# Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for resources. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules createSchema: enabled: true #migration using helm hooks migration: enabled: false aafEnabled: false config: # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI # Active spring profiles for the resources microservice profiles: # aaf-auth profile will be automatically set if aaf enabled is set to true active: production,dmaap #,aaf-auth # Notification event specific properties notification: eventType: AAI-EVENT domain: dev # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service source: # Specifies which folder to take a look at name: onap uri: # Base URI Path of the application base: path: /aai version: # Current version of the REST API api: default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 # Specifies from which version the app root change happened app: root: v11 # Specifies from which version the xml namespace changed namespace: change: v12 # Specifies from which version the edge label appeared in API edge: label: v12 # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete api_list: - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 aai_enpoints: - name: aai-cloudInfrastructure url: cloud-infrastructure - name: aai-business url: business - name: aai-actions url: actions - name: aai-service-design-and-creation url: service-design-and-creation - name: aai-network url: network - name: aai-externalSystem url: external-system ################################################################# # Certificate configuration ################################################################# certInitializer: nameOverride: aai-resources-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: aai-resources fqi: aai-resources@aai-resources.onap.org public_fqdn: aai-resources.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai-resources aaf_add_config: | echo "*** changing them into shell safe ones" export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks echo "*** save the generated passwords" echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} # application image image: onap/aai-resources:1.11.0 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small # default number of instances replicaCount: 1 # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: type: RollingUpdate # The number of pods that can be unavailable during the update process maxUnavailable: 0 # The number of pods that can be created above the desired amount of pods during an update maxSurge: 1 # Configuration for the resources deployment config: # configure keycloak according to your environment. # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: host: keycloak.your.domain port: 8180 # Specifies a set of users, credentials, roles, and groups realm: aai-resources # Used by any client application for enabling fine-grained authorization for their protected resources resource: aai-resources-app # If set to true, additional criteria will be added that match the data-owner property with the given role # to the user in keycloak multiTenancy: enabled: true # Specifies crud related operation timeouts and overrides crud: timeout: # Specifies if the timeout for REST GET calls should be enabled enabled: true # Specifies the timeout values for application specific # Its a pipe seperated list where each element before comma represents # the X-FromAppId and the comma after specifies the timeout limit in ms # If the timeout limit is -1 then it means for these apps no timeout appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1 # Specifies what is the maximum timeout limit in milliseconds limit: 100000 # Specifies configuration for bulk apis bulk: # Specifies for a bulk payload how many transactions in total allowed limit: 30 # Specifies if the bulk can be override and if it can the value override: false nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 periodSeconds: 60 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: false readiness: initialDelaySeconds: 60 periodSeconds: 10 service: type: ClusterIP portName: http internalPort: 8447 portName2: tcp-5005 internalPort2: 5005 portName3: aai-resources-8448 internalPort3: 8448 terminationGracePeriodSeconds: 120 sessionAffinity: None ingress: enabled: false # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # # Example: # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory #resources: # limits: # cpu: 2 # memory: 4Gi # requests: # cpu: 2 # memory: 4Gi resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 1 memory: 3Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {} metrics: serviceMonitor: enabled: false targetPort: 8448 path: /prometheus basicAuth: enabled: false externalSecretName: mysecretname externalSecretUserKey: login externalSecretPasswordKey: password ## Namespace in which Prometheus is running ## # namespace: monitoring ## Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## #interval: 30s ## Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## # scrapeTimeout: 10s ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## selector: app: '{{ include "common.name" . }}' chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## relabelings: [] ## MetricRelabelConfigs to apply to samples before ingestion ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## metricRelabelings: [] # - sourceLabels: # - "__name__" # targetLabel: "__name__" # action: replace # regex: '(.*)' # replacement: 'example_prefix_$1' #Pods Service Account serviceAccount: nameOverride: aai-resources roles: - read #Log configuration log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # To make logback capping values configurable logback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 1GB queueSize: 1000 accessLogback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 1GB