version:
# Current version of the REST API
api:
- default: v26
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
version:
# Current version of the REST API
api:
- default: v26
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
version:
# Current version of the REST API
api:
- default: v26
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
version:
# Current version of the REST API
api:
- default: v26
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
version:
# Current version of the REST API
api:
- default: v26
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
http:
paths:
- backend:
- serviceName: {{ .name }}
- servicePort: {{ .port }}
+ service:
+ name: {{ .name }}
+ port:
+ {{- if kindIs "string" .port }}
+ name: {{ .port }}
+ {{- else }}
+ number: {{ .port }}
+ {{- end }}
{{- if .path }}
path: {{ .path }}
{{- end }}
+ pathType: ImplementationSpecific
{{- end }}
{{- end -}}
{{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
{{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
{{- if $ingressEnabled }}
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "common.fullname" . }}-ingress
{{- else }}
namespace: {{ include "common.namespace" $dot }}
{{- end }}
+{{- if $dot.Values.metrics.serviceMonitor.labels }}
+labels: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.labels "context" $dot) | nindent 2 }}
+{{- else }}
labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
{{- end -}}
+{{- end -}}
{{/*
Create service monitor template
{{- else }}
port: metrics
{{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.isHttps }}
+ scheme: https
+ {{- if $dot.Values.metrics.serviceMonitor.tlsConfig }}
+ tlsConfig: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.tlsConfig "context" $dot) | nindent 6 }}
+ {{- else }}
+ tlsConfig:
+ insecureSkipVerify: true
+ {{- end }}
+ {{- end }}
{{- if $dot.Values.metrics.serviceMonitor.basicAuth.enabled }}
basicAuth:
username:
key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretUserKey }}
+ {{- if $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }}
+ name: {{ include "common.release" . }}-{{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }}
+ {{- else }}
name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ {{- end }}
password:
key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretPasswordKey }}
+ {{- if $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }}
+ name: {{ include "common.release" . }}-{{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }}
+ {{- else }}
name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ {{- end }}
{{- end }}
{{- if $dot.Values.metrics.serviceMonitor.interval }}
interval: {{ $dot.Values.metrics.serviceMonitor.interval }}
# limitations under the License.
*/}}
-{{- if .Values.backup.enabled }}
+{{- if and .Values.backup.enabled .Values.persistence.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
metadata:
- name: mariadb-galera-backup-init
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{ include "common.containerSecurityContext" . | indent 14 | trim }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ readOnlyRootFilesystem: false
command:
- /bin/bash
- -c
target_dir=/backup/backup-`date +%s`
mkdir -p $target_dir
- mysqlhost={{ include "common.servicename" . }}.{{ include "common.namespace" . }}
+ mysqlhost={{ include "common.fullname" . }}-0.{{ include "common.servicename" . }}-headless.{{ include "common.namespace" . }}
mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: data
+ mountPath: /bitnami/mariadb
containers:
- name: mariadb-backup-validate
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{ include "common.containerSecurityContext" . | indent 14 | trim }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ readOnlyRootFilesystem: false
env:
- - name: MYSQL_ROOT_PASSWORD
+ - name: MARIADB_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 18 }}
command:
- /bin/bash
fi
target_dir=$(ls -td -- /backup/backup-* | head -n 1)
- cp -Ra $target_dir/* /var/lib/mysql/
+ cp -Ra $target_dir/* /bitnami/mariadb/data
- if [ ! "$(ls -A /var/lib/mysql)" ]; then
+ if [ ! "$(ls -A /bitnami/mariadb/data)" ]; then
remove_dir $target_dir
exit 0
fi
- /docker-entrypoint.sh mysqld &
+ /opt/bitnami/scripts/mariadb/entrypoint.sh /opt/bitnami/scripts/mariadb/run.sh &
count=0
- until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1";
+ until mysql --user=root --password=$MARIADB_ROOT_PASSWORD -e "SELECT 1";
do sleep 3;
count=`expr $count + 1`;
if [ $count -ge 30 ]; then
fi;
done
- mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log
+ mysqlcheck -A --user=root --password=$MARIADB_ROOT_PASSWORD > /tmp/output.log
error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l`
cat /tmp/output.log
fi
resources: {{ include "common.resources" . | nindent 12 }}
volumeMounts:
+ - mountPath: /bitnami/mariadb/data
+ name: tmp-data
+ - mountPath: /opt/bitnami/mariadb/tmp
+ name: tmp
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: localtime
hostPath:
path: /etc/localtime
+ - name: data
+ persistentVolumeClaim:
+ {{- if .Values.persistence.existingClaim }}
+ claimName: {{ .Values.persistence.existingClaim }}
+ {{- else }}
+ claimName: {{ include "common.fullname" . }}-{{ include "common.fullname" . }}-0
+ {{- end }}
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: tmp-data
+ emptyDir: {}
+ - name: tmp
+ emptyDir: {}
{{- end }}
# password:
# externalSecret:
+## The backup job will mount the mariadb data pvc in order to run mariabackup.
+## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
backup:
enabled: false
cron: "00 00 * * *"
##
annotations:
## Persistent Volume Access Mode
+ ## Use ReadWriteMany if backup is enabled, see backup section.
##
accessMode: ReadWriteOnce
## Persistent Volume size
{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
the DCAE microservice image.
The Deployment Pod may also include a logging sidecar container.
-The sidecar is included if .Values.logDirectory is set. The
+The sidecar is included if .Values.log.path is set. The
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
-{{- $logDir := default "" .Values.log.path -}}
+{{- $log := default dict .Values.log -}}
+{{- $logDir := default "" $log.path -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
{{- $commonRelease := print (include "common.release" .) -}}
# ================================ LICENSE_START ==========================
# =========================================================================
# Copyright (c) 2021 Nordix Foundation.
+# Copyright (c) 2022 Nokia. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.7.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
readinessCheck:
wait_for:
containers:
- - dcae-config-binding-service
- aaf-cm
- dmaap-bc
- dmaap-provisioning-job
plain_port: 8100
port_protocol: http
-# Environment variables
-applicationEnv:
-# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
-# It's a workaround because DMAAP specific env variables are not available in main container.
- CBS_CLIENT_CONFIG_PATH: ''
-
# Data Router Publisher Credentials
drPubscriberCreds:
username: username
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-datalake-postgres
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-heartbeat-postgres
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Probe Configuration
# ================================ LICENSE_START ==========================
# =========================================================================
# Copyright (C) 2021 Nordix Foundation.
+# Copyright (c) 2022 Nokia. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
readinessCheck:
wait_for:
containers:
- - dcae-config-binding-service
- aaf-cm
- dmaap-bc
- dmaap-provisioning-job
# Initial Application Configuration
applicationConfig:
enable_tls: true
- enable_http: false
- aaf_identity: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
+ enable_http: true
+ aaf_identity: ""
+ aaf_password: ""
pm-mapper-filter: "{ \"filters\":[] }"
- key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
- key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
- trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
- trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
+ key_store_path: ""
+ key_store_pass_path: ""
+ trust_store_path: ""
+ trust_store_pass_path: ""
dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
location: san-francisco
client_role: org.onap.dcae.pmPublisher
- topic_url: http://message-router:3904/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
streams_subscribes:
dmaap_subscriber:
type: data_router
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
+image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-pmsh-postgres
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Probe Configuration
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-sliceanalysisms-postgres
# and key from AAF and mount them in certDirectory.
tlsServer: true
+
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
+ - message-router
# Probe Configuration
readiness:
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-sonhms-postgres
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
-# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021-2022 Nokia. All rights reserved.
# Copyright (c) 2022 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.3
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Service Configuration
# application environments
applicationEnv:
LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true'
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '10000' # Workaround until DCAEGEN2-3098 is addressed
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# Initial Application Configuration
applicationConfig:
# Use to override default setting in blueprints
componentImages:
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0
# Resource Limit flavor -By Default using small
config:
cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
- enabled: true
+ enabled: false
dcae-dashboard:
enabled: false
config:
config:
cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
- enabled: true
+ enabled: false
dcae-inventory-api:
enabled: false
dcae-policy-handler:
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Istanbul"
+appVersion: "Jakarta"
description: TBD
name: TBD
version: TBD
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+ - name: mongo
+ version: ~10.x-0
+ repository: '@local'
+ condition: mongo.enabled
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
postgres:
enabled: false
+#mongo enable/disable
+mongo:
+ enabled: false
+ nameOverride: dcae-mongo
+ config:
+ dbName: dcaecommondb
+ service:
+ name: dcae-mongohost
+ internalPort: 27017
+ nfsprovisionerPrefix: dcaemongo
+ sdnctlPrefix: tcagen2
+ persistence:
+ mountSubPath: dcae/mongo/data
+ enabled: true
+ disableNfsProvisioner: true
+
# log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
#logDirectory: TBD #/opt/app/VESCollector/logs #DONE
+# Following requires manual override until fix for DCAEGEN2-3087
+# is available to switch logDirectory setting to log.path
+log:
+ path: /opt/app/
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
# directory where TLS certs should be stored
# if absent, no certs will be retrieved and stored
#certDirectory: TBD #/opt/app/dcae-certificate #DONE
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration #NEED DISCUSSION
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.1
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.2
# Resource Limit flavor -By Default using small
flavor: small
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.9
+image: onap/dmaap/datarouter-node:2.1.10
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.9
+image: onap/dmaap/datarouter-prov:2.1.10
pullPolicy: Always
# flag to enable debugging - application support required
vfc:
enabled: true
vid:
- enabled: true
+ enabled: false
vnfsdk:
enabled: true
modeling:
# default password complexity
# available options: phrase, name, pin, basic, short, medium, long, maximum security
- # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
passwordStrength: long
# configuration to set log level to all components (the one that are using
keyPrefix: conductor
flavor: *etcd-flavor
resources: *etcd-resources
+
+# Python doesn't support well dollar sign in password
+passwordStrengthOverride: basic
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
nameOverride: policy-apex-pdp
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-apex-pdp
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-apex-pdp-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
nameOverride: policy-api
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-api-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
logging:
# Configuration of logging
level:
- ROOT: ERROR
+ ROOT: INFO
org.springframework: ERROR
org.springframework.data: ERROR
org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
chart:
api:
- enabled: false
\ No newline at end of file
+ enabled: false
+
+# Sample Permitted list of helm repositories. Before deployment update the repositories where the helm charts are located.
+# The Kubernetes participant accept only HTTPS Address
+helm:
+ repos:
+ -
+ repoName: bitnami
+ address: https://charts.bitnami.com/bitnami
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
nameOverride: policy-distribution
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-distribution
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-distribution-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
nameOverride: policy-pap
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: http-api
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-pap-user-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
nameOverride: policy-xacml-pdp
roles:
- read
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-xacml-pdp
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'