X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2%2Fcharts%2Fdcae-bootstrap%2Fresources%2Finputs%2Fk8s-policy_handler-inputs.yaml;h=9cd37b5e2a0c64ea8b393f23a7ebc04047410839;hb=6418e496c61e5f9e2fbcad1782065b5072a0907c;hp=846bc43290ea9244c8aea3940731ffb7c68e2db0;hpb=53e5783c293b768caaecec7961bfaf7d18c0a0b0;p=oom.git diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml index 846bc43290..9cd37b5e2a 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. -# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,21 +27,39 @@ application_config: # parallelize requests to policy-engine and keep them alive pool_connections : 20 - # list of policyName prefixes (filters) that DCAE-Controller handles (=ignores any other policyName values) - scope_prefixes : ["DCAE.Config_"] - # retry to getConfig from policy-engine on policy-update notification policy_retry_count : 5 policy_retry_sleep : 5 + # mode of operation for the policy-handler + # either active or passive + # in passive mode the policy-hanlder will not listen to + # and will not bring the policy-updates from policy-engine + mode_of_operation : "active" + + # config of automatic catch_up for resiliency + catch_up : + # interval in seconds on how often to call automatic catch_up + # example: 1200 is 20*60 seconds that is 20 minutes + interval : 1200 + + # config of periodic reconfigure-rediscover for adaptability + reconfigure: + # interval in seconds on how often to call automatic reconfigure + # example: 600 is 10*60 seconds that is 10 minutes + interval : 600 + # policy-engine config # These are the url of and the auth for the external system, namely the policy-engine (PDP). # We obtain that info manually from PDP folks at the moment. # In long run we should figure out a way of bringing that info into consul record # related to policy-engine itself. + # - k8s specific routing to policy-engine by hostname "pdp" + # - relying on dns to resolve hostname "pdp" to ip address + # - expecing to find "pdp" as the hostname in server cert from policy-engine policy_engine : - url : "http://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081" - path_pdp : "/pdp/" + url : "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081" + path_notifications : "/pdp/notifications" path_api : "/pdp/api/" headers : Accept : "application/json" @@ -50,5 +68,46 @@ application_config: Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw==" Environment : "TEST" target_entity : "policy_engine" - # name of deployment-handler service in consul for policy-handler to direct the policy-updates to - deploy_handler : "deployment_handler" + # optional tls_ca_mode specifies where to find the cacert.pem for tls + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" + # optional tls_wss_ca_mode specifies the same for the tls based web-socket + tls_wss_ca_mode : "cert_directory" + # optional timeout_in_secs specifies the timeout for the http requests + timeout_in_secs: 60 + # optional ws_ping_interval_in_secs specifies the ping interval for the web-socket connection + ws_ping_interval_in_secs: 30 + # deploy_handler config + # changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0 + deploy_handler : + # name of deployment-handler service used by policy-handler for logging + target_entity : "deployment_handler" + # url of the deployment-handler service for policy-handler to direct the policy-updates to + # - expecting dns to resolve the hostname deployment-handler to ip address + url : "https://deployment-handler:8443" + # limit the size of a single data segment for policy-update messages + # from policy-handler to deployment-handler in megabytes + max_msg_length_mb : 5 + query : + # optionally specify the tenant name for the cloudify under deployment-handler + # if not specified the "default_tenant" is used by the deployment-handler + cfy_tenant_name : "default_tenant" + # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" + # optional timeout_in_secs specifies the timeout for the http requests + timeout_in_secs: 60