X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=62d1d2eabdbbab8f1597ab41fcb35c519b71c446;hb=6abb11b419fbb0bcc9bc3025e93658d945eccb3e;hp=ed617780f10f5ef87268741c7ea0b6386738197c;hpb=20079a297aee94db6f5690a60a27fc34a72d0b35;p=oom.git diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index ed617780f1..6e90089298 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -2,6 +2,7 @@ # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,29 +25,42 @@ global: # global defaults dockerhubRepository: docker.io busyboxImage: busybox - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:5.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 restartPolicy: Always - aafEnabled: true - msbEnabled: true + msbEnabled: false + centralizedLoggingEnabled: false cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false + # in case of a local cassandra cluster + # flag to enable the DB creation via k8ssandra-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false + #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. - serviceName: cassandra + #in case of using k8ssandra-operator in the common cassandra installation + #the service name is: + serviceName: cassandra-dc1-service + #in case of local k8ssandra-operator instance it is + #serviceName: aai-cassandra-dc1-service + #in case the older cassandra installation is used: + #serviceName: cassandra #This should be same as shared cassandra instance or if localCluster is enabled #then it should be same as aai-cassandra replicaCount replicas: 3 - #Cassanara login details + #Cassandra login details username: cassandra password: cassandra @@ -60,10 +74,6 @@ global: # global defaults serviceName: aai-resources sparkyBe: serviceName: aai-sparky-be - dataRouter: - serviceName: aai-data-router - gizmo: - serviceName: aai-gizmo modelloader: serviceName: aai-modelloader searchData: @@ -72,8 +82,6 @@ global: # global defaults serviceName: aai-traversal graphadmin: serviceName: aai-graphadmin - spike: - serviceName: aai-spike initContainers: enabled: true @@ -202,8 +210,9 @@ global: # global defaults passwd: AAI # Active spring profiles for the resources microservice + # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: - active: production,dmaap,aaf-auth + active: production,dmaap #,aaf-auth # Notification event specific properties notification: @@ -213,8 +222,9 @@ global: # global defaults # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth + # will be set to no-auth if tls is disabled service: - client: one-way-ssl + client: no-auth # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service @@ -228,11 +238,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v23 + default: v28 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 # Specifies from which version related link should appear related: link: v11 @@ -249,12 +259,12 @@ global: # global defaults # Keystore configuration password and filename keystore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Truststore configuration password and filename truststore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Specifies a list of files to be included in auth volume auth: @@ -274,43 +284,24 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "aai" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.aai" - fqi: "aai@aai.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** transform AAF certs into pem files" - mkdir -p {{ .Values.credsPath }}/certs - keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 - echo "*** generating needed file" - cat {{ .Values.credsPath }}/certs/cert.pem \ - {{ .Values.credsPath }}/certs/cacert.pem \ - {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - > {{ .Values.credsPath }}/certs/fullchain.pem; - chown 1001 {{ .Values.credsPath }}/certs/* +aai-babel: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-graphadmin: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-modelloader: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-resources: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-schema-service: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-sparky-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-traversal: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' # application image dockerhubRepository: registry.hub.docker.com -image: aaionap/haproxy:1.4.2 +image: onap/aai-haproxy:1.11.0 pullPolicy: Always flavor: small @@ -327,10 +318,28 @@ config: # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} +# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns +haproxy: + initContainers: + resources: + memory: 100Mi + cpu: 50m + requestBlocking: + enabled: false + customConfigs: [] + replicas: + aaiResources: 1 + aaiTraversal: 1 + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -346,12 +355,17 @@ liveness: # --set aai.global.cassandra.serviceName=aai-cassandra cassandra: nameOverride: aai-cassandra + serviceAccount: + nameOverride: aai-cassandra replicaCount: 3 service: name: aai-cassandra persistence: mountSubPath: aai/cassandra enabled: true + k8ssandraOperator: + config: + clusterName: aai-cassandra readiness: initialDelaySeconds: 10 @@ -359,22 +373,72 @@ readiness: service: type: NodePort - portName: aai-ssl - externalPort: 8443 - internalPort: 8443 + portName: http + externalPort: 80 + internalPort: 8080 nodePort: 33 - # POLICY hotfix - Note this must be temporary - # See https://jira.onap.org/browse/POLICY-510 - aaiServiceClusterIp: + sessionAffinity: None + +metricsService: + type: ClusterIP + portName: http-pro + externalPort: 8448 + internalPort: 8448 + +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /metrics + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}-metrics' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] ingress: enabled: false service: - - baseaddr: "aai.api" + - baseaddr: "aai-api" name: "aai" - port: 8443 - config: - ssl: "redirect" + port: 80 + config: + ssl: "redirect" + +serviceMesh: + authorizationPolicy: + authorizedPrincipalsMetrics: [] + authorizedPrincipals: + - serviceAccount: aai-graphadmin-read + - serviceAccount: aai-modelloader-read + - serviceAccount: aai-resources-read + - serviceAccount: aai-schema-service-read + - serviceAccount: aai-traversal-read + - serviceAccount: cds-blueprints-processor-read + - serviceAccount: consul-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-tcagen2 + - serviceAccount: nbi-read + - serviceAccount: sdnc-read + - serviceAccount: so-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-cnf-adapter-read + - serviceAccount: so-nssmf-adapter-read + - serviceAccount: so-etsi-nfvo-ns-lcm-read + - serviceAccount: so-etsi-sol003-adapter-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-sdc-controller-read + - serviceAccount: so-ve-vnfm-adapter + - serviceAccount: istio-ingress + namespace: istio-ingress resources: small: @@ -383,12 +447,18 @@ resources: memory: 4Gi requests: cpu: 1 - memory: 1Gi + memory: 1.2Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 - memory: 2Gi + memory: 2.4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai + roles: + - read