1 # Copyright © 2018 AT&T USA
2 # Copyright © 2020 Huawei
3 # Copyright © 2021 Orange
4 # Modifications Copyright © 2023 Nordix Foundation
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #################################################################
17 # Global configuration defaults.
18 #################################################################
21 nodePortPrefixExt: 304
22 centralizedLoggingEnabled: true
24 # flag to enable the DB creation via mariadb-operator
26 nameOverride: mariadb-galera
28 service: mariadb-galera
30 #This flag allows SO to instantiate its own mariadb-galera cluster,
31 #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
34 mountPath: /dockerdata-nfs
35 #This configuration specifies Service and port for SDNC OAM interface
36 sdncOamService: sdnc-oam
38 #This configuration will run the migration. The configurations are for backing up the data
39 #from DB and then restoring it to the present versions preferred DB.
42 dbHost: mariadb-galera
45 dbPassword: secretpassword
46 # dbCredsExternalSecret: some secret
50 auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
51 defaultCloudOwner: onap
56 - '{{ include "common.release" . }}-so-mariadb-config-job'
58 #################################################################
60 #################################################################
63 name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
65 # If we're using shared mariadb, we need to use the secret name (second
67 # If not, we do the same trick than for user db secret hat allows you
68 # override this secret using external one with the same field that is used
69 # to pass this to subchart.
70 externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
71 ternary ((hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
74 (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
75 (include "common.mariadb.secret.rootPassSecretName"
77 "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
78 password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
79 - uid: db-backup-creds
80 name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
82 externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
83 login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
84 password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
85 passwordPolicy: required
87 helm.sh/hook: pre-upgrade,pre-install
88 helm.sh/hook-weight: '0'
89 helm.sh/hook-delete-policy: before-hook-creation
91 name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
93 externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
94 login: '{{ .Values.dbCreds.userName }}'
95 password: '{{ .Values.dbCreds.userPassword }}'
96 passwordPolicy: generate
98 name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
100 externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
101 login: '{{ .Values.dbCreds.adminName }}'
102 password: '{{ .Values.dbCreds.adminPassword }}'
103 passwordPolicy: generate
105 name: &mso-key '{{ include "common.release" . }}-mso-key'
107 password: '{{ .Values.mso.msoKey }}'
109 name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
111 login: '{{ .Values.mso.oof.login }}'
112 password: '{{ .Values.mso.oof.password }}'
113 passwordPolicy: required
114 - uid: server-actuator-creds
115 name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
117 externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
118 login: '{{ .Values.server.actuator.username }}'
119 password: '{{ .Values.server.actuator.password }}'
120 passwordPolicy: required
121 - uid: server-bpel-creds
122 name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
124 externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
125 login: '{{ .Values.server.bpel.username }}'
126 password: '{{ .Values.server.bpel.password }}'
127 passwordPolicy: required
129 name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
131 externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
132 login: '{{ .Values.server.aai.username }}'
133 password: '{{ .Values.server.aai.password }}'
134 passwordPolicy: required
136 ##################################################################
137 # Application configuration defaults.
138 #################################################################
140 dbSecrets: &dbSecrets
141 userCredsExternalSecret: *dbUserCredsSecretName
142 adminCredsExternalSecret: *dbAdminCredsSecretName
144 # unused in this, just to pass to subcharts
149 image: onap/so/api-handler-infra:1.12.2
153 username: aai@aai.onap.org
154 password: demo123456!
155 # aaiCredsExternalSecret: some secret
159 # actuatorCredsExternalSecret: some secret
163 # bpelCredsExternalSecret: some secret
168 containerPort: &containerPort 8080
169 logPath: ./logs/apih/
170 app: api-handler-infra
173 internalPort: *containerPort
179 msb.onap.org/service-info: |
180 {{ if .Values.global.msbEnabled -}}[
184 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
186 "port": "{{ .Values.service.internalPort }}",
188 "lb_policy":"ip_hash"
193 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
195 "port": "{{ .Values.service.internalPort }}",
197 "lb_policy":"ip_hash"
202 "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
204 "port": "{{ .Values.service.internalPort }}",
206 "lb_policy":"ip_hash"
211 "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
213 "port": "{{ .Values.service.internalPort }}",
215 "lb_policy":"ip_hash"
220 "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
222 "port": "{{ .Values.service.internalPort }}",
224 "lb_policy":"ip_hash"
229 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
231 "port": "{{ .Values.service.internalPort }}",
233 "lb_policy":"ip_hash"
238 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
240 "port": "{{ .Values.service.internalPort }}",
242 "lb_policy":"ip_hash"
247 "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
249 "port": "{{ .Values.service.internalPort }}",
251 "lb_policy":"ip_hash"
256 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
258 "port": "{{ .Values.service.internalPort }}",
260 "lb_policy":"ip_hash"
265 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
267 "port": "{{ .Values.service.internalPort }}",
269 "lb_policy":"ip_hash"
274 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
276 "port": "{{ .Values.service.internalPort }}",
278 "lb_policy":"ip_hash"
283 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
285 "port": "{{ .Values.service.internalPort }}",
287 "lb_policy":"ip_hash"
292 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
294 "port": "{{ .Values.service.internalPort }}",
296 "lb_policy":"ip_hash"
301 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
303 "port": "{{ .Values.service.internalPort }}",
305 "lb_policy":"ip_hash"
310 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
312 "port": "{{ .Values.service.internalPort }}",
314 "lb_policy":"ip_hash"
319 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
321 "port": "{{ .Values.service.internalPort }}",
323 "lb_policy":"ip_hash"
328 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
330 "port": "{{ .Values.service.internalPort }}",
332 "lb_policy":"ip_hash"
337 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
339 "port": "{{ .Values.service.internalPort }}",
341 "lb_policy":"ip_hash"
346 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
348 "port": "{{ .Values.service.internalPort }}",
350 "lb_policy":"ip_hash"
355 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
357 "port": "{{ .Values.service.internalPort }}",
359 "lb_policy":"ip_hash"
364 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
366 "port": "{{ .Values.service.internalPort }}",
368 "lb_policy":"ip_hash"
373 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
375 "port": "{{ .Values.service.internalPort }}",
377 "lb_policy":"ip_hash"
382 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
384 "port": "{{ .Values.service.internalPort }}",
386 "lb_policy":"ip_hash"
391 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
393 "port": "{{ .Values.service.internalPort }}",
395 "lb_policy":"ip_hash"
400 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
402 "port": "{{ .Values.service.internalPort }}",
404 "lb_policy":"ip_hash"
409 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
411 "port": "{{ .Values.service.internalPort }}",
413 "lb_policy":"ip_hash"
418 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
420 "port": "{{ .Values.service.internalPort }}",
422 "lb_policy":"ip_hash"
427 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
429 "port": "{{ .Values.service.internalPort }}",
431 "lb_policy":"ip_hash"
436 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
438 "port": "{{ .Values.service.internalPort }}",
440 "lb_policy":"ip_hash"
445 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
447 "port": "{{ .Values.service.internalPort }}",
449 "lb_policy":"ip_hash"
454 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
456 "port": "{{ .Values.service.internalPort }}",
458 "lb_policy":"ip_hash"
463 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
465 "port": "{{ .Values.service.internalPort }}",
467 "lb_policy":"ip_hash"
472 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
474 "port": "{{ .Values.service.internalPort }}",
476 "lb_policy":"ip_hash"
481 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
483 "port": "{{ .Values.service.internalPort }}",
485 "lb_policy":"ip_hash"
490 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
492 "port": "{{ .Values.service.internalPort }}",
494 "lb_policy":"ip_hash"
499 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
501 "port": "{{ .Values.service.internalPort }}",
503 "lb_policy":"ip_hash"
508 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
510 "port": "{{ .Values.service.internalPort }}",
512 "lb_policy":"ip_hash"
517 "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
519 "port": "{{ .Values.service.internalPort }}",
521 "lb_policy":"ip_hash"
526 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
528 "port": "{{ .Values.service.internalPort }}",
530 "lb_policy":"ip_hash"
535 "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
537 "port": "{{ .Values.service.internalPort }}",
539 "lb_policy":"ip_hash"
548 ################################################################
550 #################################################################
552 containerPort: *containerPort
554 # Resource Limit flavor -By Default using small
556 # Segregation for Different environment (Small and Large)
577 # application configuration
579 logstashServiceName: log-ls
581 # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
582 openStackKeystoneVersion: "KEYSTONE"
584 #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
585 #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
586 # --set so.global.mariadbGalera.localCluster=true \
587 # --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
588 # --set so.global.mariadbGalera.serviceName=so-mariadb-galera
589 mariadb-galera: &mariadbGalera
591 externalSecret: *dbRootPassSecretName
592 nameOverride: &so-mariadb so-mariadb-galera
596 portName: *so-mariadb
602 mountSubPath: so/mariadb-galera/data
605 nameOverride: *so-mariadb
616 authorizedPrincipals:
617 - serviceAccount: consul-read
618 - serviceAccount: consul-server-read
619 - serviceAccount: nbi-read
620 - serviceAccount: policy-drools-pdp-read
621 - serviceAccount: so-bpmn-infra-read
622 - serviceAccount: robot-read
623 - serviceAccount: istio-ingress
624 namespace: istio-ingress
629 auth: Basic YnBlbDpwYXNzd29yZDEk
630 camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
631 msoKey: 07a7159d3bf51a0e53be7a8f89699be7
634 auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
636 auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
643 auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
645 auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
652 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
654 so-catalog-db-adapter:
668 aaiCredsExternalSecret: *aai-secrets
669 actuatorCredsExternalSecret: *actuator-secrets
671 msoKeySecret: *mso-key
691 rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
692 #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
693 rootPasswordExternalSecret: '{{ ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
694 backupCredsExternalSecret: *dbBackupCredsSecretName
695 userCredsExternalSecret: *dbUserCredsSecretName
696 adminCredsExternalSecret: *dbAdminCredsSecretName
708 actuatorCredsExternalSecret: *actuator-secrets
709 bpelCredsExternalSecret: *bpel-secrets
722 msoKeySecret: *mso-key
723 camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
725 authSecret: *mso-oof-auth
726 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
728 so-openstack-adapter:
734 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
736 so-request-db-adapter:
747 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
756 msoKeySecret: *mso-key
757 logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
762 so-etsi-sol005-adapter:
769 so-etsi-sol003-adapter:
772 #Pods Service Account