1 # Copyright © 2018 AT&T USA
2 # Copyright © 2020 Huawei
3 # Copyright © 2021 Orange
4 # Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
5 # Modifications Copyright © 2023 Nordix Foundation
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 #################################################################
18 # Global configuration defaults.
19 #################################################################
22 nodePortPrefixExt: 304
23 centralizedLoggingEnabled: true
25 # flag to enable the DB creation via mariadb-operator
27 nameOverride: mariadb-galera
29 service: mariadb-galera
31 # This flag allows SO to instantiate its own mariadb-galera cluster,
32 # serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
34 # (optional) if localCluster=false and an external secret is used set this variable
35 #userRootSecret: <secretName>
37 mountPath: /dockerdata-nfs
38 #This configuration specifies Service and port for SDNC OAM interface
39 sdncOamService: sdnc-oam
41 #This configuration will run the migration. The configurations are for backing up the data
42 #from DB and then restoring it to the present versions preferred DB.
45 dbHost: mariadb-galera
48 dbPassword: secretpassword
49 # dbCredsExternalSecret: some secret
53 auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
54 defaultCloudOwner: onap
59 - '{{ include "common.release" . }}-so-mariadb-config-job'
61 #################################################################
63 #################################################################
66 name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
68 # If we're using shared mariadb, we need to use the secret name (second
70 # If not, we do the same trick than for user db secret hat allows you
71 # override this secret using external one with the same field that is used
72 # to pass this to subchart.
73 externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
74 ternary (( hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
77 (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
79 ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
81 .Values.global.mariadbGalera.userRootSecret
82 (include "common.mariadb.secret.rootPassSecretName"
83 (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
86 password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
87 - uid: db-backup-creds
88 name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
90 externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
91 login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
92 password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
93 passwordPolicy: required
95 helm.sh/hook: pre-upgrade,pre-install
96 helm.sh/hook-weight: '0'
97 helm.sh/hook-delete-policy: before-hook-creation
99 name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
101 externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
102 login: '{{ .Values.dbCreds.userName }}'
103 password: '{{ .Values.dbCreds.userPassword }}'
104 passwordPolicy: generate
105 - uid: db-admin-creds
106 name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
108 externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
109 login: '{{ .Values.dbCreds.adminName }}'
110 password: '{{ .Values.dbCreds.adminPassword }}'
111 passwordPolicy: generate
113 name: &mso-key '{{ include "common.release" . }}-mso-key'
115 password: '{{ .Values.mso.msoKey }}'
117 name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
119 login: '{{ .Values.mso.oof.login }}'
120 password: '{{ .Values.mso.oof.password }}'
121 passwordPolicy: required
122 - uid: server-actuator-creds
123 name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
125 externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
126 login: '{{ .Values.server.actuator.username }}'
127 password: '{{ .Values.server.actuator.password }}'
128 passwordPolicy: required
129 - uid: server-bpel-creds
130 name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
132 externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
133 login: '{{ .Values.server.bpel.username }}'
134 password: '{{ .Values.server.bpel.password }}'
135 passwordPolicy: required
137 name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
139 externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
140 login: '{{ .Values.server.aai.username }}'
141 password: '{{ .Values.server.aai.password }}'
142 passwordPolicy: required
144 ##################################################################
145 # Application configuration defaults.
146 #################################################################
148 dbSecrets: &dbSecrets
149 userCredsExternalSecret: *dbUserCredsSecretName
150 adminCredsExternalSecret: *dbAdminCredsSecretName
152 # unused in this, just to pass to subcharts
157 image: onap/so/api-handler-infra:1.12.2
161 username: aai@aai.onap.org
162 password: demo123456!
163 # aaiCredsExternalSecret: some secret
167 # actuatorCredsExternalSecret: some secret
171 # bpelCredsExternalSecret: some secret
176 containerPort: &containerPort 8080
177 logPath: ./logs/apih/
178 app: api-handler-infra
181 internalPort: *containerPort
187 msb.onap.org/service-info: |
188 {{ if .Values.global.msbEnabled -}}[
192 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
194 "port": "{{ .Values.service.internalPort }}",
196 "lb_policy":"ip_hash"
201 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
203 "port": "{{ .Values.service.internalPort }}",
205 "lb_policy":"ip_hash"
210 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
212 "port": "{{ .Values.service.internalPort }}",
214 "lb_policy":"ip_hash"
219 "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
221 "port": "{{ .Values.service.internalPort }}",
223 "lb_policy":"ip_hash"
228 "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
230 "port": "{{ .Values.service.internalPort }}",
232 "lb_policy":"ip_hash"
237 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
239 "port": "{{ .Values.service.internalPort }}",
241 "lb_policy":"ip_hash"
246 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
248 "port": "{{ .Values.service.internalPort }}",
250 "lb_policy":"ip_hash"
255 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
257 "port": "{{ .Values.service.internalPort }}",
259 "lb_policy":"ip_hash"
264 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
266 "port": "{{ .Values.service.internalPort }}",
268 "lb_policy":"ip_hash"
273 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
275 "port": "{{ .Values.service.internalPort }}",
277 "lb_policy":"ip_hash"
282 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
284 "port": "{{ .Values.service.internalPort }}",
286 "lb_policy":"ip_hash"
291 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
293 "port": "{{ .Values.service.internalPort }}",
295 "lb_policy":"ip_hash"
300 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
302 "port": "{{ .Values.service.internalPort }}",
304 "lb_policy":"ip_hash"
309 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
311 "port": "{{ .Values.service.internalPort }}",
313 "lb_policy":"ip_hash"
318 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
320 "port": "{{ .Values.service.internalPort }}",
322 "lb_policy":"ip_hash"
327 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
329 "port": "{{ .Values.service.internalPort }}",
331 "lb_policy":"ip_hash"
336 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
338 "port": "{{ .Values.service.internalPort }}",
340 "lb_policy":"ip_hash"
345 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
347 "port": "{{ .Values.service.internalPort }}",
349 "lb_policy":"ip_hash"
354 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
356 "port": "{{ .Values.service.internalPort }}",
358 "lb_policy":"ip_hash"
363 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
365 "port": "{{ .Values.service.internalPort }}",
367 "lb_policy":"ip_hash"
372 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
374 "port": "{{ .Values.service.internalPort }}",
376 "lb_policy":"ip_hash"
381 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
383 "port": "{{ .Values.service.internalPort }}",
385 "lb_policy":"ip_hash"
390 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
392 "port": "{{ .Values.service.internalPort }}",
394 "lb_policy":"ip_hash"
399 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
401 "port": "{{ .Values.service.internalPort }}",
403 "lb_policy":"ip_hash"
408 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
410 "port": "{{ .Values.service.internalPort }}",
412 "lb_policy":"ip_hash"
417 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
419 "port": "{{ .Values.service.internalPort }}",
421 "lb_policy":"ip_hash"
426 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
428 "port": "{{ .Values.service.internalPort }}",
430 "lb_policy":"ip_hash"
435 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
437 "port": "{{ .Values.service.internalPort }}",
439 "lb_policy":"ip_hash"
444 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
446 "port": "{{ .Values.service.internalPort }}",
448 "lb_policy":"ip_hash"
453 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
455 "port": "{{ .Values.service.internalPort }}",
457 "lb_policy":"ip_hash"
462 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
464 "port": "{{ .Values.service.internalPort }}",
466 "lb_policy":"ip_hash"
471 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
473 "port": "{{ .Values.service.internalPort }}",
475 "lb_policy":"ip_hash"
480 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
482 "port": "{{ .Values.service.internalPort }}",
484 "lb_policy":"ip_hash"
489 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
491 "port": "{{ .Values.service.internalPort }}",
493 "lb_policy":"ip_hash"
498 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
500 "port": "{{ .Values.service.internalPort }}",
502 "lb_policy":"ip_hash"
507 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
509 "port": "{{ .Values.service.internalPort }}",
511 "lb_policy":"ip_hash"
516 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
518 "port": "{{ .Values.service.internalPort }}",
520 "lb_policy":"ip_hash"
525 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
527 "port": "{{ .Values.service.internalPort }}",
529 "lb_policy":"ip_hash"
534 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
536 "port": "{{ .Values.service.internalPort }}",
538 "lb_policy":"ip_hash"
543 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
545 "port": "{{ .Values.service.internalPort }}",
547 "lb_policy":"ip_hash"
556 ################################################################
558 #################################################################
560 containerPort: *containerPort
562 # Resource Limit flavor -By Default using small
564 # Segregation for Different environment (Small and Large)
585 # application configuration
587 logstashServiceName: log-ls
589 # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
590 openStackKeystoneVersion: "KEYSTONE"
592 #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
593 #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
594 # --set so.global.mariadbGalera.localCluster=true \
595 # --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
596 # --set so.global.mariadbGalera.serviceName=so-mariadb-galera
597 mariadb-galera: &mariadbGalera
599 externalSecret: *dbRootPassSecretName
600 nameOverride: &so-mariadb so-mariadb-galera
604 portName: *so-mariadb
610 mountSubPath: so/mariadb-galera/data
613 nameOverride: *so-mariadb
624 authorizedPrincipals:
625 - serviceAccount: consul-read
626 - serviceAccount: consul-server-read
627 - serviceAccount: nbi-read
628 - serviceAccount: policy-drools-pdp-read
629 - serviceAccount: so-bpmn-infra-read
630 - serviceAccount: robot-read
631 - serviceAccount: istio-ingress
632 namespace: istio-ingress
637 auth: Basic YnBlbDpwYXNzd29yZDEk
638 camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
639 msoKey: 07a7159d3bf51a0e53be7a8f89699be7
642 auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
644 auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
651 auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
653 auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
660 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
662 so-catalog-db-adapter:
676 aaiCredsExternalSecret: *aai-secrets
677 actuatorCredsExternalSecret: *actuator-secrets
679 msoKeySecret: *mso-key
699 rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
700 #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
701 rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
702 ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .)
703 ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
705 .Values.global.mariadbGalera.userRootSecret
706 (include "common.mariadb.secret.rootPassSecretName"
707 (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
710 backupCredsExternalSecret: *dbBackupCredsSecretName
711 userCredsExternalSecret: *dbUserCredsSecretName
712 adminCredsExternalSecret: *dbAdminCredsSecretName
724 actuatorCredsExternalSecret: *actuator-secrets
725 bpelCredsExternalSecret: *bpel-secrets
738 msoKeySecret: *mso-key
739 camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
741 authSecret: *mso-oof-auth
742 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
744 so-openstack-adapter:
750 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
752 so-request-db-adapter:
763 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
772 msoKeySecret: *mso-key
773 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
778 so-etsi-sol005-adapter:
785 so-etsi-sol003-adapter:
788 #Pods Service Account