Merge "[SDNC] Use common aaf template in SDNC"

[oom.git] / kubernetes / sdnc / values.yaml

# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302
  nodePortPrefixExt: 304
  repository: nexus3.onap.org:10001
  readinessRepository: oomk8s
  readinessImage: readiness-check:2.0.2
  loggingRepository: docker.elastic.co
  loggingImage: beats/filebeat:5.5.0
  aafAgentImage: onap/aaf/aaf_agent:2.1.15
  persistence:
    mountPath: /dockerdata-nfs
  aafEnabled: true
  # envsusbt
  envsubstImage: dibi/envsubst
  mariadbGalera:
    #This flag allows SO to instantiate its own mariadb-galera cluster
    #If shared instance is used, this chart assumes that DB already exists
    localCluster: false
    service: mariadb-galera
    internalPort: 3306
    nameOverride: mariadb-galera

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: db-root-password
    name: '{{ include "common.release" . }}-sdnc-db-root-password'
    type: password
    externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
      ternary (default (include "common.mariadb.secret.rootPassSecretName"
      (dict "dot" . "chartName"
      (index .Values "mariadb-galera" "nameOverride")))
      (index .Values "mariadb-galera" "config"
      "mariadbRootPasswordExternalSecret"))
      (include "common.mariadb.secret.rootPassSecretName"
      (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
    password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
  - uid: db-secret
    name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
    type: basicAuth
    # This is a nasty trick that allows you override this secret using external one
    # with the same field that is used to pass this to subchart
    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
    login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
    password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
  - uid: odl-creds
    name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
    type: basicAuth
    externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
    login: '{{ .Values.config.odlUser }}'
    password: '{{ .Values.config.odlPassword }}'
    # For now this is left hardcoded but should be revisited in a future
    passwordPolicy: required
  - uid: &aaf_secret_uid aaf-creds
    type: basicAuth
    externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
    login: '{{ .Values.aaf_init.deploy_fqi }}'
    password: '{{ .Values.aaf_init.deploy_pass }}'
    passwordPolicy: required
  - uid: netbox-apikey
    type: password
    externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
    password: '{{ .Values.config.netboxApikey }}'
    passwordPolicy: required
  - uid: aai-user-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
    login: '{{ .Values.config.aaiUser }}'
    password: '{{ .Values.config.aaiPassword }}'
    passwordPolicy: required
  - uid: modeling-user-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
    login: '{{ .Values.config.modelingUser }}'
    password: '{{ .Values.config.modelingPassword }}'
    passwordPolicy: required
  - uid: restconf-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
    login: '{{ .Values.config.restconfUser }}'
    password: '{{ .Values.config.restconfPassword }}'
    passwordPolicy: required
  - uid: ansible-creds
    name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
    type: basicAuth
    externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
    login: '{{ .Values.config.ansibleUser }}'
    password: '{{ .Values.config.ansiblePassword }}'
    passwordPolicy: required
  - uid: scaleout-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
    login: '{{ .Values.config.scaleoutUser }}'
    password: '{{ .Values.config.scaleoutPassword }}'
    passwordPolicy: required

#################################################################
# Application configuration defaults.
#################################################################
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
image: onap/sdnc-image:1.8.2


# flag to enable debugging - application support required
debugEnabled: false

# application configuration
config:
  odlUid: 100
  odlGid: 101
  odlUser: admin
  odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
  # odlCredsExternalSecret: some secret
  netboxApikey: onceuponatimeiplayedwithnetbox20180814
  # netboxApikeyExternalSecret: some secret
  aaiUser: sdnc@sdnc.onap.org
  aaiPassword: demo123456!
  # aaiCredsExternalSecret: some secret
  modelingUser: ccsdkapps
  modelingPassword: ccsdkapps
  # modelingCredsExternalSecret: some secret
  restconfUser: admin
  restconfPassword: admin
  # restconfCredsExternalSecret: some secret
  scaleoutUser: admin
  scaleoutPassword: admin
  # scaleoutExternalSecret: some secret
  ansibleUser: sdnc
  ansiblePassword: sdnc
  # ansibleCredsExternalSecret: some secret
  dbSdnctlDatabase: &sdncDbName sdnctl
  enableClustering: true
  sdncHome: /opt/onap/sdnc
  binDir: /opt/onap/sdnc/bin
  etcDir: /opt/onap/sdnc/data
  geoEnabled: false
# if geoEnabled is set to true here, mysql.geoEnabled must be set to true
# if geoEnabled is set to true the following 3 values must be set to their proper values
  myODLCluster: 127.0.0.1
  peerODLCluster: 127.0.0.1
  isPrimaryCluster: true
  configDir: /opt/onap/sdnc/data/properties
  ccsdkConfigDir: /opt/onap/ccsdk/data/properties
  dmaapTopic: SUCCESS
  dmaapPort: 3904
  logstashServiceName: log-ls
  logstashPort: 5044
  ansibleServiceName: sdnc-ansible-server
  ansiblePort: 8000
  javaHome: /usr/lib/jvm/java-1.8-openjdk

  odl:
    etcDir: /opt/opendaylight/etc
    binDir: /opt/opendaylight/bin
    salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
    salConfigVersion: 1.8.2
    akka:
      seedNodeTimeout: 15s
      circuitBreaker:
        maxFailures: 10
        callTimeout: 90s
        resetTimeout: 30s
      recoveryEventTimeout: 90s
    datastore:
      persistentActorRestartMinBackoffInSeconds: 10
      persistentActorRestartMaxBackoffInSeconds: 40
      persistentActorRestartResetBackoffInSeconds: 20
      shardTransactionCommitTimeoutInSeconds: 120
      shardIsolatedLeaderCheckIntervalInMillis: 30000
      operationTimeoutInSeconds: 120
    javaOptions:
      maxGCPauseMillis: 100
      parallelGCThreads : 3
      numberGGLogFiles: 10

# dependency / sub-chart configuration
aafConfig:
  addconfig: true
  fqdn: "sdnc"
  app_ns: "org.osaaf.aaf"
  fqi: "sdnc@sdnc.onap.org"
  fqi_namespace: org.onap.sdnc
  public_fqdn: "sdnc.onap.org"
  aafDeployFqi: "deployer@people.osaaf.org"
  aafDeployPass: demo123456!
  cadi_latitude: "38.0"
  cadi_longitude: "-72.0"
  secret_uid: *aaf_secret_uid
  credsPath: /opt/app/osaaf/local

aaf_init:
  agentImage: onap/aaf/aaf_agent:2.1.15
  app_ns: "org.osaaf.aaf"
  fqi: "sdnc@sdnc.onap.org"
  fqdn: "sdnc"
  public_fqdn: "sdnc.onap.org"
  deploy_fqi: "deployer@people.osaaf.org"
  deploy_pass: "demo123456!"
  cadi_latitude: "38.0"
  cadi_longitude: "-72.0"

mariadb-galera: &mariadbGalera
  nameOverride: sdnc-db
  config: &mariadbGaleraConfig
    rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
    userName: sdnctl
    userCredentialsExternalSecret: *dbSecretName
  service:
    name: sdnc-dbhost
    internalPort: 3306
  sdnctlPrefix: sdnc
  persistence:
    mountSubPath: sdnc/mariadb-galera
    enabled: true
  replicaCount: 1

cds:
  enabled: false

dmaap-listener:
  nameOverride: sdnc-dmaap-listener
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: *sdncDbName
  config:
    sdncChartName: sdnc
    dmaapPort: 3904
    sdncPort: 8282
    configDir: /opt/onap/sdnc/data/properties
    odlCredsExternalSecret: *odlCredsSecretName

ueb-listener:
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: *sdncDbName
  nameOverride: sdnc-ueb-listener
  config:
    sdncPort: 8282
    sdncChartName: sdnc
    configDir: /opt/onap/sdnc/data/properties
    odlCredsExternalSecret: *odlCredsSecretName

sdnc-portal:
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: *sdncDbName
  config:
    sdncChartName: sdnc
    configDir: /opt/onap/sdnc/data/properties
    odlCredsExternalSecret: *odlCredsSecretName

sdnc-ansible-server:
  config:
    restCredsExternalSecret: *ansibleSecretName
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: ansible
  service:
    name: sdnc-ansible-server
    internalPort: 8000

dgbuilder:
  nameOverride: sdnc-dgbuilder
  config:
    db:
      dbName: *sdncDbName
      rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
      userCredentialsExternalSecret: *dbSecretName
    dbPodName: mariadb-galera
    dbServiceName: mariadb-galera
    # This should be revisited and changed to plain text
    dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
  mariadb-galera:
  service:
    name: sdnc-dgbuilder
    nodePort: "03"

  ingress:
    enabled: false
    service:
      - baseaddr: "sdnc-dgbuilder"
        name: "sdnc-dgbuilder"
        port: 3000
    config:
      ssl: "redirect"

# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
  nameOverride: sdnrdb
  name: sdnrdb-cluster
  aafConfig:
    fqdn: "sdnc"
    fqi_namespace: org.onap.sdnc
    fqi: "sdnc@sdnc.onap.org"
  service:
    name: sdnrdb

  master:
    replicaCount: 3
    # dedicatednode: "yes"
    # working as master node only, in this case increase replicaCount for elasticsearch-data
    # dedicatednode: "no"
    # handles master and data node functionality
    dedicatednode: "no"
    nameOverride: sdnrdb

  curator:
    enabled: true
    nameOverride: sdnrdb
  data:
    enabled: true
    replicaCount: 1
    nameOverride: sdnrdb


# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

service:
  type: NodePort
  name: sdnc
  portName: sdnc
  internalPort: 8181
  internalPort2: 8101
  internalPort3: 8080
  internalPort4: 8443

  #port
  externalPort: 8282

  externalPort2: 8202

  externalPort3: 8280

  externalPort4: 8443
  nodePort4: 67

  clusterPort: 2550
  clusterPort2: 2650
  clusterPort3: 2681

  geoNodePort1: 61
  geoNodePort2: 62
  geoNodePort3: 63
  geoNodePort4: 64
  geoNodePort5: 65
  geoNodePort6: 66

## Persist data to a persitent volume
persistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:
  volumeReclaimPolicy: Retain

  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  accessMode: ReadWriteOnce
  size: 1Gi
  mountPath: /dockerdata-nfs
  mountSubPath: sdnc/mdsal
  mdsalPath: /opt/opendaylight/current/daexim

certpersistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:

  volumeReclaimPolicy: Retain
  accessMode: ReadWriteOnce
  size: 50Mi
  mountPath: /dockerdata-nfs
  mountSubPath: sdnc/certs
  certPath: /opt/app/osaaf
  ##storageClass: "manual"

ingress:
  enabled: false
  service:
    - baseaddr: "sdnc.api"
      name: "sdnc"
      port: 8443
  config:
    ssl: "redirect"

#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)

resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 1
      memory: 2Gi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}