X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-api%2Fvalues.yaml;h=9378c05bff5110e4072bd140c72ef87e512eb3a3;hb=4753743f0743a6b22f69e718c3cdb4ba8843cea6;hp=0e3ada89562ae91ff4657739bcf193c7eb8e3984;hpb=e4aac7a3c577b7bb9eaae93387d482f952ee4b72;p=oom.git diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 0e3ada8956..9378c05bff 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +24,8 @@ global: nodePortPrefix: 304 persistence: {} - aafEnabled: true + postgres: + localCluster: false ################################################################# # Secrets metaconfig @@ -41,45 +43,12 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-api-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.6.3 +image: onap/policy-api:3.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -87,11 +56,13 @@ debugEnabled: false # application configuration db: - user: policy_user + user: policy-user password: policy_user service: name: policy-mariadb + pgName: policy-pg-primary internalPort: 3306 + internalPgPort: 5432 restServer: user: policyadmin @@ -116,7 +87,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 120 api: /policy/api/v1/healthcheck - scheme: HTTPS successThreshold: 1 failureThreshold: 3 timeout: 60 @@ -124,30 +94,35 @@ readiness: service: type: ClusterIP name: policy-api - portName: policy-api - externalPort: 6969 internalPort: 6969 - nodePort: 40 + ports: + - name: http + port: 6969 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: policy-pap-read + flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "1Gi" requests: - cpu: 100m - memory: 1Gi + cpu: "0.5" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "2Gi" requests: - cpu: 200m - memory: 2Gi + cpu: "1" + memory: "2Gi" unlimited: {} #Pods Service Account @@ -165,7 +140,7 @@ metrics: enabled: true port: policy-api interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-api-user-creds