diff options
Diffstat (limited to 'kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs')
-rw-r--r-- | kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml | 62 |
1 files changed, 55 insertions, 7 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml index d53e8fdfde..d4ee73e303 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml @@ -27,21 +27,33 @@ application_config: # parallelize requests to policy-engine and keep them alive pool_connections : 20 - # list of policyName prefixes (filters) that DCAE-Controller handles (=ignores any other policyName values) - scope_prefixes : ["DCAE.Config_"] - # retry to getConfig from policy-engine on policy-update notification policy_retry_count : 5 policy_retry_sleep : 5 + # config of automatic catch_up for resiliency + catch_up : + # interval in seconds on how often to call automatic catch_up + # example: 1200 is 20*60 seconds that is 20 minutes + interval : 1200 + + # config of periodic reconfigure-rediscover for adaptability + reconfigure: + # interval in seconds on how often to call automatic reconfigure + # example: 600 is 10*60 seconds that is 10 minutes + interval : 600 + # policy-engine config # These are the url of and the auth for the external system, namely the policy-engine (PDP). # We obtain that info manually from PDP folks at the moment. # In long run we should figure out a way of bringing that info into consul record # related to policy-engine itself. + # - k8s specific routing to policy-engine by hostname "pdp" + # - relying on dns to resolve hostname "pdp" to ip address + # - expecing to find "pdp" as the hostname in server cert from policy-engine policy_engine : - url : "http://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081" - path_pdp : "/pdp/" + url : "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081" + path_notifications : "/pdp/notifications" path_api : "/pdp/api/" headers : Accept : "application/json" @@ -50,5 +62,41 @@ application_config: Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw==" Environment : "TEST" target_entity : "policy_engine" - # name of deployment-handler service in consul for policy-handler to direct the policy-updates to - deploy_handler : "deployment_handler" + # optional tls_ca_mode specifies where to find the cacert.pem for tls + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" + # optional tls_wss_ca_mode specifies the same for the tls based web-socket + tls_wss_ca_mode : "cert_directory" + # deploy_handler config + # changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0 + deploy_handler : + # name of deployment-handler service used by policy-handler for logging + target_entity : "deployment_handler" + # url of the deployment-handler service for policy-handler to direct the policy-updates to + # - expecting dns to resolve the hostname deployment-handler to ip address + url : "http://deployment-handler:8188" + # limit the size of a single data segment for policy-update messages + # from policy-handler to deployment-handler in megabytes + max_msg_length_mb : 5 + query : + # optionally specify the tenant name for the cloudify under deployment-handler + # if not specified the "default_tenant" is used by the deployment-handler + cfy_tenant_name : "default_tenant" + # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification + # can be one of these: + # "cert_directory" - use the cacert.pem stored locally in cert_directory. + # this is the default if cacert.pem file is found + # + # "os_ca_bundle" - use the public ca_bundle provided by linux system. + # this is the default if cacert.pem file not found + # + # "do_not_verify" - special hack to turn off the verification by cacert and hostname + tls_ca_mode : "cert_directory" + |