# ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. # Modifications Copyright © 2022 Nordix Foundation # Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefixExt: 304 persistence: {} postgres: localCluster: false ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: db-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required - uid: restserver-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - uid: api-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.healthCheckRestClient.api.user }}' password: '{{ .Values.healthCheckRestClient.api.password }}' passwordPolicy: required - uid: distribution-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required - uid: policy-kafka-user externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' type: genericKV envs: - name: sasl.jaas.config value: '{{ .Values.config.someConfig }}' policy: generate ################################################################# # Application configuration defaults. ################################################################# # application image image: onap/policy-pap:3.1.3 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false # application configuration db: user: policy-user password: policy_user service: name: policy-mariadb pgName: policy-pg-primary internalPort: 3306 internalPgPort: 5432 restServer: user: policyadmin password: zb!XztG34 healthCheckRestClient: api: user: policyadmin password: none distribution: user: healthcheck password: zb!XztG34 # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true port: http-api readiness: initialDelaySeconds: 10 periodSeconds: 120 port: http-api api: /policy/pap/v1/healthcheck successThreshold: 1 failureThreshold: 3 timeout: 60 service: type: ClusterIP name: policy-pap ports: - name: http-api port: 6969 - name: debug-port port: 5005 protocol: TCP ingress: enabled: false serviceMesh: authorizationPolicy: authorizedPrincipals: - serviceAccount: strimzi-kafka-read - serviceAccount: portal-app-read flavor: small resources: small: limits: cpu: "1" memory: "1Gi" requests: cpu: "0.5" memory: "1Gi" large: limits: cpu: "2" memory: "2Gi" requests: cpu: "1" memory: "2Gi" unlimited: {} securityContext: user_id: 100 group_id: 102 dirSizes: emptyDir: sizeLimit: 1Gi logDir: sizeLimit: 500Mi #Pods Service Account serviceAccount: nameOverride: policy-pap roles: - read metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. # The default operator for prometheus enforces the below label. labels: release: prometheus enabled: true port: http-api interval: 60s isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-pap-user-creds externalSecretUserKey: login externalSecretPasswordKey: password # application configuration config: # Event consumption (kafka) properties kafka: topics: policyHeartbeat: policy-heartbeat policyNotification: policy-notification policyPdpPap: policy-pdp-pap consumer: groupId: policy-pap app: listener: policyPdpPapTopic: policy-pdp-pap # If targeting a custom kafka cluster, ie useStrimziKakfa: false # uncomment below config and target your kafka bootstrap servers, # along with any other security config. # # eventConsumption: # spring.kafka.bootstrap-servers: :9092 # spring.kafka.security.protocol: PLAINTEXT # spring.kafka.consumer.group-id: policy-group # # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. kafkaUser: authenticationType: scram-sha-512 acls: - name: policy-pap type: group operations: [Create, Describe, Read, Write] - name: policy-pdp-pap type: topic patternType: prefix operations: [Create, Describe, Read, Write] - name: policy-heartbeat type: topic patternType: prefix operations: [Create, Describe, Read, Write] - name: policy-notification type: topic patternType: prefix operations: [Create, Describe, Read, Write]