1 # Copyright © 2019 Amdocs, Bell Canada
2 # Copyright (c) 2020 Nordix Foundation, Modifications
3 # Modifications Copyright © 2020-2021 Nokia
4 # Modifications Copyright © 2023 Nordix Foundation
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 #################################################################
19 # Global configuration overrides.
21 # These overrides will affect all helm charts (ie. applications)
22 # that are listed below and are 'enabled'.
23 #################################################################
25 # Change to an unused port prefix range to prevent port conflicts
26 # with other instances running within the same k8s cluster
28 nodePortPrefixExt: 304
31 # Install test components
32 # test components are out of the scope of ONAP but allow to have a entire
33 # environment to test the different features of ONAP
34 # Current tests environments provided:
35 # - netbox (needed for CDS IPAM)
36 # - AWX (needed for XXX)
37 # - EJBCA Server (needed for CMPv2 tests)
38 # Today, "contrib" chart that hosting these components must also be enabled
39 # in order to make it work. So `contrib.enabled` must have the same value than
40 # addTestingComponents
41 addTestingComponents: &testing false
44 # Four different repositories are used
45 # You can change individually these repositories to ones that will serve the
46 # right images. If credentials are needed for one of them, see below.
47 repository: nexus3.onap.org:10001
48 dockerHubRepository: &dockerHubRepository docker.io
49 elasticRepository: &elasticRepository docker.elastic.co
50 quayRepository: quay.io
51 googleK8sRepository: k8s.gcr.io
52 githubContainerRegistry: ghcr.io
55 # Legacy repositories which will be removed at the end of migration.
57 loggingRepository: *elasticRepository
58 busyboxRepository: *dockerHubRepository
61 # they're optional. If the target repository doesn't need them, comment them
65 # If you want / need authentication on the repositories, please set
66 # Don't set them if the target repo is the same than others
67 # so id you've set repository to value `my.private.repo` and same for
68 # dockerHubRepository, you'll have to configure only repository (exclusive) OR
81 # common global images
82 # Busybox for simple shell manipulation
83 busyboxImage: busybox:1.34.1
86 curlImage: curlimages/curl:7.80.0
88 # env substitution image
89 envsubstImage: dibi/envsubst:1
91 # generate htpasswd files image
92 # there's only latest image for htpasswd
93 htpasswdImage: xmartlabs/htpasswd:latest
95 # kubenretes client image
96 kubectlImage: bitnami/kubectl:1.22.4
99 loggingImage: beats/filebeat:5.5.0
101 # mariadb client image
102 mariadbImage: bitnami/mariadb:10.5.8
105 nginxImage: bitnami/nginx:1.21.4
107 # postgreSQL client and server image
108 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
110 # readiness check image
111 readinessImage: onap/oom/readiness:3.0.1
117 jreImage: onap/integration-java11:10.0.0
119 # default clusterName
120 # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
121 clusterName: cluster.local
123 # default mount path root directory referenced
124 # by persistent volumes and log files
126 mountPath: /dockerdata-nfs
127 enableDefaultStorageclass: false
129 storageclassProvisioner: kubernetes.io/no-provisioner
130 volumeReclaimPolicy: Retain
132 # override default resource limit flavor for all charts
135 # flag to enable debugging - application support required
138 # default password complexity
139 # available options: phrase, name, pin, basic, short, medium, long, maximum security
140 # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
141 passwordStrength: long
143 # configuration to set log level to all components (the one that are using
144 # "common.log.level" to set this)
145 # can be overrided per components by setting logConfiguration.logLevelOverride
146 # to the desired value
149 # Global ingress configuration
151 # generally enable ingress for ONAP components
153 # enable all component's Ingress interfaces
156 # default Ingress base URL and preAddr- and postAddr settings
157 # Ingress URLs result:
158 # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
160 # Default Ingress base URL
161 # can be overwritten in component by setting ingress.baseurlOverride
162 baseurl: "simpledemo.onap.org"
163 # prefix for baseaddr
164 # can be overwritten in component by setting ingress.preaddrOverride
166 # postfix for baseaddr
167 # can be overwritten in component by setting ingress.postaddrOverride
170 # All http (port 80) requests via ingress will be redirected
171 # to port 443 on Ingress controller
172 # only valid for Istio Gateway (ServiceMesh enabled)
175 # you can set an own Secret containing a certificate
176 # only valid for Istio Gateway (ServiceMesh enabled)
178 # secret: 'my-ingress-cert'
180 # optional: Namespace of the Istio IngressGateway
181 # only valid for Istio Gateway (ServiceMesh enabled)
182 namespace: istio-ingress
184 # Global Service Mesh configuration
185 # POC Mode, don't use it in production
189 # be aware that linkerd is not well tested
190 engine: "istio" # valid value: istio or linkerd
192 # Global Istio Authorization Policy configuration
193 authorizationPolicies:
197 # If enabled, exporters (for prometheus) will be deployed
198 # if custom resources set to yes, CRD from prometheus operartor will be
200 # Not all components have it enabled.
204 custom_resources: false
207 # POC Mode, only for use in development environment
208 # Keep it enabled in production
210 aafAgentImage: onap/aaf/aaf_agent:2.1.20
213 # POC Mode, only for use in development environment
216 # default values for certificates
219 renewBefore: 720h #30 days
220 duration: 8760h #365 days
222 organization: "Linux-Foundation"
224 locality: "San-Francisco"
225 province: "California"
226 organizationalUnit: "ONAP"
228 group: certmanager.onap.org
230 name: cmpv2-issuer-onap
236 clientSecretName: oom-cert-service-client-tls-secret
237 keystoreKeyRef: keystore.jks
238 truststoreKeyRef: truststore.jks
239 keystorePasswordSecretName: oom-cert-service-certificates-password
240 keystorePasswordSecretKey: password
241 truststorePasswordSecretName: oom-cert-service-certificates-password
242 truststorePasswordSecretKey: password
244 # Indicates offline deployment build
245 # Set to true if you are rendering helm charts for offline deployment
246 # Otherwise keep it disabled
247 offlineDeploymentBuild: false
250 # Set to false if you want to disable TLS for NodePorts. Be aware that this
251 # will loosen your security.
252 # if set this element will force or not tls even if serviceMesh.tls is set.
256 # Currently, centralized logging is not in best shape so it's disabled by
258 centralizedLoggingEnabled: ¢ralizedLogging false
260 # Example of specific for the components where you want to disable TLS only for
262 # if set this element will force or not tls even if global.serviceMesh.tls and
263 # global.tlsEnabled is set otherwise.
267 # Global storage configuration
268 # Set to "-" for default, or with the name of the storage class
269 # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
270 # storageclass with RWX capabilities (or set specific configuration for these
275 # Example of specific for the components which requires RWX:
278 # storageClassOverride: "My_RWX_Storage_Class"
283 # storageClassOverride: "My_RWX_Storage_Class"
285 # cds-blueprints-processor:
287 # storageClassOverride: "My_RWX_Storage_Class"
291 # storageClassOverride: "My_RWX_Storage_Class"
293 #################################################################
294 # Enable/disable and configure helm charts (ie. applications)
295 # to customize the ONAP deployment.
296 #################################################################
302 # you must always set the same values as value set in cps.enabled
316 # Today, "contrib" chart that hosting these components must also be enabled
317 # in order to make it work. So `contrib.enabled` must have the same value than
318 # addTestingComponents
337 # Today, "logging" chart that perform the central part of logging must also be
338 # enabled in order to make it work. So `logging.enabled` must have the same
339 # value as centralizedLoggingEnabled
341 enabled: *centralizedLogging
355 # openstack configuration
356 openStackRegion: "Yolo"
357 openStackVNFTenantId: "1234"
367 # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
368 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
384 # necessary to disable liveness probe when setting breakpoints
385 # in debugger so K8s doesn't restart unresponsive container
388 # so server configuration
390 # message router configuration
392 # openstack configuration
393 openStackUserName: "vnf_user"
394 openStackRegion: "RegionOne"
395 openStackKeyStoneUrl: "http://1.2.3.4:5000"
396 openStackServiceTenantName: "service"
397 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
399 # in order to enable static password for so-monitoring uncomment:
403 # password: demo123456!
407 # Kafka replication & disk storage should be dimensioned
408 # according to each given system use case.
415 # Strimzi kafka bridge is an optional http api towards
416 # kafka provided by https://strimzi.io/docs/bridge/latest/
417 strimzi-kafka-bridge: