X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blobdiff_plain;f=kubernetes%2Fsdc%2Fcomponents%2Fsdc-be%2Fvalues.yaml;h=7f914d4bdfb983fcd0ec9c845202343e761cb2bf;hp=faf46e55499cde07c8ab3ab59eb25123b14ee575;hb=refs%2Fheads%2Fmaster;hpb=3422fe96531c951a3209ac3c2c6a3e8308559812 diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index faf46e5549..2572b235de 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -30,21 +30,19 @@ global: #to match with its own cluster replica replicaCount: 3 clusterName: cassandra - dataCenter: Pod - # Strimzi kafka config + #datacenter name (use "dc1" in case of k8ssandra-operator, otherwise "Pod") + dataCenter: dc1 + # Global Strimzi kafka config overridden + # from parent values.yaml kafka: useKafka: overridden-from-parent-values-yaml - sdcBeKafkaUser: overridden-from-parent-values-yaml - topics: - sdcDistNotifTopic: overridden-from-parent-values-yaml - sdcDistStatusTopic: overridden-from-parent-values-yaml ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.12.0 -backendInitImage: onap/sdc-backend-init:1.12.0 +image: onap/sdc-backend-all-plugins:1.14.1 +backendInitImage: onap/sdc-backend-init:1.14.1 pullPolicy: Always @@ -53,54 +51,26 @@ debugEnabled: false #environment file env: - name: AUTO - -certInitializer: - nameOverride: sdc-be-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop + name: &env AUTO ################################################################# # SDC Config part ################################################################# - -secrets: - - uid: sdc-be-kafka-secret - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate - config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" - # Strimzi kafka config - kafka: - saslMech: scram-sha-512 - securityProtocol: SASL_PLAINTEXT - authType: simple - topicRetentionMs: 7200000 - topicSegmentBytes: 1073741824 - topicConsumer: - pattern: SDC-DIST - groupId: sdc + +kafkaUser: + acls: + - name: sdc + suffix: *env + type: group + operations: [Read] + - name: SDC-DISTR + type: topic + patternType: prefix + operations: [Read, Write] + # default number of instances replicaCount: 1 @@ -111,6 +81,7 @@ affinity: {} # probe configuration parameters liveness: + path: /sdc2/rest/healthCheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 @@ -121,6 +92,7 @@ liveness: enabled: true readiness: + path: /sdc2/rest/healthCheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 @@ -128,6 +100,7 @@ readiness: failureThreshold: 3 startup: + path: /sdc2/rest/healthCheck initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 180 @@ -137,26 +110,10 @@ startup: service: type: NodePort name: sdc-be - both_tls_and_plain: true internalPort: 8080 - msb: - - port: 8443 - url: "/sdc/v1" - version: "v1" - protocol: "REST" - visualRange: "1" - serviceName: sdc - enable_ssl: true - - port: 8080 - url: "/sdc/v1" - version: "v1" - protocol: "REST" - visualRange: "1" - serviceName: sdc-deprecated ports: - name: tcp-api - port: 8443 - plain_port: 8080 + port: 8080 port_protocol: http nodePort: '04' @@ -165,11 +122,19 @@ ingress: service: - baseaddr: "sdc-be-api" name: "sdc-be" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: nbi-read + - serviceAccount: so-cnfm-lcm-read + - serviceAccount: so-etsi-sol003-adapter-read + - serviceAccount: so-read + - serviceAccount: istio-ingress + namespace: istio-ingress # Resource Limit flavor -By Default using small flavor: small @@ -177,26 +142,44 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 2Gi + cpu: "2" + memory: "3Gi" requests: - cpu: 100m - memory: 1Gi + cpu: "1" + memory: "3Gi" large: limits: - cpu: 2 - memory: 4Gi + cpu: "3" + memory: "6Gi" requests: - cpu: 200m - memory: 2Gi + cpu: "1" + memory: "6Gi" unlimited: {} +metrics: + serviceMonitor: + enabled: true + targetPort: 8080 + path: /sdc2/rest/actuator/prometheus + basicAuth: + enabled: false + #Pods Service Account serviceAccount: nameOverride: sdc-be roles: - read +readinessCheck: + wait_for_service: + name: "services" + services: + - sdc-onboarding-be + job_wait_for: + timeout: 25 + services: + - sdc-be + wait_for_job_container: containers: - '{{ include "common.name" . }}-job' @@ -205,3 +188,189 @@ wait_for_job_container: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +securityContext: + user_id: 1000 + group_id: 101 + +jobPodSecurityContext: + fsGroup: 101 + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + +volumes: + logSizeLimit: 300Mi + jettySizeLimit: 400Mi + tmpSizeLimit: 500Mi + varTmpSizeLimit: 100Mi + +resources_initContainer: + limits: + cpu: "2000m" + memory: "2Gi" + requests: + cpu: "1000m" + memory: "600Mi" + +####### +####### +pairEnvName: "" + +cassandra: + hostname: cassandra-dc1-service.onap + port: 9042 + cassandraPassword: Aa1234%^! + cassandraUsername: asdc_user + connectionTimeout: 10000 + cassandraSslEnabled: false + keystoreLocation: "" + keystorePassword: "" + truststoreLocation: "" + truststorePassword: "" + clusterName: SDC-CS- + readConsistencyLevel: ONE + writeConsistencyLevel: ALL + #replication_strategy_options: dc1,3 + +cassandraConfig: + cassandraHosts: [cassandra-dc1-service.onap] + cassandraPort: 9042 + localDataCenter: dc1 + socketReadTimeout: 20000 + socketConnectTimeout: 20000 + username: asdc_user + password: Aa1234%^! + ssl: false + keystorePath: "" + keystorePassword: false + truststorePath: "" + truststorePassword: "" + +janusgraph: + keyspace: sdctitan + cfgFile: /app/jetty/config/catalog-be/janusgraph.properties + dbCache: + enabled: false + cleanWait: 20 + time: 18000 + size: 0.5 + txCache: + size: '1000000' + storage: + lockRetries: 5 + lockWaitTime: 500 + backend: cql + connectionTimeout: 5000 + graph: + replaceInstance: true + inMemory: false + lockTimeout: 1800 + reconnectInterval: 3 + healthCheckReadTimeout: 8 + +dmaapConsumerConfiguration: + active: false +permittedAncestors: "" +tlsCert: "" +tlsKey: "" +caCert: "" +ONBOARDING_BE: + host: sdc-onboarding-be.onap + httpPort: 8081 + httpsPort: 8445 +dmaapProducerConfiguration: + active: false + hosts: olsd004.com:3905 + topic: SDC-FACADE-NOTIF-v1 + serviceName: dmaap.com:3905/events + environment: TEST + protocol: "" + aftEnvironment: "" + dme2preferredRouterFilePath: "" + username: user1@sdc.com + password: password== +appVersion: "" + +# Distrubution +uebPublicKey: iPIxkpAMI8qTcQj8 +uebSecretKey: Ehq3WyT4bkif4zwgEbvshGal +#distributionNotifTopicName: SDC-DISTR-NOTIF-TOPIC +#distributionStatusTopicName: SDC-DISTR-STATUS-TOPIC +kafkaBootStrapServers: onap-strimzi-kafka-bootstrap:9092 +chefEnvironment: AUTO + +logback: + rootLogLevel: INFO + +jetty: + httpPort: 8080 + httpsPort: 8443 + keystorePath: "" + truststorePath: "" + keystorePassword: "" + truststorePassword: "" + +disableHttp: false +beFqdn: sdc-be.onap +beHttpPort: 8080 +beSslPort: 8443 +basicAuth: + enabled: true + userName: testName + userPass: testPass + +basicAuthConfig: + enabled: false +beInit: + beIp: sdc-be.onap + tlsCert: "" + tlsKey: "" + tlsKeyPw: "" + caCert: "" + +be: + tlsCert: "" + tlsKey: "" + tlsPassword: "" + keystorePath: "" + keystorePassword: "" + caCert: "" + truststorePath: "" + truststorePassword: "" + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 75 + +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 1 + +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 + +# Annotations to control the execution and deletion of the job +# Can be used to delete a job before an Upgrade +# +# jobAnnotations: +# # In case of an ArgoCD deployment this Hook deletes the job before syncing +# argocd.argoproj.io/hook: Sync +# argocd.argoproj.io/hook-delete-policy: BeforeHookCreation +# +# # In case of an Helm/Flux deployment this Hook deletes the job +# # This is what defines this resource as a hook. Without this line, the +# # job is considered part of the release. +# "helm.sh/hook": "pre-upgrade,pre-rollback,post-install" +# "helm.sh/hook-delete-policy": "before-hook-creation" +# "helm.sh/hook-weight": "1" +#END