1 #============LICENSE_START========================================================
2 #=================================================================================
3 # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
4 # Modifications Copyright © 2018 Amdocs, Bell Canada
5 # ================================================================================
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 # ============LICENSE_END=========================================================
19 {{ if .Values.componentImages.policy_handler }}
20 policy_handler_image: {{ include "common.repository" . }}/{{ .Values.componentImages.policy_handler }}
24 # parallelize the getConfig queries to policy-engine on each policy-update notification
27 # parallelize requests to policy-engine and keep them alive
30 # retry to getConfig from policy-engine on policy-update notification
31 policy_retry_count : 5
32 policy_retry_sleep : 5
34 # config of automatic catch_up for resiliency
36 # interval in seconds on how often to call automatic catch_up
37 # example: 1200 is 20*60 seconds that is 20 minutes
40 # config of periodic reconfigure-rediscover for adaptability
42 # interval in seconds on how often to call automatic reconfigure
43 # example: 600 is 10*60 seconds that is 10 minutes
46 # policy-engine config
47 # These are the url of and the auth for the external system, namely the policy-engine (PDP).
48 # We obtain that info manually from PDP folks at the moment.
49 # In long run we should figure out a way of bringing that info into consul record
50 # related to policy-engine itself.
51 # - k8s specific routing to policy-engine by hostname "pdp"
52 # - relying on dns to resolve hostname "pdp" to ip address
53 # - expecing to find "pdp" as the hostname in server cert from policy-engine
55 url : "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081"
56 path_notifications : "/pdp/notifications"
57 path_api : "/pdp/api/"
59 Accept : "application/json"
60 "Content-Type" : "application/json"
61 ClientAuth : "cHl0aG9uOnRlc3Q="
62 Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw=="
64 target_entity : "policy_engine"
65 # optional tls_ca_mode specifies where to find the cacert.pem for tls
66 # can be one of these:
67 # "cert_directory" - use the cacert.pem stored locally in cert_directory.
68 # this is the default if cacert.pem file is found
70 # "os_ca_bundle" - use the public ca_bundle provided by linux system.
71 # this is the default if cacert.pem file not found
73 # "do_not_verify" - special hack to turn off the verification by cacert and hostname
74 tls_ca_mode : "cert_directory"
75 # optional tls_wss_ca_mode specifies the same for the tls based web-socket
76 tls_wss_ca_mode : "cert_directory"
77 # deploy_handler config
78 # changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0
80 # name of deployment-handler service used by policy-handler for logging
81 target_entity : "deployment_handler"
82 # url of the deployment-handler service for policy-handler to direct the policy-updates to
83 # - expecting dns to resolve the hostname deployment-handler to ip address
84 url : "https://deployment-handler:8443"
85 # limit the size of a single data segment for policy-update messages
86 # from policy-handler to deployment-handler in megabytes
89 # optionally specify the tenant name for the cloudify under deployment-handler
90 # if not specified the "default_tenant" is used by the deployment-handler
91 cfy_tenant_name : "default_tenant"
92 # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification
93 # can be one of these:
94 # "cert_directory" - use the cacert.pem stored locally in cert_directory.
95 # this is the default if cacert.pem file is found
97 # "os_ca_bundle" - use the public ca_bundle provided by linux system.
98 # this is the default if cacert.pem file not found
100 # "do_not_verify" - special hack to turn off the verification by cacert and hostname
101 tls_ca_mode : "cert_directory"