#============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021-2022 Nokia. All rights reserved. # Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2022 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2024 Deutsche Telekom Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 nodePortPrefixExt: 304 centralizedLoggingEnabled: true ################################################################# # Filebeat configuration defaults. ################################################################# filebeatConfig: logstashServiceName: log-ls logstashPort: 5044 ################################################################# # initContainer images. ################################################################# certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.12.4 pullPolicy: Always # log directory where logging sidecar should look for log files # if path is set to null sidecar won't be deployed in spite of # global.centralizedLoggingEnabled setting. log: path: /opt/app/VESCollector/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored # if absent, no certs will be retrieved and stored certDirectory: /opt/app/dcae-certificate # CMPv2 certificate # It is used only when: # - certDirectory is set # - global cmpv2Enabled flag is set to true # - flag useCmpv2Certificates is set to true # Disabled by default useCmpv2Certificates: false certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector dnsNames: - dcae-ves-collector - ves-collector - ves keystore: outputType: - jks passwordSecretRef: name: ves-cmpv2-keystore-password key: password create: true # probe configuration readiness: initialDelaySeconds: 5 periodSeconds: 15 path: /healthcheck scheme: HTTP port: 8080 liveness: initialDelaySeconds: 5 periodSeconds: 15 path: /healthcheck scheme: HTTP port: 8080 # service configuration service: type: NodePort name: dcae-ves-collector ports: - name: http port: 8443 plain_port: 8080 port_protocol: http nodePort: 17 useNodePortExt: true ingress: enabled: false service: - baseaddr: "dcae-ves-collector-api" name: "dcae-ves-collector" port: 8443 plain_port: 8080 config: ssl: "redirect" serviceMesh: authorizationPolicy: authorizedPrincipals: - serviceAccount: istio-ingress namespace: istio-ingress # application environments applicationEnv: CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true' BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092' JAAS_CONFIG: externalSecret: true externalSecretUid: '{{ include "common.name" . }}-ku' key: sasl.jaas.config # Strimzi Kafka config kafkaUser: acls: - name: unauthenticated.VES_PNFREG_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.VES_NOTIFICATION_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_HEARTBEAT_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_OTHER_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_FAULT_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.VES_MEASUREMENT_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] - name: unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT type: topic patternType: literal operations: [Write, DescribeConfigs] kafkaTopic: - name: unauthenticated.VES_PNFREG_OUTPUT strimziTopicName: unauthenticated.ves-pnfreg-output - name: unauthenticated.VES_NOTIFICATION_OUTPUT strimziTopicName: unauthenticated.ves-notification-output - name: unauthenticated.SEC_HEARTBEAT_OUTPUT strimziTopicName: unauthenticated.sec-heartbeat-output - name: unauthenticated.SEC_OTHER_OUTPUT strimziTopicName: unauthenticated.sec-other-output - name: unauthenticated.SEC_FAULT_OUTPUT strimziTopicName: unauthenticated.sec-fault-output - name: unauthenticated.VES_MEASUREMENT_OUTPUT strimziTopicName: unauthenticated.ves-measurment-output - name: unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT strimziTopicName: unauthenticated.sec-3gpp-faultsupervision-output - name: unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT strimziTopicName: unauthenticated.sec-3gpp-provisioning-output - name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT strimziTopicName: unauthenticated.sec-3gpp-heartbeat-output - name: unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT strimziTopicName: unauthenticated.sec-3gpp-performanceassurance-output # initial application configuration applicationConfig: collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurement=ves-measurement|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|3GPP-FaultSupervision=ves-3gpp-fault-supervision|3GPP-Heartbeat=ves-3gpp-heartbeat|3GPP-Provisioning=ves-3gpp-provisioning|3GPP-PerformanceAssurance=ves-3gpp-performance-assurance collector.inputQueue.maxPending: "8096" collector.keystore.file.location: /opt/app/dcae-certificate/cert.jks collector.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass collector.truststore.file.location: /opt/app/dcae-certificate/trust.jks collector.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass collector.schema.checkflag: "1" collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2.1_ONAP.json\"}" collector.externalSchema.checkflag: 1 collector.externalSchema.schemasLocation: "./etc/externalRepo/" collector.externalSchema.mappingFileLocation: "./etc/externalRepo/schema-map.json" event.externalSchema.schemaRefPath: $.event.stndDefinedFields.schemaReference event.externalSchema.stndDefinedDataPath: $.event.stndDefinedFields.data collector.service.port: "8080" collector.service.secure.port: "8443" event.transform.flag: "0" auth.method: "noAuth" header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" services_calls: [] streams_publishes: ves-fault: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT" type: message_router ves-measurement: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT" type: message_router ves-notification: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT" type: message_router ves-pnfRegistration: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.VES_PNFREG_OUTPUT" type: message_router ves-heartbeat: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT" type: message_router ves-other: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_OTHER_OUTPUT" type: message_router ves-3gpp-fault-supervision: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT" type: message_router ves-3gpp-provisioning: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT" type: message_router ves-3gpp-heartbeat: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT" type: message_router ves-3gpp-performance-assurance: dmaap_info: topic_url: "http://message-router:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT" type: message_router collector.dynamic.config.update.frequency: "5" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) resources: small: limits: cpu: "2" memory: "1.5Gi" requests: cpu: "1" memory: "1.5Gi" large: limits: cpu: "4" memory: "3Gi" requests: cpu: "2" memory: "3Gi" unlimited: {} #Pods Service Account serviceAccount: nameOverride: dcae-ves-collector roles: - read # Pod Security context podSecurityContext: runAsGroup: 1000 runAsUser: 100 fsGroup: 1000 seccompProfile: type: RuntimeDefault # Container Security context containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - CAP_NET_RAW readOnlyRootFilesystem: true runAsNonRoot: true # Flag which can be used to put VES-COLLECTOR specific properties in template ves: true # VES-COLLECTOR volumes externalVolumes: - name: ves-collector-etc type: emptyDir sizeLimit: 50Mi mountPath: /opt/app/VESCollector/etc # VES-COLLECTOR pod annotations podAnnotations: sidecar.istio.io/rewriteAppHTTPProbers: "false" # Resources for init container copy-etc copyEtc: resources: limits: cpu: 100m memory: 128Mi requests: cpu: 30m memory: 32Mi