Merge "[COMMON] Add custom certs into AAF truststore"

[oom.git] / kubernetes / a1policymanagement / values.yaml

################################################################################
#   Copyright (c) 2020 Nordix Foundation.                                      #
#   Copyright © 2020 Samsung Electronics, Modifications                        #
#                                                                              #
#   Licensed under the Apache License, Version 2.0 (the "License");            #
#   you may not use this file except in compliance with the License.           #
#   You may obtain a copy of the License at                                    #
#                                                                              #
#       http://www.apache.org/licenses/LICENSE-2.0                             #
#                                                                              #
#   Unless required by applicable law or agreed to in writing, software        #
#   distributed under the License is distributed on an "AS IS" BASIS,          #
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
#   See the License for the specific language governing permissions and        #
#   limitations under the License.                                             #
################################################################################
# Default values for Policy Management Service.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  nodePortPrefix: 302

secrets:
  - uid: controller-secret
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
    login: '{{ .Values.a1controller.user }}'
    password: '{{ .Values.a1controller.password }}'
    passwordPolicy: required

#################################################################
# AAF part
#################################################################
certInitializer:
  nameOverride: a1p-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: a1p
  fqi: a1p@a1p.onap.org
  public_fqdn: a1p.onap.org
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  fqi_namespace: org.onap.a1p
  aaf_add_config: |
    echo "*** changing them into shell safe ones"
    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    cd {{ .Values.credsPath }}
    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
      -storepass "${cadi_keystore_password_p12}" \
      -keystore {{ .Values.fqi_namespace }}.p12
    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
      -storepass "${cadi_truststore_password}" \
      -keystore {{ .Values.fqi_namespace }}.trust.jks
    echo "*** save the generated passwords"
    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
    echo "*** change ownership of certificates to targeted user"
    chown -R 1000 .

image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1

service:
  type: NodePort
  name: a1policymanagement
  both_tls_and_plain: true
  ports:
    - name: api
      port: 8433
      plain_port: 8081
      port_protocol: http
      nodePort: '94'

# SDNC Credentials are used here
a1controller:
  user: admin
  password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U

sdncLink: https://sdnc.onap:8443
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD  & OSC versions for A1 termination.
# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
# Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
# Example configuration:
#rics:
#  - name: ric1
#    link: http://ric1url.url.com:1111/
#    managedElementIds:
#      - kista1
#      - kista2
#  - name: ric2
#    link: http://ric2url.url.com:2222/
#    managedElementIds:
#      - kista3
#      - kista4
rics:
streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100

liveness:
  port: api
  initialDelaySeconds: 60
  periodSeconds: 10
readiness:
  port: api
  initialDelaySeconds: 60
  periodSeconds: 10

#Resource Limit flavor -By Default using small
flavor: small

resources:
  small:
    limits:
      cpu: 2
      memory: 300Mi
    requests:
      cpu: 1
      memory: 150Mi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}

## Persist data to a persistent volume
persistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:
  volumeReclaimPolicy: Retain

  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "-"
  accessMode: ReadWriteOnce
  size: 2Gi
  mountPath: /dockerdata-nfs
  mountSubPath: nonrtric/policymanagementservice