X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-pap%2Fvalues.yaml;h=a190fb0cdd0f151ac058f62071bd0f3557b16c3b;hb=7ef78aefe4cf6dba1e14add5602f4df55862c9b4;hp=d7135524d37a8fba3cc98567e642e41c45f7d7ab;hpb=c03c1f30a59b79e69997108be149340a15b5f855;p=oom.git diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index d7135524d3..a190fb0cdd 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -1,7 +1,8 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. -# Modifications Copyright (C) 2020 Bell Canada. +# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,7 +25,6 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true ################################################################# # Secrets metaconfig @@ -54,45 +54,19 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-pap-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - + - uid: policy-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.5.1 +image: onap/policy-pap:2.8.1 pullPolicy: Always # flag to enable debugging - application support required @@ -108,12 +82,12 @@ db: internalPort: 3306 restServer: - user: healthcheck - password: none + user: policyadmin + password: zb!XztG34 healthCheckRestClient: api: - user: healthcheck + user: policyadmin password: none distribution: user: healthcheck @@ -128,7 +102,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -136,22 +110,30 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 - periodSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 120 port: http-api + api: /policy/pap/v1/healthcheck + successThreshold: 1 + failureThreshold: 3 + timeout: 60 service: type: ClusterIP name: policy-pap - useNodePortExt: true ports: - name: http-api port: 6969 - nodePort: 42 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + - serviceAccount: portal-app-read + flavor: small resources: small: @@ -175,3 +157,42 @@ serviceAccount: nameOverride: policy-pap roles: - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: http-api + interval: 60s + isHttps: false + basicAuth: + enabled: true + externalSecretNameSuffix: policy-pap-user-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + +# application configuration +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + policyPdpPapTopic: policy-pdp-pap +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: :9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml.