X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-apex-pdp%2Fvalues.yaml;h=3cea773d0f6c9e01906c0277106474be2d0148d2;hb=refs%2Fheads%2Fmaster;hp=10e4da4a996de4a6837731f7e3800ec92e70c71b;hpb=5583c3cd4f0b6d6be561af051c9f0466502c10fe;p=oom.git diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 10e4da4a99..6070bb05af 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright © 2022 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +24,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true persistence: {} ################################################################# @@ -35,16 +35,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' - - uid: truststore-pass - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - - uid: keystore-pass - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - uid: policy-kafka-user externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' type: genericKV @@ -57,7 +47,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.9.1 +image: onap/policy-apex-pdp:3.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -68,29 +58,6 @@ debugEnabled: false restServer: user: healthcheck password: zb!XztG34 -truststore: - password: Pol1cy_0nap -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-apex-pdp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 101 - gid: 102 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -114,32 +81,37 @@ readiness: service: type: ClusterIP name: policy-apex-pdp - portName: http - externalPort: 6969 internalPort: 6969 - nodePort: 37 + ports: + - name: http + port: 6969 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: strimzi-kafka-read + # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "1Gi" requests: - cpu: 10m - memory: 1Gi + cpu: "0.5" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "2Gi" requests: - cpu: 20m - memory: 2Gi + cpu: "1" + memory: "2Gi" unlimited: {} #Pods Service Account @@ -157,7 +129,7 @@ metrics: enabled: true port: policy-apex-pdp interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-apex-pdp-restserver-creds @@ -172,22 +144,24 @@ metrics: # application configuration config: # Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: - groupId: policy-group + groupId: policy-apex app: listener: policyPdpPapTopic: policy-pdp-pap -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# -# Any new property can be added in the env by setting in overrides in the format mentioned below -# All the added properties must be in "key: value" format instead of yaml. + +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: policy-apex + type: group + operations: [Create, Describe, Read, Write] + - name: policy-pdp-pap + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write] + - name: policy-heartbeat + type: topic + patternType: prefix + operations: [Create, Describe, Read, Write]