X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-clamp-runtime-acm%2Fvalues.yaml;h=cc399d38dacb690b16854332c03691564942508a;hb=refs%2Fheads%2Fmaster;hp=7e30372d7e9baff39768b24b64485e48ec51440a;hpb=2a5d1bbf59b2ec3abc2d61fdaf85e801cbaf3d7d;p=oom.git diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 7e30372d7e..9f225db1b6 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,10 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true + #Strimzi Kafka properties + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -34,16 +37,6 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - uid: runtime-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' @@ -51,36 +44,15 @@ secrets: password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: required -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-runtime-acm-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:6.2.3 +image: onap/policy-clamp-runtime-acm:7.1.3 pullPolicy: Always +componentName: &componentName policy-clamp-runtime-acm + # flag to enable debugging - application support required debugEnabled: false @@ -88,9 +60,28 @@ debugEnabled: false config: policyAppUserName: runtimeUser policyAppUserPassword: none +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +kafkaTopic: + - name: *acRuntimeTopic db: - user: policy_user + user: policy-user password: policy_user service: name: policy-mariadb @@ -105,7 +96,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -113,42 +104,54 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 port: http-api service: type: ClusterIP - name: policy-clamp-runtime-acm - useNodePortExt: true + name: *componentName ports: - name: http-api port: 6969 - nodePort: 42 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: strimzi-kafka-read + - serviceAccount: policy-gui-read + flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "1Gi" requests: - cpu: 100m - memory: 1Gi + cpu: "0.5" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "2Gi" requests: - cpu: 200m - memory: 2Gi + cpu: "1" + memory: "2Gi" unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-runtime-acm + nameOverride: *componentName roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.release" . }}-policy-galera-config' + +customNaming: + toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement + toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition \ No newline at end of file