[OOM] Fixing k8s ServiceAccounts

[oom.git] / kubernetes / cps / components / cps-core / values.yaml

diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index c548abb..b44f456 100644 (file)
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -1,6 +1,6 @@
 # Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
 # Modifications Copyright (C) 2022 Bell Canada
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -43,13 +43,6 @@ secrets:
     login: '{{ .Values.config.dmiPluginUserName }}'
     password: '{{ .Values.config.dmiPluginUserPassword }}'
     passwordPolicy: generate
-  - uid: cps-kafka-user
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
 
 #################################################################
 # Global configuration defaults.
@@ -75,7 +68,7 @@ global:
     container:
       name: postgres
 
-image: onap/cps-and-ncmp:3.0.1
+image: onap/cps-and-ncmp:3.2.6
 containerPort: &svc_port 8080
 managementPort: &mgt_port 8081
 
@@ -116,18 +109,18 @@ replicaCount: 1
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 2Gi
+      cpu: 999
+      memory: 1.5Gi
     requests:
       cpu: 1
-      memory: 1Gi
+      memory: 1.5Gi
   large:
     limits:
-      cpu: 4
-      memory: 4Gi
+      cpu: 999
+      memory: 3Gi
     requests:
       cpu: 2
-      memory: 2Gi
+      memory: 3Gi
   unlimited: {}
 # probe configuration parameters
 liveness:
@@ -145,10 +138,16 @@ readiness:
   path: /manage/health
   port: *mgt_port
 
+startup:
+  failureThreshold: 5
+  periodSeconds: 60
+  path: /manage/health
+  port: *mgt_port
+
 ingress:
   enabled: true
   service:
-    - baseaddr: "cps-core"
+    - baseaddr: "cps-core-api"
       path: "/"
       name: "cps-core"
       port: *svc_port
@@ -167,8 +166,7 @@ securityContext:
 #################################################################
 
 config:
-
-  # Set it for pre loading xnfdata, else set to null
+  # Set it for preloading xnfdata, else set to null
   liquibaseLabels: xnf-data-preload
 
   # REST API basic authentication credentials (passsword is generated if not provided)
@@ -183,30 +181,54 @@ config:
 #    spring.config.max-size: 200
 #    spring.config.min-size: 10
 
-# kafka config
-  useStrimziKafka: true
-  kafkaBootstrap: strimzi-kafka-bootstrap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-
-#  eventPublisher:
-#    spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-#    spring.kafka.security.protocol: SASL_PLAINTEXT
-#    spring.kafka.properties.sasl.mechanism: PLAIN
-#    spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
-
   additional:
-    notification.data-updated.enabled: true
-    notification.data-updated.topic: cps.data-updated-events
+    notification.enabled: true
+    notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events
     notification.data-updated.filters.enabled-dataspaces: ""
     notification.async.enabled: false
     notification.async.executor.core-pool-size: 2
-    notification.async.executor.max-pool-size: 1
+    notification.async.executor.max-pool-size: 10
     notification.async.executor.queue-capacity: 500
     notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
     notification.async.executor.thread-name-prefix: Async-
 
+# Strimzi KafkaUser and Topic config
+kafkaTopic:
+  - name: &dmiCmEventsTopic dmi-cm-events
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+  - name: &ncmpAsyncM2MTopic ncmp-async-m2m
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+  - name: &cmAvcSubscriptionTopic cm-avc-subscription
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+
+kafkaUser:
+  authenticationType: scram-sha-512
+  acls:
+    - name: cps-core-group
+      type: group
+      operations: [Read]
+    - name: *dataUpdatedTopic
+      type: topic
+      operations: [Write]
+    - name: *dmiCmEventsTopic
+      type: topic
+      operations: [Read]
+    - name: *ncmpAsyncM2MTopic
+      type: topic
+      operations: [Read]
+    - name: *cmAvcSubscriptionTopic
+      type: topic
+      operations: [Read]
+
+topics:
+  config:
+    app.ncmp.async-m2m.topic: *ncmpAsyncM2MTopic
+    app.ncmp.avc.subscription-topic: *cmAvcSubscriptionTopic
+    app.dmi.cm-events.topic: *dmiCmEventsTopic
+
 logging:
   level: INFO
   path: /tmp
@@ -244,6 +266,8 @@ postgres-init:
     pgDatabase: cpsdb
     pgDataPath: data
     pgUserExternalSecret: *pgUserCredsSecretName
+  serviceAccount:
+    nameOverride: cps-postgres-init
 
     # pgPrimaryPassword: password
     # pgUserPassword: password