# Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for aai. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 repository: nexus3.onap.org:10001 dockerhubRepository: docker.io busyboxImage: busybox readinessImage: onap/oom/readiness:6.0.3 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 restartPolicy: Always msbEnabled: false centralizedLoggingEnabled: false cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false # in case of a local cassandra cluster # flag to enable the DB creation via k8ssandra-operator useOperator: true # if useOperator set to "true", set "enableServiceAccount to "false" # as the SA is created by the Operator enableServiceAccount: false #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. #in case of using k8ssandra-operator in the common cassandra installation #the service name is: serviceName: cassandra-dc1-service #in case of local k8ssandra-operator instance it is #serviceName: aai-cassandra-dc1-service #in case the older cassandra installation is used: #serviceName: cassandra #This should be same as shared cassandra instance or if localCluster is enabled #then it should be same as aai-cassandra replicaCount replicas: 3 #Cassandra login details username: cassandra password: cassandra #Cassandra datacenter name localDataCenter: dc1 # The name of Cassandra cluster's partitioner. # It will be retrieved by client if not provided. # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql partitionerName: org.apache.cassandra.dht.Murmur3Partitioner aai: serviceName: aai babel: serviceName: aai-babel aaiElasticsearch: serviceName: aai-elasticsearch resources: serviceName: aai-resources sparkyBe: serviceName: aai-sparky-be modelloader: serviceName: aai-modelloader searchData: serviceName: aai-search-data traversal: serviceName: aai-traversal graphadmin: serviceName: aai-graphadmin initContainers: enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules createSchema: enabled: true # When enabled, it will create the widget models via REST API to haproxy updateQueryData: enabled: true #migration using helm hooks migration: enabled: false remoteCassandra: enabled: false storage: backend: cassandra hostname: 10.10.10.10 connectionTimeout: 100000 cacheSize: 1000000 keyConsistent: true #If backend is cql or cassandra it should be keyspace name #else backend is hbase it should be hbase table name name: aaigraph ## CQL driver specific properties for janusgraph # cql: # #Name of the Cassandra Cluster # cluster: someclustername # readConsistency: QUORUM # writeConsistency: QUORUM # replicationFactor: 3 # localConsistencyForSysOps: true ## Cassandra driver specific properties for janusgraph cassandra: #Name of the Cassandra Cluster clusterName: aai-cluster localDataCenter: Pod lab readConsistency: LOCAL_QUORUM writeConsistency: LOCAL_QUORUM replicationFactor: 3 #storage: # backend: cassandra # hostname: somehost1,somehost2,somehost3 # connectionTimeout: 100000 # cacheSize: 1000000 # clusterName: someClusterName # localDataCenter: someDataCenter # keyConsistent: true # #If backend is cql or cassandra it should be keyspace name # #else backend is hbase it should be hbase table name # name: your_hbase_table_or_keyspace_name ## CQL driver specific properties for janusgraph # cql: # #Name of the Cassandra Cluster # cluster: someclustername # readConsistency: QUORUM # writeConsistency: QUORUM # replicationFactor: 3 # localConsistencyForSysOps: true ## Cassandra driver specific properties for janusgraph # cassandra: # #Name of the Cassandra Cluster # cluster: someclustername # readConsistency: LOCAL_QUORUM # writeConsistency: LOCAL_QUORUM # replicationFactor: 3 # Common configuration for resources traversal and graphadmin config: # User information for the admin user in container userId: 1000 groupId: 1000 # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true # If cluster.cassandra.dynamic is set to false # Then the following configuration should be uncommented # This is if you are planning to connect to a existing # Cassandra cluster instead of doing the deployment #storage: # backend: cassandra # hostname: somehost1,somehost2,somehost3 # connectionTimeout: 100000 # cacheSize: 1000000 # clusterName: someClusterName # localDataCenter: someDataCenter # keyConsistent: true # # If backend is cql or cassandra it should be keyspace name # # else backend is hbase it should be hbase table name # name: your_hbase_table_or_keyspace_name # # CQL driver specific properties for janusgraph # cql: # # Name of the Cassandra Cluster # cluster: someclustername # readConsistency: QUORUM # writeConsistency: QUORUM # replicationFactor: 3 # localConsistencyForSysOps: true # # Cassandra driver specific properties for janusgraph # cassandra: # # Name of the Cassandra Cluster # cluster: someclustername # readConsistency: LOCAL_QUORUM # writeConsistency: LOCAL_QUORUM # replicationFactor: 3 # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI # Active spring profiles for the resources microservice # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: active: production,kafka #,aaf-auth # Notification event specific properties notification: eventType: AAI-EVENT domain: dev # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth # will be set to no-auth if tls is disabled service: client: no-auth # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service translator: list: schema-service source: # Specifies which folder to take a look at name: onap uri: # Base URI Path of the application base: path: /aai version: # Current version of the REST API api: default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 # Specifies from which version the app root change happened app: root: v11 # Specifies from which version the xml namespace changed namespace: change: v12 # Specifies from which version the edge label appeared in API edge: label: v12 # Keystore configuration password and filename keystore: filename: aai_keystore passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Truststore configuration password and filename truststore: filename: aai_keystore passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Specifies a list of files to be included in auth volume auth: files: - aai_keystore # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete # Logback debug enabled logback: console: # If enabled, container will print all logback to standard output # This will make debugging much easier but it should only be done # when debugging the issue and changed back as it can affect performance # since when this is enabled, it prints a lot of information to console enabled: false aai-babel: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-graphadmin: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-modelloader: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-resources: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-schema-service: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-sparky-be: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' aai-traversal: logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' # application image dockerhubRepository: registry.hub.docker.com image: onap/aai-haproxy:1.15.2 pullPolicy: Always flavor: small # flag to enable debugging - application support required debugEnabled: false # application configuration config: logstashServiceName: log-ls logstashPort: 5044 # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file. # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same. NAME_SERVER: coredns.kube-system # default number of instances replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment revisionHistoryLimit: 2 updateStrategy: type: RollingUpdate maxUnavailable: 33% maxSurge: 1 nodeSelector: {} affinity: {} # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns haproxy: initContainers: resources: cpu: "50m" memory: "500Mi" requestBlocking: enabled: false customConfigs: [] replicas: aaiResources: 3 aaiTraversal: 3 # stickiness based on path. # For multiple replicas, requests will not be distributed evenly stickOnPath: true # probe configuration parameters liveness: initialDelaySeconds: 10 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true #This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use. #Below command will instantiate the aai cassandra instances: #helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \ # --set aai.global.cassandra.localCluster=true \ # --set aai.global.cassandra.serviceName=aai-cassandra cassandra: nameOverride: aai-cassandra serviceAccount: nameOverride: aai-cassandra replicaCount: 3 service: name: aai-cassandra persistence: mountSubPath: aai/cassandra enabled: true k8ssandraOperator: config: clusterName: aai-cassandra readiness: initialDelaySeconds: 10 periodSeconds: 10 service: type: NodePort portName: http externalPort: 80 internalPort: 8080 nodePort: 33 sessionAffinity: None metricsService: type: ClusterIP portName: http-pro externalPort: 8448 internalPort: 8448 metrics: serviceMonitor: enabled: true targetPort: 8448 path: /metrics basicAuth: enabled: false selector: app: '{{ include "common.name" . }}-metrics' helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' app.kubernetes.io/instance: '{{ include "common.release" . }}' app.kubernetes.io/managed-by: '{{ .Release.Service }}' relabelings: [] metricRelabelings: [] ingress: enabled: false service: - baseaddr: "aai-api" name: "aai" port: 80 config: ssl: "redirect" serviceMesh: authorizationPolicy: authorizedPrincipalsMetrics: [] authorizedPrincipals: - serviceAccount: aai-graphadmin-read - serviceAccount: aai-modelloader-read - serviceAccount: aai-resources-read - serviceAccount: aai-schema-service-read - serviceAccount: aai-traversal-read - serviceAccount: cds-blueprints-processor-read - serviceAccount: consul-read - serviceAccount: dcae-prh-read - serviceAccount: dcae-slice-analysis-ms-read - serviceAccount: dcae-tcagen2 - serviceAccount: nbi-read - serviceAccount: sdnc-read - serviceAccount: so-read - serviceAccount: so-bpmn-infra-read - serviceAccount: so-cnf-adapter-read - serviceAccount: so-nssmf-adapter-read - serviceAccount: so-etsi-nfvo-ns-lcm-read - serviceAccount: so-etsi-sol003-adapter-read - serviceAccount: so-openstack-adapter-read - serviceAccount: so-sdc-controller-read - serviceAccount: so-ve-vnfm-adapter - serviceAccount: istio-ingress namespace: istio-ingress resources: small: limits: cpu: "2" memory: "4Gi" requests: cpu: "500m" memory: "1200Mi" large: limits: cpu: "4" memory: "8Gi" requests: cpu: "1" memory: "2400Mi" unlimited: {} #Pods Service Account serviceAccount: nameOverride: aai roles: - read securityContext: user_id: 99 group_id: 99 readinessCheck: wait_for: services: - aai-resources - aai-traversal - aai-graphadmin volumes: haProxySizeLimit: 20Mi podAnnotations: checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'