1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
3 # Modifications Copyright (C) 2021-2023 Nordix Foundation.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 #################################################################
18 # Global configuration defaults.
19 #################################################################
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
26 mysqlDatabase: policyadmin
27 service: &mariadbService
28 name: &policy-mariadb policy-mariadb
30 prometheusEnabled: false
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
39 #Strimzi Kafka properties
41 # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
42 useStrimziKafkaPf: false
43 kafkaBootstrap: strimzi-kafka-bootstrap
44 policyKafkaUser: policy-kafka-user
47 name: policy.clamp-runtime-acm
49 #################################################################
51 #################################################################
53 - uid: db-root-password
54 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
56 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
57 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
60 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
62 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
63 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
64 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
65 passwordPolicy: generate
66 - uid: policy-app-user-creds
67 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
69 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
70 login: '{{ .Values.config.policyAppUserName }}'
71 password: '{{ .Values.config.policyAppUserPassword }}'
72 passwordPolicy: generate
73 - uid: policy-pap-user-creds
74 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
76 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
77 login: '{{ .Values.restServer.policyPapUserName }}'
78 password: '{{ .Values.restServer.policyPapUserPassword }}'
79 passwordPolicy: required
80 - uid: policy-api-user-creds
81 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
83 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
84 login: '{{ .Values.restServer.policyApiUserName }}'
85 password: '{{ .Values.restServer.policyApiUserPassword }}'
86 passwordPolicy: required
89 credsExternalSecret: *dbSecretName
95 apiUserExternalSecret: *policyApiCredsSecret
97 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
102 papUserExternalSecret: *policyPapCredsSecret
103 apiUserExternalSecret: *policyApiCredsSecret
105 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
110 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
115 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
120 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
124 policy-clamp-ac-k8s-ppnt:
126 policy-clamp-ac-pf-ppnt:
129 apiUserExternalSecret: *policyApiCredsSecret
130 papUserExternalSecret: *policyPapCredsSecret
131 policy-clamp-ac-http-ppnt:
133 policy-clamp-ac-a1pms-ppnt:
135 policy-clamp-ac-kserve-ppnt:
137 policy-clamp-runtime-acm:
141 appUserExternalSecret: *policyAppCredsSecret
145 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
149 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
151 #################################################################
152 # DB configuration defaults.
153 #################################################################
156 image: onap/policy-db-migrator:2.6.2
158 policy_home: "/opt/app/policy"
163 # flag to enable debugging - application support required
166 # default number of instances
173 # probe configuration parameters
175 initialDelaySeconds: 10
177 # necessary to disable liveness probe when setting breakpoints
178 # in debugger so K8s doesn't restart unresponsive container
182 initialDelaySeconds: 10
187 policyAppUserName: runtimeUser
188 useStrimziKafka: true
193 segmentBytes: 1073741824
195 groupId: policy-group
196 policyHeartbeatTopic:
197 name: policy-heartbeat
200 segmentBytes: 1073741824
202 groupId: policy-group
203 policyNotificationTopic:
204 name: policy-notification
207 segmentBytes: 1073741824
209 groupId: policy-group
213 # mariadb-galera.config and global.mariadb.config must be equals
217 externalSecret: *dbSecretName
218 name: &mysqlDbName policyadmin
220 externalSecret: *dbRootPassSecretName
221 nameOverride: *policy-mariadb
222 # mariadb-galera.service and global.mariadb.service must be equals
223 service: *mariadbService
230 mountSubPath: policy/maria/data
232 nameOverride: *policy-mariadb
234 postgresImage: library/postgres:latest
235 # application configuration override for postgres
237 nameOverride: &postgresName policy-postgres
240 name2: policy-pg-primary
241 name3: policy-pg-replica
244 primary: policy-pg-primary
245 replica: policy-pg-replica
247 mountSubPath: policy/postgres/data
248 mountInitPath: policy
250 pgUserName: policy-user
251 pgDatabase: policyadmin
252 pgUserExternalSecret: *dbSecretName
253 pgRootPasswordExternalSecret: *dbRootPassSecretName
257 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
260 policyPapUserName: policyadmin
261 policyPapUserPassword: zb!XztG34
262 policyApiUserName: policyadmin
263 policyApiUserPassword: zb!XztG34
265 # Resource Limit flavor -By Default using small
266 # Segregation for Different environment (small, large, or unlimited)
285 #Pods Service Account