X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2-services%2Fcomponents%2Fdcae-prh%2Fvalues.yaml;h=4f8ec771045720d2d79874e07dea0a5f6ab4a439;hb=d7136f1f9d6cc352897892ee4b0ef0470e58087d;hp=c7d4c1d82f441dc4e5705ac6c2440e03888d3b35;hpb=71129595a731fa0a792832860cd32d17eda02cef;p=oom.git

diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index c7d4c1d82f..4f8ec77104 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -1,6 +1,8 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022 Nokia.  All rights reserved.
+# Copyright (c) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,6 +23,7 @@
 global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
+  centralizedLoggingEnabled: true
 
 #################################################################
 # Filebeat configuration defaults.
@@ -29,31 +32,19 @@ filebeatConfig:
   logstashServiceName: log-ls
   logstashPort: 5044
 
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.10.1
 pullPolicy: Always
 
 # log directory where logging sidecar should look for log files
-# if absent, no sidecar will be deployed
-logDirectory: /opt/app/prh/logs
-
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/prh/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
+# if path is set to null sidecar won't be deployed in spite of
+# global.centralizedLoggingEnabled setting.
+log:
+  path: /opt/app/prh/logs
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
 
 secrets:
   - uid: &aaiCredsUID aaicreds
@@ -65,8 +56,7 @@ secrets:
 # dependencies
 readinessCheck:
   wait_for:
-    - dcae-config-binding-service
-    - aaf-cm
+    - message-router
 
 # probe configuration
 readiness:
@@ -84,6 +74,11 @@ service:
     - port: 8100
       name: http
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 aaiCreds:
   user: AAI
   password: AAI
@@ -96,10 +91,6 @@ credentials:
   uid: *aaiCredsUID
   key: password
 
-customEnvVars:
-- name: AUTH_HDR
-  value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
-
 # initial application configuration
 applicationConfig:
   dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
@@ -108,11 +99,11 @@ applicationConfig:
   dmaap.dmaapConsumerConfiguration.timeoutMs: -1
   dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json"
   dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json"
-  aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v23/network/pnfs/pnf
-  aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v23
-  aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local
-  aai.aaiClientConfiguration.aaiHostPortNumber: 8443
-  aai.aaiClientConfiguration.aaiProtocol: "https"
+  aai.aaiClientConfiguration.pnfUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23/network/pnfs/pnf
+  aai.aaiClientConfiguration.baseUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23
+  aai.aaiClientConfiguration.aaiHost: aai-internal.onap.svc.cluster.local
+  aai.aaiClientConfiguration.aaiHostPortNumber: 80
+  aai.aaiClientConfiguration.aaiProtocol: "http"
   aai.aaiClientConfiguration.aaiUserName: ${AAI_USER}
   aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD}
   aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
@@ -124,7 +115,7 @@ applicationConfig:
       X-TransactionId: "9999"
       Accept: "application/json"
       Real-Time: "true"
-      Authorization: $AUTH_HDR
+      Authorization: ${AUTH_HDR}
   security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks"
   security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass"
   security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks"
@@ -148,6 +139,43 @@ applicationConfig:
 
 applicationEnv:
   CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+  AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}'
+  BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+  JAAS_CONFIG:
+    externalSecret: true
+    externalSecretUid: '{{ include "common.name" . }}-ku'
+    key: sasl.jaas.config
+
+# Strimzi Kafka User config
+kafkaUser:
+  acls:
+    - name: OpenDCAE-c12
+      type: group
+      patternType: literal
+      operations: [Read]
+    - name: \"*\"
+      type: topic
+      patternType: literal
+      operations: [DescribeConfigs]
+    - name: unauthenticated.VES_PNFREG_OUTPUT
+      type: topic
+      patternType: literal
+      operations: [Read]
+    - name: unauthenticated.PNF_READY
+      type: topic
+      patternType: literal
+      operations: [Write]
+    - name: unauthenticated.PNF_UPDATE
+      type: topic
+      patternType: literal
+      operations: [Write]
+
+# Strimzi Kafka Topics
+kafkaTopic:
+  - name: unauthenticated.PNF_READY
+    strimziTopicName: unauthenticated.pnf-ready
+  - name: unauthenticated.PNF_UPDATE
+    strimziTopicName: unauthenticated.pnf-update
 
 # Resource Limit flavor -By Default using small
 flavor: small
@@ -155,16 +183,22 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 2Gi
-    requests:
       cpu: 1
-      memory: 1Gi
+      memory: 3Gi
+    requests:
+      cpu: 0.5
+      memory: 3Gi
   large:
     limits:
-      cpu: 4
-      memory: 4Gi
-    requests:
       cpu: 2
-      memory: 2Gi
+      memory: 6Gi
+    requests:
+      cpu: 1
+      memory: 6Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-prh
+  roles:
+    - read