X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdmaap%2Fcomponents%2Fmessage-router%2Fvalues.yaml;h=63c62ca48c830514ccbc84e1586347d82924b923;hb=b66260d1edc2e2a7decf349e0735279f9e87bb06;hp=c4bab2350ab3c1d4e7046eee2d40e9f458172ae2;hpb=b2188514ae53ca61abb7d7cc90279279cb489301;p=oom.git diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index c4bab2350a..63c62ca48c 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,26 +19,77 @@ ################################################################# global: nodePortPrefix: 302 + kafkaBootstrap: strimzi-kafka-bootstrap + saslMechanism: scram-sha-512 + kafkaInternalPort: 9092 + zkTunnelService: + type: ClusterIP + name: zk-tunnel-svc + portName: tcp-zk-tunnel + internalPort: 2181 + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-mr-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: dmaap-mr + fqi: dmaapmr@mr.dmaap.onap.org + public_fqdn: mr.dmaap.onap.org + cadi_longitude: "-122.26147" + cadi_latitude: "37.78187" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops + fqi_namespace: org.onap.dmaap.mr + aaf_add_config: | + cd {{ .Values.credsPath }} + echo "*** change jks password into shell safe one" + export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + echo "*** set key password as same password as jks keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} + echo "*** store the passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop + echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop + echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop + echo "*** give ownership of files to the user" + chown -R 1000 . ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/dmaap-mr:1.1.18 +image: onap/dmaap/dmaap-mr:1.4.3 pullPolicy: Always -kafka: - name: message-router-kafka - port: 9092 zookeeper: - name: message-router-zookeeper - port: 2181 + entrance: + image: scholzj/zoo-entrance:latest + +secrets: + - uid: mr-kafka-admin-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate # flag to enable debugging - application support required debugEnabled: false # application configuration -config: {} +config: + someConfig: blah # default number of instances replicaCount: 1 @@ -48,18 +100,30 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 70 + initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container port: api enabled: true readiness: - initialDelaySeconds: 70 + initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + port: api + +startup: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 70 port: api service: @@ -116,3 +180,9 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: message-router + roles: + - read