1 # Copyright © 2019 Amdocs, Bell Canada
2 # Copyright (c) 2020 Nordix Foundation, Modifications
3 # Modifications Copyright © 2020-2021 Nokia
4 # Modifications Copyright © 2023 Nordix Foundation
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 #################################################################
19 # Global configuration overrides.
21 # These overrides will affect all helm charts (ie. applications)
22 # that are listed below and are 'enabled'.
23 #################################################################
25 # Change to an unused port prefix range to prevent port conflicts
26 # with other instances running within the same k8s cluster
28 nodePortPrefixExt: 304
31 # Four different repositories are used
32 # You can change individually these repositories to ones that will serve the
33 # right images. If credentials are needed for one of them, see below.
34 repository: nexus3.onap.org:10001
35 dockerHubRepository: &dockerHubRepository docker.io
36 elasticRepository: &elasticRepository docker.elastic.co
37 quayRepository: quay.io
38 googleK8sRepository: k8s.gcr.io
39 githubContainerRegistry: ghcr.io
42 # they're optional. If the target repository doesn't need them, comment them
46 # If you want / need authentication on the repositories, please set
47 # Don't set them if the target repo is the same than others
48 # so id you've set repository to value `my.private.repo` and same for
49 # dockerHubRepository, you'll have to configure only repository (exclusive) OR
62 # common global images
63 # Busybox for simple shell manipulation
64 busyboxImage: busybox:1.34.1
67 curlImage: curlimages/curl:7.80.0
69 # env substitution image
70 envsubstImage: dibi/envsubst:1
72 # generate htpasswd files image
73 # there's only latest image for htpasswd
74 htpasswdImage: xmartlabs/htpasswd:latest
76 # kubenretes client image
77 kubectlImage: bitnami/kubectl:1.22.4
80 loggingImage: beats/filebeat:5.5.0
82 # mariadb client image
83 mariadbImage: bitnami/mariadb:10.5.8
86 nginxImage: bitnami/nginx:1.21.4
88 # postgreSQL client and server image
89 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
91 # readiness check image
92 readinessImage: onap/oom/readiness:5.0.1
98 jreImage: onap/integration-java11:10.0.0
100 # default clusterName
101 # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
102 clusterName: cluster.local
104 # default mount path root directory referenced
105 # by persistent volumes and log files
107 mountPath: /dockerdata-nfs
108 enableDefaultStorageclass: false
110 storageclassProvisioner: kubernetes.io/no-provisioner
111 volumeReclaimPolicy: Retain
113 # Global flag to enable the creation of default roles instead of using
114 # common roles-wrapper
115 createDefaultRoles: false
117 # override default resource limit flavor for all charts
120 # flag to enable debugging - application support required
123 # default password complexity
124 # available options: phrase, name, pin, basic, short, medium, long, maximum security
125 # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
126 passwordStrength: long
128 # configuration to set log level to all components (the one that are using
129 # "common.log.level" to set this)
130 # can be overrided per components by setting logConfiguration.logLevelOverride
131 # to the desired value
134 # Global ingress configuration
136 # generally enable ingress for ONAP components
138 # enable all component's Ingress interfaces
141 # Provider: ingress, istio, gw-api
143 # Ingress class (only for provider "ingress"): e.g. nginx, traefik
145 # Ingress Selector (only for provider "istio") to match with the
146 # ingress pod label "istio=ingress"
147 ingressSelector: ingress
148 # optional: common used Gateway (for Istio, GW-API) and listener names
154 # default Ingress base URL and preAddr- and postAddr settings
155 # Ingress URLs result:
156 # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
158 # Default Ingress base URL
159 # can be overwritten in component by setting ingress.baseurlOverride
160 baseurl: "simpledemo.onap.org"
161 # prefix for baseaddr
162 # can be overwritten in component by setting ingress.preaddrOverride
164 # postfix for baseaddr
165 # can be overwritten in component by setting ingress.postaddrOverride
168 # All http (port 80) requests via ingress will be redirected
169 # to port 443 on Ingress controller
170 # only valid for Istio Gateway (ServiceMesh enabled)
173 # you can set an own Secret containing a certificate
174 # only valid for Istio Gateway (ServiceMesh enabled)
176 # secret: 'my-ingress-cert'
178 # optional: Namespace of the Istio IngressGateway or Gateway-API
179 # only valid for Istio Gateway (ServiceMesh enabled)
180 namespace: istio-ingress
182 # Global Service Mesh configuration
186 # be aware that linkerd is not well tested
187 engine: "istio" # valid value: istio or linkerd
189 # Global Istio Authorization Policy configuration
190 authorizationPolicies:
194 # If enabled, exporters (for prometheus) will be deployed
195 # if custom resources set to yes, CRD from prometheus operartor will be
197 # Not all components have it enabled.
201 custom_resources: false
204 # POC Mode, only for use in development environment
205 # Keep it enabled in production
209 # POC Mode, only for use in development environment
212 # default values for certificates
215 renewBefore: 720h #30 days
216 duration: 8760h #365 days
218 organization: "Linux-Foundation"
220 locality: "San-Francisco"
221 province: "California"
222 organizationalUnit: "ONAP"
224 group: certmanager.onap.org
226 name: cmpv2-issuer-onap
232 clientSecretName: oom-cert-service-client-tls-secret
233 keystoreKeyRef: keystore.jks
234 truststoreKeyRef: truststore.jks
235 keystorePasswordSecretName: oom-cert-service-certificates-password
236 keystorePasswordSecretKey: password
237 truststorePasswordSecretName: oom-cert-service-certificates-password
238 truststorePasswordSecretKey: password
240 # Indicates offline deployment build
241 # Set to true if you are rendering helm charts for offline deployment
242 # Otherwise keep it disabled
243 offlineDeploymentBuild: false
246 # Set to false if you want to disable TLS for NodePorts. Be aware that this
247 # will loosen your security.
248 # if set this element will force or not tls even if serviceMesh.tls is set.
252 # Currently, centralized logging is not in best shape so it's disabled by
254 centralizedLoggingEnabled: ¢ralizedLogging false
256 # Example of specific for the components where you want to disable TLS only for
258 # if set this element will force or not tls even if global.serviceMesh.tls and
259 # global.tlsEnabled is set otherwise.
263 # Global storage configuration
264 # Set to "-" for default, or with the name of the storage class
265 # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
266 # storageclass with RWX capabilities (or set specific configuration for these
271 # Example of specific for the components which requires RWX:
273 # cds-blueprints-processor:
275 # storageClassOverride: "My_RWX_Storage_Class"
279 # storageClassOverride: "My_RWX_Storage_Class"
281 #################################################################
282 # Enable/disable and configure helm charts (ie. applications)
283 # to customize the ONAP deployment.
284 #################################################################
319 # openstack configuration
320 openStackRegion: "Yolo"
321 openStackVNFTenantId: "1234"
329 # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
330 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
346 # necessary to disable liveness probe when setting breakpoints
347 # in debugger so K8s doesn't restart unresponsive container
350 # so server configuration
352 # message router configuration
354 # openstack configuration
355 openStackUserName: "vnf_user"
356 openStackRegion: "RegionOne"
357 openStackKeyStoneUrl: "http://1.2.3.4:5000"
358 openStackServiceTenantName: "service"
359 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
361 # in order to enable static password for so-monitoring uncomment:
365 # password: demo123456!
369 # Kafka replication & disk storage should be dimensioned
370 # according to each given system use case.
377 # Strimzi kafka bridge is an optional http api towards
378 # kafka provided by https://strimzi.io/docs/bridge/latest/
379 strimzi-kafka-bridge: