# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
restartPolicy: Always
- aafEnabled: true
- msbEnabled: true
- centralizedLoggingEnabled: true
+ msbEnabled: false
+ centralizedLoggingEnabled: false
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
#Service Name of the cassandra cluster to connect to.
#Override it to aai-cassandra if localCluster is enabled.
- serviceName: cassandra
+ #in case of using k8ssandra-operator in the common cassandra installation
+ #the service name is:
+ serviceName: cassandra-dc1-service
+ #in case of local k8ssandra-operator instance it is
+ #serviceName: aai-cassandra-dc1-service
+ #in case the older cassandra installation is used:
+ #serviceName: cassandra
#This should be same as shared cassandra instance or if localCluster is enabled
#then it should be same as aai-cassandra replicaCount
serviceName: aai-resources
sparkyBe:
serviceName: aai-sparky-be
- dataRouter:
- serviceName: aai-data-router
- gizmo:
- serviceName: aai-gizmo
modelloader:
serviceName: aai-modelloader
searchData:
serviceName: aai-traversal
graphadmin:
serviceName: aai-graphadmin
- spike:
- serviceName: aai-spike
initContainers:
enabled: true
# Specifies if the connection should be one way ssl, two way ssl or no auth
# will be set to no-auth if tls is disabled
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
# since when this is enabled, it prints a lot of information to console
enabled: false
- aaiSdcListenerKafkaUser: aai-sdc-list-user
-
aai-babel:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-graphadmin:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-modelloader:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}'
aai-resources:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-schema-service:
aai-traversal:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "aai"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.aai"
- fqi: "aai@aai.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
- -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
- -alias ca_local_0 \
- -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** generating needed file"
- cat {{ .Values.credsPath }}/certs/cert.pem \
- {{ .Values.credsPath }}/certs/cacert.pem \
- {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- > {{ .Values.credsPath }}/certs/fullchain.pem;
- chown 1001 {{ .Values.credsPath }}/certs/*
-
# application image
dockerhubRepository: registry.hub.docker.com
-image: onap/aai-haproxy:1.9.5
+image: onap/aai-haproxy:1.11.0
pullPolicy: Always
flavor: small
persistence:
mountSubPath: aai/cassandra
enabled: true
+ k8ssandraOperator:
+ enabled: false
+ config:
+ clusterName: aai-cassandra
readiness:
initialDelaySeconds: 10
service:
type: NodePort
portName: http
- externalPort: 8443
- internalPort: 8443
+ externalPort: 80
+ internalPort: 8080
nodePort: 33
- externalPlainPort: 80
- internalPlainPort: 8080
- nodeport: 33
- aaiServiceClusterIp:
sessionAffinity: None
metricsService:
type: ClusterIP
- portName: prometheus
+ portName: http-prometheus
externalPort: 8448
internalPort: 8448
service:
- baseaddr: "aai-api"
name: "aai"
- port: 8443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipalsMetrics: []
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-modelloader-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-schema-service-read
+ - serviceAccount: aai-traversal-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-tcagen2
+ - serviceAccount: nbi-read
+ - serviceAccount: sdnc-read
+ - serviceAccount: so-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-cnf-adapter-read
+ - serviceAccount: so-nssmf-adapter-read
+ - serviceAccount: so-etsi-nfvo-ns-lcm-read
+ - serviceAccount: so-etsi-sol003-adapter-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: so-ve-vnfm-adapter
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
resources:
small:
limits:
Code Review / oom.git / blobdiff