxy:2.1.13 - port: 10680 - - rproxy: - name: reverse-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/rproxy:2.1.13 - port: 10692 - - tproxyConfig: - name: init-tproxy-config - image: onap/tproxy-config:2.1.13 - - # AAF server details. Only needed if the AAF DNS does not resolve from the pod - aaf: - serverIp: 10.12.6.214 - serverHostname: aaf.osaaf.org - serverPort: 30247 + msbEnabled: true + centralizedLoggingEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -223,8 +203,9 @@ global: # global defaults passwd: AAI # Active spring profiles for the resources microservice + # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: - active: production,dmaap,aaf-auth + active: production,dmaap #,aaf-auth # Notification event specific properties notification: @@ -234,6 +215,7 @@ global: # global defaults # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth + # will be set to no-auth if tls is disabled service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service @@ -249,11 +231,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -270,12 +252,12 @@ global: # global defaults # Keystore configuration password and filename keystore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Truststore configuration password and filename truststore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Specifies a list of files to be included in auth volume auth: @@ -295,6 +277,21 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +aai-babel: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-graphadmin: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-modelloader: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-resources: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-schema-service: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-sparky-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-traversal: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' + ################################################################# # Certificate configuration ################################################################# @@ -312,10 +309,6 @@ certInitializer: cadi_latitude: "0.0" credsPath: /opt/app/osaaf/local aaf_add_config: | - echo "*** retrieving passwords from AAF" - /opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop - export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0) echo "*** transform AAF certs into pem files" mkdir -p {{ .Values.credsPath }}/certs keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ @@ -356,6 +349,12 @@ nodeSelector: {} affinity: {} +# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns +haproxy: + requestBlocking: + enabled: false + customConfigs: [] + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -371,6 +370,8 @@ liveness: # --set aai.global.cassandra.serviceName=aai-cassandra cassandra: nameOverride: aai-cassandra + serviceAccount: + nameOverride: aai-cassandra replicaCount: 3 service: name: aai-cassandra @@ -384,13 +385,16 @@ readiness: service: type: NodePort - portName: aai-ssl + portName: http externalPort: 8443 internalPort: 8443 nodePort: 33 # POLICY hotfix - Note this must be temporary # See https://jira.onap.org/browse/POLICY-510 aaiServiceClusterIp: + externalPlainPort: 80 + internalPlainPort: 8080 + nodeport: 33 ingress: enabled: false @@ -398,8 +402,8 @@ ingress: - baseaddr: "aai.api" name: "aai" port: 8443 - config: - ssl: "redirect" + config: + ssl: "redirect" resources: small: @@ -417,3 +421,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai + roles: + - read