Merge "[AAI] Service Mesh compatibility"

[oom.git] / kubernetes / aai / components / aai-traversal / values.yaml

diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 8a063c2..fc4ff7a 100644 (file)
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -59,7 +59,7 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      active: production,dmaap #,aaf-auth ,keycloak
 
     # Notification event specific properties
     notification:
@@ -123,9 +123,19 @@ certInitializer:
   credsPath: /opt/app/osaaf/local
   fqi_namespace: org.onap.aai-traversal
   aaf_add_config: |
-    echo "*** writing passwords into prop file"
-    echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
-    echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
     echo "*** change ownership of certificates to targeted user"
     chown -R 1000 {{ .Values.credsPath }}
 
@@ -135,6 +145,14 @@ pullPolicy: Always
 restartPolicy: Always
 flavor: small
 flavorOverride: small
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+  type: RollingUpdate
+  # The number of pods that can be unavailable during the update process
+  maxUnavailable: 0
+  # The number of pods that can be created above the desired amount of pods during an update
+  maxSurge: 1
 
 api_list:
   - 11
@@ -158,6 +176,20 @@ aai_enpoints:
 # application configuration
 config:
 
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
+  keycloak:
+    host: keycloak.your.domain
+    port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-traversal
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-traversal-app
+    # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
+    # the data-owner property with the given role to the user in keycloak
+    multiTenancy:
+      enabled: true
+
   # Specifies timeout information such as application specific and limits
   timeout:
     # If set to true application will timeout for queries taking longer than limit
@@ -217,10 +249,11 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: aai-traversal-8446
+  portName: http
   internalPort: 8446
-  portName2: aai-traversal-5005
+  portName2: tcp-5005
   internalPort2: 5005
+  terminationGracePeriodSeconds: 120
 
 ingress:
   enabled: false
@@ -243,3 +276,9 @@ resources:
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-traversal
+  roles:
+    - read