Merge "[AAI] Make aai log level configurable"

[oom.git] / kubernetes / policy / components / policy-clamp-ac-pf-ppnt / values.yaml

diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index 6fefa02..7fc4f71 100644 (file)
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021-2022 Nordix Foundation.
+#   Copyright (C) 2021-2023 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -21,7 +21,10 @@
 #################################################################
 global:
   persistence: {}
-  aafEnabled: true
+  #Strimzi Kafka properties
+  kafkaTopics:
+    acRuntimeTopic:
+      name: &acRuntimeTopic policy.clamp-runtime-acm
 
 #################################################################
 # Secrets metaconfig
@@ -45,54 +48,16 @@ secrets:
     login: '{{ .Values.restServer.pap.user }}'
     password: '{{ .Values.restServer.pap.password }}'
     passwordPolicy: required
-  - uid: keystore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.keyStorePassword }}'
-    passwordPolicy: required
-  - uid: truststore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.trustStorePassword }}'
-    passwordPolicy: required
-  - uid: policy-kafka-user
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
-
-certStores:
-  keyStorePassword: Pol1cy_0nap
-  trustStorePassword: Pol1cy_0nap
-
-certInitializer:
-  nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: policy
-  fqi: policy@policy.onap.org
-  public_fqdn: policy.onap.org
-  cadi_latitude: "0.0"
-  cadi_longitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  app_ns: org.osaaf.aaf
-  uid: 100
-  gid: 101
-  aaf_add_config: >
-    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
-    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
-    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.3
+image: onap/policy-clamp-ac-pf-ppnt:7.1.2
 pullPolicy: Always
 
+componentName: &componentName policy-clamp-ac-pf-ppnt
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
@@ -114,12 +79,18 @@ restServer:
 nodeSelector: {}
 
 affinity: {}
+
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: strimzi-kafka-read
+
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 20
+  initialDelaySeconds: 60
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
@@ -127,63 +98,55 @@ liveness:
   port: http-api
 
 readiness:
-  initialDelaySeconds: 20
+  initialDelaySeconds: 60
   periodSeconds: 10
   port: http-api
 
 service:
   type: ClusterIP
-  name: policy-clamp-ac-pf-ppnt
-  useNodePortExt: true
+  name: *componentName
+  internalPort: 8085
   ports:
     - name: http-api
       port: 8085
-      nodePort: 42
 
 flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: "1"
+      memory: "1Gi"
     requests:
-      cpu: 100m
-      memory: 1Gi
+      cpu: "0.5"
+      memory: "1Gi"
   large:
     limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: "2"
+      memory: "2Gi"
     requests:
-      cpu: 200m
-      memory: 2Gi
+      cpu: "1"
+      memory: "2Gi"
   unlimited: {}
 #Pods Service Account
 serviceAccount:
-  nameOverride: policy-clamp-ac-pf-ppnt
+  nameOverride: *componentName
   roles:
     - read
 
 config:
-# Event consumption (kafka) properties
-  useStrimziKafka: true
-  kafkaBootstrap: strimzi-kafka-bootstrap
-  kafka:
-    consumer:
-      groupId: policy-group
-  app:
-    listener:
-      acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-#   spring.kafka.security.protocol: PLAINTEXT
-#   spring.kafka.consumer.group-id: policy-group
-#
 # Any new property can be added in the env by setting in overrides in the format mentioned below
 # All the added properties must be in "key: value" format instead of yaml.
 # additional:
 #   spring.config.max-size: 200
 #   spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+  authenticationType: scram-sha-512
+  acls:
+    - name: *componentName
+      type: group
+      operations: [Read]
+    - name: *acRuntimeTopic
+      type: topic
+      operations: [Read, Write]