From d425867ae1c52a9b31a06f1dea8810c1c7a0af65 Mon Sep 17 00:00:00 2001
From: jhh <jorge.hernandez-herrero@att.com>
Date: Sun, 9 Aug 2020 12:08:08 -0500
Subject: [POLICY] certInit support + refactoring

Several changes are including in this patch:
- certInitializer support (POLICY-2615, REQ-361)
- renamed policy objects to start with "policy-"
  prefix (POLICY-1000)
- add resources section to components that did not
  have or had it incorrectly set up rendering null
  (POLICY-2502)
- Removal of legacy policy-engine components (POLICY-2743)
- Miscellaneous refactoring of charts (POLICY-2745)
- update pdp legacy reference to policy-xacml-pdp from
  pdp (legacy)

Issue-ID: POLICY-2615
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
---
 .../policy/components/policy-pap/values.yaml       | 179 +++++++++++++++++++++
 1 file changed, 179 insertions(+)
 create mode 100755 kubernetes/policy/components/policy-pap/values.yaml

(limited to 'kubernetes/policy/components/policy-pap/values.yaml')

diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
new file mode 100755
index 0000000000..9c0f13b622
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -0,0 +1,179 @@
+#  ============LICENSE_START=======================================================
+#   Copyright (C) 2019 Nordix Foundation.
+#   Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+#   Modifications Copyright (C) 2020 Bell Canada.
+#  ================================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#  ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefixExt: 304
+  persistence: {}
+  envsubstImage: dibi/envsubst
+  aafEnabled: true
+  readinessRepository: oomk8s
+  readinessImage: readiness-check:2.0.0
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+  - uid: restserver-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+    login: '{{ .Values.restServer.user }}'
+    password: '{{ .Values.restServer.password }}'
+    passwordPolicy: required
+  - uid: api-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+    login: '{{ .Values.healthCheckRestClient.api.user }}'
+    password: '{{ .Values.healthCheckRestClient.api.password }}'
+    passwordPolicy: required
+  - uid: distribution-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
+    login: '{{ .Values.healthCheckRestClient.distribution.user }}'
+    password: '{{ .Values.healthCheckRestClient.distribution.password }}'
+    passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+  nameOverride: policy-pap-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
+  cadi_latitude: "0.0"
+  cadi_longitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass
+    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-pap:2.3.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+  user: policy_user
+  password: policy_user
+  service:
+    name: policy-mariadb
+    internalPort: 3306
+
+restServer:
+  user: healthcheck
+  password: zb!XztG34
+
+healthCheckRestClient:
+  api:
+    user: healthcheck
+    password: zb!XztG34
+  distribution:
+    user: healthcheck
+    password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+  port: http-api
+
+readiness:
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  port: http-api
+
+service:
+  type: ClusterIP
+  name: policy-pap
+  useNodePortExt: true
+  ports:
+  - name: http-api
+    port: 6969
+    nodePort: 42
+
+ingress:
+  enabled: false
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 200m
+      memory: 2Gi
+  unlimited: {}
+
-- 
cgit 1.2.3-korg