# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modification (C) 2023-2025 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024-2025 OpenInfra Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 304
persistence: {}
- aafEnabled: true
+ postgres:
+ service:
+ name: policy-postgres
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ port: 5432
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: db-creds
+ - uid: db-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-api-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+dbmigrator:
+ image: onap/policy-db-migrator:4.2.0
+ schemas: "policyadmin clampacm pooling operationshistory"
+ policy_home: "/opt/app/policy"
+postgresImage: library/postgres:17.2
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.5.1
+image: onap/policy-api:4.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
db:
- user: policy_user
+ user: policy-user
password: policy_user
- service:
- name: policy-mariadb
- internalPort: 3306
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
restServer:
user: policyadmin
- password: none
+ password: zb!XztG34
# default number of instances
replicaCount: 1
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
+ initialDelaySeconds: 10
+ periodSeconds: 120
+ api: /policy/api/v1/healthcheck
+ successThreshold: 1
+ failureThreshold: 3
+ timeout: 120
service:
type: ClusterIP
name: policy-api
- portName: policy-api
- externalPort: 6969
internalPort: 6969
- nodePort: 40
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: policy-pap-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+ migration:
+ sizeLimit: 1Gi
+
+dbReadiness:
+ retryCount: 3
+
#Pods Service Account
serviceAccount:
nameOverride: policy-api
roles:
- read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+ version: '{{ .Chart.Version | replace "+" "_" }}'
+ release: prometheus
+ enabled: true
+ port: http
+ path: /policy/api/v1/metrics
+ interval: 60s
+ isHttps: false
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-api-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ selector:
+ app: '{{ include "common.name" . }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
Code Review / oom.git / blobdiff