Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[UUI] Update image version 16.0.1 of components of UUI
[oom.git] / kubernetes / policy / components / policy-xacml-pdp / values.yaml
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
old mode 100755 (executable)
new mode 100644 (file)
index 3a44719..061ceed
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,7 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+#   Modifications Copyright (C) 2024-2025 OpenInfra Europe. All rights reserved.
+#   Modifications Copyright © 2024-2025 Deutsche Telekom
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -21,7 +23,12 @@
 #################################################################
 global:
   persistence: {}
-  aafEnabled: true
+  postgres:
+    service:
+      name: policy-postgres
+      name2: policy-pg-primary
+      name3: policy-pg-replica
+      port: 5432
 
 #################################################################
 # Secrets metaconfig
@@ -45,58 +52,24 @@ secrets:
     login: '{{ .Values.apiServer.user }}'
     password: '{{ .Values.apiServer.password }}'
     passwordPolicy: required
-  - uid: keystore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.keyStorePassword }}'
-    passwordPolicy: required
-  - uid: truststore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.trustStorePassword }}'
-    passwordPolicy: required
-
-certStores:
-  keyStorePassword: Pol1cy_0nap
-  trustStorePassword: Pol1cy_0nap
-
-certInitializer:
-  nameOverride: policy-xacml-pdp-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: policy
-  fqi: policy@policy.onap.org
-  public_fqdn: policy.onap.org
-  cadi_latitude: "0.0"
-  cadi_longitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  app_ns: org.osaaf.aaf
-  uid: 100
-  gid: 101
-  aaf_add_config: >
-    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
-    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
-    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/policy-xacml-pdp:2.7.0
+image: onap/policy-xacml-pdp:4.2.0
 pullPolicy: Always
 
+componentName: &componentName policy-xacml-pdp
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
 # application configuration
 
 db:
-  user: policy_user
+  user: policy-user
   password: policy_user
-  service:
-    name: policy-mariadb
-    internalPort: 3306
 
 restServer:
   user: healthcheck
@@ -108,6 +81,12 @@ apiServer:
 
 # default number of instances
 replicaCount: 1
+updateStrategy:
+  type: RollingUpdate
+  # The number of pods that can be unavailable during the update process
+  maxUnavailable: 0
+  # The number of pods that can be created above the desired amount of pods during an update
+  maxSurge: 1
 
 nodeSelector: {}
 
@@ -125,37 +104,83 @@ readiness:
   initialDelaySeconds: 20
   periodSeconds: 10
 
+autoscaling:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 3
+  targetCPUUtilizationPercentage: 80
+
 service:
   type: ClusterIP
-  name: policy-xacml-pdp
-  portName: policy-xacml-pdp
-  externalPort: 6969
+  name: *componentName
   internalPort: 6969
+  ports:
+    - name: http
+      port: 6969
 
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: dcae-datafile-collector-read
+      - serviceAccount: dcae-datalake-admin-ui-read
+      - serviceAccount: dcae-datalake-des-read
+      - serviceAccount: dcae-datalake-feeder-read
+      - serviceAccount: dcae-heartbeat-read
+      - serviceAccount: dcae-hv-ves-collector-read
+      - serviceAccount: dcae-kpi-ms-read
+      - serviceAccount: dcae-pm-mapper-read
+      - serviceAccount: dcae-pmsh-read
+      - serviceAccount: dcae-prh-read
+      - serviceAccount: dcae-restconf-collector-read
+      - serviceAccount: dcae-slice-analysis-ms-read
+      - serviceAccount: dcae-snmptrap-collector-read
+      - serviceAccount: dcae-son-handler-read
+      - serviceAccount: dcae-tcagen2-read
+      - serviceAccount: dcae-ves-collector-read
+      - serviceAccount: dcae-ves-mapper-read
+      - serviceAccount: dcae-ves-openapi-manager-read
+      - serviceAccount: strimzi-kafka-read
+      - serviceAccount: oof-read
+      - serviceAccount: sdnc-read
+
 flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: "1"
+      memory: "1Gi"
     requests:
-      cpu: 100m
-      memory: 1Gi
+      cpu: "0.5"
+      memory: "1Gi"
   large:
     limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: "2"
+      memory: "2Gi"
     requests:
-      cpu: 200m
-      memory: 2Gi
+      cpu: "1"
+      memory: "2Gi"
   unlimited: {}
 
+securityContext:
+  user_id: 100
+  group_id: 102
+
+groupIdPrefix: policy-xacml-pdp
+
+dirSizes:
+  emptyDir:
+    sizeLimit: 1Gi
+  logDir:
+    sizeLimit: 500Mi
+  policyDir:
+    sizeLimit: 100Mi
+
 #Pods Service Account
 serviceAccount:
-  nameOverride: policy-xacml-pdp
+  nameOverride: *componentName
   roles:
     - read
 
@@ -164,11 +189,17 @@ metrics:
     # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
     # The default operator for prometheus enforces the below label.
     labels:
+      app: '{{ include "common.name" . }}'
+      helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      app.kubernetes.io/instance: '{{ include "common.release" . }}'
+      app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+      version: '{{ .Chart.Version | replace "+" "_" }}'
       release: prometheus
     enabled: true
-    port: policy-xacml-pdp
+    port: http
+    path: /metrics
     interval: 60s
-    isHttps: true
+    isHttps: false
     basicAuth:
       enabled: true
       externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
@@ -176,6 +207,33 @@ metrics:
       externalSecretPasswordKey: password
     selector:
       app: '{{ include "common.name" . }}'
-      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
-      release: '{{ include "common.release" . }}'
-      heritage: '{{ .Release.Service }}'
+      helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      app.kubernetes.io/instance: '{{ include "common.release" . }}'
+      app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+config:
+  # Event consumption (kafka) properties
+  kafka:
+    consumer:
+      groupId: policy-xacml-pdp
+  app:
+    listener:
+      policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+  authenticationType: scram-sha-512
+  acls:
+    - name: policy-xacml-pdp
+      type: group
+      patternType: prefix
+      operations: [ Create, Describe, Read, Write ]
+    - name: policy-pdp-pap
+      type: topic
+      patternType: prefix
+      operations: [ Create, Describe, Read, Write ]
+
+readinessCheck:
+  wait_for:
+    services:
+      - policy-api
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).