# Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright (c) 2020 Nokia # Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for traversal. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 aafEnabled: true cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules createSchema: enabled: true # When enabled, it will create the widget models via REST API to haproxy updateQueryData: enabled: true #migration using helm hooks migration: enabled: false # Common configuration for resources traversal and graphadmin config: # User information for the admin user in container userId: 1000 groupId: 1000 # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI # Active spring profiles for the resources microservice profiles: active: production,dmaap #,aaf-auth ,keycloak # Notification event specific properties notification: eventType: AAI-EVENT domain: dev # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service source: # Specifies which folder to take a look at name: onap uri: # Base URI Path of the application base: path: /aai version: # Current version of the REST API api: default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 # Specifies from which version the app root change happened app: root: v11 # Specifies from which version the xml namespace changed namespace: change: v12 # Specifies from which version the edge label appeared in API edge: label: v12 # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete ################################################################# # Certificate configuration ################################################################# certInitializer: nameOverride: aai-traversal-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: aai-traversal fqi: aai-traversal@aai-traversal.onap.org public_fqdn: aai-traversal.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai-traversal aaf_add_config: | echo "*** changing them into shell safe ones" export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks echo "*** save the generated passwords" echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} # application image image: onap/aai-traversal:1.11.1 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: type: RollingUpdate # The number of pods that can be unavailable during the update process maxUnavailable: 0 # The number of pods that can be created above the desired amount of pods during an update maxSurge: 1 api_list: - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 aai_enpoints: - name: aai-generic-query url: search/generic-query - name: aai-nodes-query url: search/nodes-query - name: aai-nquery url: query # application configuration config: # configure keycloak according to your environment. # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: host: keycloak.your.domain port: 8180 # Specifies a set of users, credentials, roles, and groups realm: aai-traversal # Used by any client application for enabling fine-grained authorization for their protected resources resource: aai-traversal-app # If set to true, additional criteria will be added into traversal query to returns all the vertices that match # the data-owner property with the given role to the user in keycloak multiTenancy: enabled: true # Specifies timeout information such as application specific and limits timeout: # If set to true application will timeout for queries taking longer than limit enabled: true # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1 # Specifies how long should it wait before timing out the REST request limit: 180000 # Disables the updateQueryData script to run as part of traversal disableUpdateQuery: true # Override of the DSL Timeout Limit dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA' dsl: # Dsl timeout configuration timeout: # Whether or not the dsl is enabled enabled: true # Default time limit of the DSL query limit: 150000 # App Specific Timeout Limit for each of the X-FromAppId appspecific: - JUNITTESTAPP1,1 - JUNITTESTAPP2,-1 - AAI-TOOLS,-1 - DCAE-CCS,1200000 - DCAES,1200000 - VPESAT,-1 - AAI-CACHER,-1 - VidAaiController,300000 - AAI-UI,180000 persistence: mountPath: /dockerdata-nfs mountSubPath: aai/aai-traversal # default number of instances replicaCount: 1 minReadySeconds: 10 updateStrategy: type: RollingUpdate maxUnavailable: 0 maxSurge: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 periodSeconds: 60 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: false readiness: initialDelaySeconds: 10 periodSeconds: 10 service: type: ClusterIP portName: http internalPort: 8446 portName2: tcp-5005 internalPort2: 5005 terminationGracePeriodSeconds: 120 ingress: enabled: false # To make logback capping values configurable logback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 6GB queueSize: 1000 accessLogback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 6GB # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 1 memory: 3Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {} #Pods Service Account serviceAccount: nameOverride: aai-traversal roles: - read #Log configuration log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}'