# Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright (c) 2020 Nokia # Modifications Copyright (c) 2021 Orange # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for traversal. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 kafkaBootstrap: strimzi-kafka-bootstrap aaiTravKafkaUser: aai-trav-kafka-user cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra # Cassandra datacenter name localDataCenter: dc1 # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules createSchema: enabled: true # When enabled, it will create the widget models via REST API to haproxy updateQueryData: enabled: true #migration using helm hooks migration: enabled: false # Common configuration for resources traversal and graphadmin config: # User information for the admin user in container userId: 1000 groupId: 1000 # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI # Active spring profiles for the resources microservice profiles: active: production,kafka # Notification event specific properties notification: eventType: AAI-EVENT domain: dev # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth service: client: no-auth # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service source: # Specifies which folder to take a look at name: onap uri: # Base URI Path of the application base: path: /aai version: # Current version of the REST API api: default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 # Specifies from which version the app root change happened app: root: v11 # Specifies from which version the xml namespace changed namespace: change: v12 # Specifies from which version the edge label appeared in API edge: label: v12 # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}' someConfig: random # application image image: onap/aai-traversal:1.14.7 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: type: RollingUpdate # The number of pods that can be unavailable during the update process maxUnavailable: 0 # The number of pods that can be created above the desired amount of pods during an update maxSurge: 1 api_list: - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 22 - 23 - 24 - 25 - 26 - 27 - 28 - 29 aai_enpoints: - name: aai-generic-query url: search/generic-query - name: aai-nodes-query url: search/nodes-query - name: aai-nquery url: query # application configuration config: # configure keycloak according to your environment. # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: host: keycloak.your.domain port: 8180 # Specifies a set of users, credentials, roles, and groups realm: aai-traversal # Used by any client application for enabling fine-grained authorization for their protected resources resource: aai-traversal-app # If set to true, additional criteria will be added into traversal query to returns all the vertices that match # the data-owner property with the given role to the user in keycloak multiTenancy: enabled: true janusgraph: caching: # enable when running read-heavy workloads # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache # modifications to graph done by other services (traversal) will only be visible # after time specified in db-cache-time enabled: true # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching dbCacheTime: 180000 # in milliseconds dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running dbCacheCleanWait: 20 # in milliseconds # temporarily enable this to update the graph storage version # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9 allowUpgrade: true # Specifies timeout information such as application specific and limits timeout: # If set to true application will timeout for queries taking longer than limit enabled: true # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1 # Specifies how long should it wait before timing out the REST request limit: 180000 # environment variables added to the launch of the image in deployment env: MIN_HEAP_SIZE: "512m" MAX_HEAP_SIZE: "2g" MAX_METASPACE_SIZE: "512m" # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" # adds jvm args for remote debugging the application debug: enabled: false args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" # adds jvm args for remote profiling the application profiling: enabled: false args: - "-Dcom.sun.management.jmxremote" - "-Dcom.sun.management.jmxremote.ssl=false" - "-Dcom.sun.management.jmxremote.authenticate=false" - "-Dcom.sun.management.jmxremote.local.only=false" - "-Dcom.sun.management.jmxremote.port=9999" - "-Dcom.sun.management.jmxremote.rmi.port=9999" - "-Djava.rmi.server.hostname=127.0.0.1" # Disables the updateQueryData script to run as part of traversal disableUpdateQuery: true # Override of the DSL Timeout Limit dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA' dsl: # Dsl timeout configuration timeout: # Whether or not the dsl is enabled enabled: true # Default time limit of the DSL query limit: 150000 # App Specific Timeout Limit for each of the X-FromAppId appspecific: - JUNITTESTAPP1,1 - JUNITTESTAPP2,-1 - AAI-TOOLS,-1 - DCAE-CCS,1200000 - DCAES,1200000 - VPESAT,-1 - AAI-CACHER,-1 - VidAaiController,300000 - AAI-UI,180000 persistence: mountPath: /dockerdata-nfs mountSubPath: aai/aai-traversal # default number of instances replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment revisionHistoryLimit: 2 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 periodSeconds: 60 enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 service: type: ClusterIP traversalPortName: http traversalPort: 8446 debugPortName: tcp-5005 debugPort: 5005 metricsPortName: metrics metricsPort: 8448 profilingPortName: jmx-9999 profilingPort: 9999 terminationGracePeriodSeconds: 30 sessionAffinity: None ingress: enabled: false serviceMesh: authorizationPolicy: authorizedPrincipals: - serviceAccount: aai-read - serviceAccount: consul-read # To make logback capping values configurable logback: logToFileEnabled: false maxHistory: 7 totalSizeCap: 6GB queueSize: 1000 accessLogback: logToFileEnabled: false livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes maxHistory: 7 totalSizeCap: 6GB # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: small: limits: cpu: "2" memory: "4Gi" requests: cpu: "1" memory: "3Gi" large: limits: cpu: "4" memory: "8Gi" requests: cpu: "2" memory: "4Gi" unlimited: {} tracing: collector: baseUrl: http://jaeger-collector.istio-system:9411 sampling: probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) ignorePatterns: - /aai/util.* endpoints: enabled: true health: enabled: true info: enabled: true metrics: serviceMonitor: enabled: false targetPort: 8448 path: /actuator/prometheus basicAuth: enabled: false externalSecretName: mysecretname externalSecretUserKey: login externalSecretPasswordKey: password ## Namespace in which Prometheus is running ## # namespace: monitoring ## Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## #interval: 30s ## Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## # scrapeTimeout: 10s ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## selector: app: '{{ include "common.name" . }}' chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## relabelings: [] ## MetricRelabelConfigs to apply to samples before ingestion ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## metricRelabelings: [] # - sourceLabels: # - "__name__" # targetLabel: "__name__" # action: replace # regex: '(.*)' # replacement: 'example_prefix_$1' #Pods Service Account serviceAccount: nameOverride: aai-traversal roles: - read #Log configuration log: path: /var/log/onap level: root: DEBUG base: DEBUG # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: aai-trav-kafka-user externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' type: genericKV envs: - name: sasl.jaas.config value: '{{ .Values.config.someConfig }}' policy: generate kafkaUser: authenticationType: scram-sha-512 acls: - name: AAI-EVENT type: topic operations: [Read, Write]