# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- aafEnabled: true
cassandra:
#Service Name of the cassandra cluster to connect to.
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap #,aaf-auth ,keycloak
+ active: production,dmaap
# Notification event specific properties
notification:
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
realtime:
clients: SDNC,MSO,SO,robot-ete
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-traversal-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-traversal
- fqi: aai-traversal@aai-traversal.onap.org
- public_fqdn: aai-traversal.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-traversal
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
# application image
-image: onap/aai-traversal:1.11.2
+image: onap/aai-traversal:1.12.3
pullPolicy: Always
restartPolicy: Always
flavor: small
# application configuration
config:
-
# configure keycloak according to your environment.
# don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
# the data-owner property with the given role to the user in keycloak
multiTenancy:
enabled: true
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (resources) will only be visible
+ # after time specified in db-cache-time
+ enabled: false
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+
# Specifies timeout information such as application specific and limits
timeout:
# Specifies how long should it wait before timing out the REST request
limit: 180000
+ # environment variables added to the launch of the image in deployment
+ env:
+ MIN_HEAP_SIZE: "512m"
+ MAX_HEAP_SIZE: "1024m"
+ MAX_METASPACE_SIZE: "512m"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
# Disables the updateQueryData script to run as part of traversal
disableUpdateQuery: true
# default number of instances
replicaCount: 1
-minReadySeconds: 10
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 0
- maxSurge: 1
-
nodeSelector: {}
affinity: {}
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
- portName3: aai-traversal-8448
+ portName3: http-traversal
internalPort3: 8448
terminationGracePeriodSeconds: 120
sessionAffinity: None
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
# To make logback capping values configurable
logback:
- logToFileEnabled: true
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
queueSize: 1000
accessLogback:
- logToFileEnabled: true
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
metrics:
serviceMonitor:
enabled: false
targetPort: 8448
- path: /prometheus
+ path: /actuator/prometheus
basicAuth:
enabled: false
externalSecretName: mysecretname
Code Review / oom.git / blobdiff