[AAI-ML] Move aai-modelloader to use strimzi kafka user template

[oom.git] / kubernetes / aai / components / aai-modelloader / values.yaml

# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020-2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Default values for modelloader.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global: # global defaults
  nodePortPrefix: 302

#################################################################
# Certificate configuration
#################################################################
certInitializer:
  nameOverride: aai-ml-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: aai
  fqi: aai@aai.onap.org
  public_fqdn: aai.onap.org
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  appMountPath: /opt/app/model-loader/config/auth/aaf
  fqi_namespace: org.onap.aai
  user_id: &user_id 1000
  group_id: &group_id 1000
  aaf_add_config: |
    echo "*** changing them into shell safe ones"
    export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    cd {{ .Values.credsPath }}
    keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
      -storepass "${cadi_keystore_password_p12}" \
      -keystore {{ .Values.fqi_namespace }}.p12
    keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
      -storepass "${cadi_truststore_password}" \
      -keystore {{ .Values.fqi_namespace }}.trust.jks
    echo "*** writing passwords into prop file"
    echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
    echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
    echo "*** change ownership of certificates to targeted user"
    chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}

# application image
image: onap/model-loader:1.12.0
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small

# Strimzi KafkaUser config
kafkaUser:
  acls:
    - name: aai
      type: group
      operations: [Read]
    - name: SDC-DISTR
      type: topic
      patternType: prefix
      operations: [Read, Write]

# default number of instances
replicaCount: 1

updateStrategy:
  type: RollingUpdate
  maxUnavailable: 0
  maxSurge: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 0.5
      memory: 1Gi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 1
      memory: 1536Mi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: aai-modelloader
  roles:
    - read

# Not fully used for now
securityContext:
  user_id: *user_id
  group_id: *group_id

#Log configuration
log:
  path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'