X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-clamp-ac-pf-ppnt%2Fvalues.yaml;h=b76369901952a24d45cb51cd77de075612726dea;hb=refs%2Fheads%2Fmaster;hp=9d000f10189814e2a15835d8511b386a4657a24d;hpb=a9735653fa277357628e027cf61dd7b75d966f57;p=oom.git diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 9d000f1018..2112f2510a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,10 @@ ################################################################# global: persistence: {} - aafEnabled: true + #Strimzi Kafka properties + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -45,54 +48,16 @@ secrets: login: '{{ .Values.restServer.pap.user }}' password: '{{ .Values.restServer.pap.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - - uid: policy-kafka-user - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:6.3.0 +image: onap/policy-clamp-ac-pf-ppnt:7.1.3 pullPolicy: Always +componentName: &componentName policy-clamp-ac-pf-ppnt + # flag to enable debugging - application support required debugEnabled: false @@ -114,12 +79,18 @@ restServer: nodeSelector: {} affinity: {} + ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: strimzi-kafka-read + # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -127,63 +98,55 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 port: http-api service: type: ClusterIP - name: policy-clamp-ac-pf-ppnt - useNodePortExt: true + name: *componentName + internalPort: 8085 ports: - name: http-api port: 8085 - nodePort: 42 flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "1Gi" requests: - cpu: 100m - memory: 1Gi + cpu: "0.5" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "2Gi" requests: - cpu: 200m - memory: 2Gi + cpu: "1" + memory: "2Gi" unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-ac-pf-ppnt + nameOverride: *componentName roles: - read config: -# Event consumption (kafka) properties - useStrimziKafka: true - kafkaBootstrap: strimzi-kafka-bootstrap - kafka: - consumer: - groupId: policy-group - app: - listener: - acRuntimeTopic: policy-acruntime-participant -# If targeting a custom kafka cluster, ie useStrimziKakfa: false -# uncomment below config and target your kafka bootstrap servers, -# along with any other security config. -# -# eventConsumption: -# spring.kafka.bootstrap-servers: :9092 -# spring.kafka.security.protocol: PLAINTEXT -# spring.kafka.consumer.group-id: policy-group -# # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write]