[AAI] Kyverno - disallow-host-path policy
[oom.git] / kubernetes / so / values.yaml
1 # Copyright © 2018 AT&T USA
2 # Copyright © 2020 Huawei
3 # Copyright © 2021 Orange
4 # Modifications Copyright © 2023 Nordix Foundation
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 #       http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #################################################################
17 # Global configuration defaults.
18 #################################################################
19 global:
20   nodePortPrefix: 302
21   nodePortPrefixExt: 304
22   centralizedLoggingEnabled: true
23   mariadbGalera:
24     # flag to enable the DB creation via mariadb-operator
25     useOperator: true
26     nameOverride: mariadb-galera
27     servicePort: '3306'
28     service: mariadb-galera
29     internalPort: '3306'
30     # This flag allows SO to instantiate its own mariadb-galera cluster,
31     # serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
32     localCluster: false
33     # (optional) if localCluster=false and an external secret is used set this variable
34     #userRootSecret: <secretName>
35   persistence:
36     mountPath: /dockerdata-nfs
37   #This configuration specifies Service and port for SDNC OAM interface
38   sdncOamService: sdnc-oam
39   sdncOamPort: 8282
40   #This configuration will run the migration. The configurations are for backing up the data
41   #from DB and then restoring it to the present versions preferred DB.
42   migration:
43     enabled: false
44     dbHost: mariadb-galera
45     dbPort: 3306
46     dbUser: root
47     dbPassword: secretpassword
48     # dbCredsExternalSecret: some secret
49   msbEnabled: true
50   app:
51     siteName: onapheat
52     auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
53     defaultCloudOwner: onap
55 readinessCheck:
56   wait_for:
57     jobs:
58       - '{{ include "common.release" . }}-so-mariadb-config-job'
60 #################################################################
61 # Secrets metaconfig
62 #################################################################
63 secrets:
64   - uid: db-root-pass
65     name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
66     type: password
67     # If we're using shared mariadb, we need to use the secret name (second
68     # part).
69     # If not, we do the same trick than for user db secret hat allows you
70     # override this secret using external one with the same field that is used
71     # to pass this to subchart.
72     externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
73       ternary (( hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
74                ternary
75                   ""
76                   (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
77                )
78                ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
79                  ternary
80                    .Values.global.mariadbGalera.userRootSecret
81                    (include "common.mariadb.secret.rootPassSecretName"
82                      (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
83                    )
84                ) }}'
85     password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
86   - uid: db-backup-creds
87     name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
88     type: basicAuth
89     externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
90     login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
91     password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
92     passwordPolicy: required
93     annotations:
94       helm.sh/hook: pre-upgrade,pre-install
95       helm.sh/hook-weight: '0'
96       helm.sh/hook-delete-policy: before-hook-creation
97   - uid: db-user-creds
98     name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
99     type: basicAuth
100     externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
101     login: '{{ .Values.dbCreds.userName }}'
102     password: '{{ .Values.dbCreds.userPassword }}'
103     passwordPolicy: generate
104   - uid: db-admin-creds
105     name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
106     type: basicAuth
107     externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
108     login: '{{ .Values.dbCreds.adminName }}'
109     password: '{{ .Values.dbCreds.adminPassword }}'
110     passwordPolicy: generate
111   - uid: 'mso-key'
112     name: &mso-key '{{ include "common.release" . }}-mso-key'
113     type: password
114     password: '{{ .Values.mso.msoKey }}'
115   - uid: mso-oof-auth
116     name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
117     type: basicAuth
118     login: '{{ .Values.mso.oof.login }}'
119     password: '{{ .Values.mso.oof.password }}'
120     passwordPolicy: required
121   - uid: server-actuator-creds
122     name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
123     type: basicAuth
124     externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
125     login: '{{ .Values.server.actuator.username }}'
126     password: '{{ .Values.server.actuator.password }}'
127     passwordPolicy: required
128   - uid: server-bpel-creds
129     name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
130     type: basicAuth
131     externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
132     login: '{{ .Values.server.bpel.username }}'
133     password: '{{ .Values.server.bpel.password }}'
134     passwordPolicy: required
135   - uid: so-aai-creds
136     name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
137     type: basicAuth
138     externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
139     login: '{{ .Values.server.aai.username }}'
140     password: '{{ .Values.server.aai.password }}'
141     passwordPolicy: required
143 ##################################################################
144 # Application configuration defaults.
145 #################################################################
147 dbSecrets: &dbSecrets
148   userCredsExternalSecret: *dbUserCredsSecretName
149   adminCredsExternalSecret: *dbAdminCredsSecretName
151 # unused in this, just to pass to subcharts
152 dbCreds:
153   userName: so_user
154   adminName: so_admin
156 image: onap/so/api-handler-infra:1.12.2
158 server:
159   aai:
160     username: aai@aai.onap.org
161     password: demo123456!
162   # aaiCredsExternalSecret: some secret
163   actuator:
164     username: mso_admin
165     password: password1$
166   # actuatorCredsExternalSecret: some secret
167   bpel:
168     username: bpel
169     password: password1$
170   # bpelCredsExternalSecret: some secret
172 pullPolicy: Always
173 replicaCount: 1
174 minReadySeconds: 10
175 containerPort: &containerPort 8080
176 logPath: ./logs/apih/
177 app: api-handler-infra
178 service:
179   type: NodePort
180   internalPort: *containerPort
181   ports:
182     - name: http
183       port: *containerPort
184       nodePort: '77'
185   annotations:
186     msb.onap.org/service-info: |
187       {{ if .Values.global.msbEnabled -}}[
188         {
189           "serviceName": "so",
190           "version": "v1",
191           "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
192           "protocol": "REST",
193           "port": "{{ .Values.service.internalPort }}",
194           "visualRange":"0",
195           "lb_policy":"ip_hash"
196         },
197         {
198           "serviceName": "so",
199           "version": "v1",
200           "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
201           "protocol": "REST",
202           "port": "{{ .Values.service.internalPort }}",
203           "visualRange":"0",
204           "lb_policy":"ip_hash"
205         },
206         {
207           "serviceName": "so",
208           "version": "v1",
209           "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
210           "protocol": "REST",
211           "port": "{{ .Values.service.internalPort }}",
212           "visualRange":"0",
213           "lb_policy":"ip_hash"
214         },
215         {
216           "serviceName": "so",
217           "version": "v1",
218           "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
219           "protocol": "REST",
220           "port": "{{ .Values.service.internalPort }}",
221           "visualRange":"0",
222           "lb_policy":"ip_hash"
223         },
224         {
225           "serviceName": "so",
226           "version": "v1",
227           "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
228           "protocol": "REST",
229           "port": "{{ .Values.service.internalPort }}",
230           "visualRange":"0",
231           "lb_policy":"ip_hash"
232         },
233         {
234           "serviceName": "so",
235           "version": "v1",
236           "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
237           "protocol": "REST",
238           "port": "{{ .Values.service.internalPort }}",
239           "visualRange":"0",
240           "lb_policy":"ip_hash"
241         },
242         {
243           "serviceName": "so",
244           "version": "v1",
245           "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
246           "protocol": "REST",
247           "port": "{{ .Values.service.internalPort }}",
248           "visualRange":"0",
249           "lb_policy":"ip_hash"
250         },
251         {
252           "serviceName": "so",
253           "version": "v1",
254           "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
255           "protocol": "REST",
256           "port": "{{ .Values.service.internalPort }}",
257           "visualRange":"0",
258           "lb_policy":"ip_hash"
259         },
260         {
261           "serviceName": "so",
262           "version": "v1",
263           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
264           "protocol": "REST",
265           "port": "{{ .Values.service.internalPort }}",
266           "visualRange":"0",
267           "lb_policy":"ip_hash"
268         },
269         {
270           "serviceName": "so",
271           "version": "v1",
272           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
273           "protocol": "REST",
274           "port": "{{ .Values.service.internalPort }}",
275           "visualRange":"0",
276           "lb_policy":"ip_hash"
277         },
278         {
279           "serviceName": "so",
280           "version": "v1",
281           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
282           "protocol": "REST",
283           "port": "{{ .Values.service.internalPort }}",
284           "visualRange":"0",
285           "lb_policy":"ip_hash"
286         },
287         {
288           "serviceName": "so",
289           "version": "v1",
290           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
291           "protocol": "REST",
292           "port": "{{ .Values.service.internalPort }}",
293           "visualRange":"0",
294           "lb_policy":"ip_hash"
295         },
296         {
297           "serviceName": "so",
298           "version": "v1",
299           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
300           "protocol": "REST",
301           "port": "{{ .Values.service.internalPort }}",
302           "visualRange":"0",
303           "lb_policy":"ip_hash"
304         },
305         {
306           "serviceName": "so",
307           "version": "v1",
308           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
309           "protocol": "REST",
310           "port": "{{ .Values.service.internalPort }}",
311           "visualRange":"0",
312           "lb_policy":"ip_hash"
313         },
314         {
315           "serviceName": "so",
316           "version": "v1",
317           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
318           "protocol": "REST",
319           "port": "{{ .Values.service.internalPort }}",
320           "visualRange":"0",
321           "lb_policy":"ip_hash"
322         },
323         {
324           "serviceName": "so",
325           "version": "v1",
326           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
327           "protocol": "REST",
328           "port": "{{ .Values.service.internalPort }}",
329           "visualRange":"0",
330           "lb_policy":"ip_hash"
331         },
332         {
333           "serviceName": "so",
334           "version": "v1",
335           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
336           "protocol": "REST",
337           "port": "{{ .Values.service.internalPort }}",
338           "visualRange":"0",
339           "lb_policy":"ip_hash"
340         },
341         {
342           "serviceName": "so",
343           "version": "v1",
344           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
345           "protocol": "REST",
346           "port": "{{ .Values.service.internalPort }}",
347           "visualRange":"0",
348           "lb_policy":"ip_hash"
349         },
350         {
351           "serviceName": "so",
352           "version": "v1",
353           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
354           "protocol": "REST",
355           "port": "{{ .Values.service.internalPort }}",
356           "visualRange":"0",
357           "lb_policy":"ip_hash"
358         },
359         {
360           "serviceName": "so",
361           "version": "v1",
362           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
363           "protocol": "REST",
364           "port": "{{ .Values.service.internalPort }}",
365           "visualRange":"0",
366           "lb_policy":"ip_hash"
367         },
368         {
369           "serviceName": "so",
370           "version": "v1",
371           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
372           "protocol": "REST",
373           "port": "{{ .Values.service.internalPort }}",
374           "visualRange":"0",
375           "lb_policy":"ip_hash"
376         },
377         {
378           "serviceName": "so",
379           "version": "v1",
380           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
381           "protocol": "REST",
382           "port": "{{ .Values.service.internalPort }}",
383           "visualRange":"0",
384           "lb_policy":"ip_hash"
385         },
386         {
387           "serviceName": "so",
388           "version": "v1",
389           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
390           "protocol": "REST",
391           "port": "{{ .Values.service.internalPort }}",
392           "visualRange":"0",
393           "lb_policy":"ip_hash"
394         },
395         {
396           "serviceName": "so",
397           "version": "v1",
398           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
399           "protocol": "REST",
400           "port": "{{ .Values.service.internalPort }}",
401           "visualRange":"0",
402           "lb_policy":"ip_hash"
403         },
404         {
405           "serviceName": "so",
406           "version": "v1",
407           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
408           "protocol": "REST",
409           "port": "{{ .Values.service.internalPort }}",
410           "visualRange":"0",
411           "lb_policy":"ip_hash"
412         },
413         {
414           "serviceName": "so",
415           "version": "v1",
416           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
417           "protocol": "REST",
418           "port": "{{ .Values.service.internalPort }}",
419           "visualRange":"0",
420           "lb_policy":"ip_hash"
421         },
422         {
423           "serviceName": "so",
424           "version": "v1",
425           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
426           "protocol": "REST",
427           "port": "{{ .Values.service.internalPort }}",
428           "visualRange":"0",
429           "lb_policy":"ip_hash"
430         },
431         {
432           "serviceName": "so",
433           "version": "v1",
434           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
435           "protocol": "REST",
436           "port": "{{ .Values.service.internalPort }}",
437           "visualRange":"0",
438           "lb_policy":"ip_hash"
439         },
440         {
441           "serviceName": "so",
442           "version": "v1",
443           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
444           "protocol": "REST",
445           "port": "{{ .Values.service.internalPort }}",
446           "visualRange":"0",
447           "lb_policy":"ip_hash"
448         },
449         {
450           "serviceName": "so",
451           "version": "v1",
452           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
453           "protocol": "REST",
454           "port": "{{ .Values.service.internalPort }}",
455           "visualRange":"0",
456           "lb_policy":"ip_hash"
457         },
458         {
459           "serviceName": "so",
460           "version": "v1",
461           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
462           "protocol": "REST",
463           "port": "{{ .Values.service.internalPort }}",
464           "visualRange":"0",
465           "lb_policy":"ip_hash"
466         },
467         {
468           "serviceName": "so",
469           "version": "v1",
470           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
471           "protocol": "REST",
472           "port": "{{ .Values.service.internalPort }}",
473           "visualRange":"0",
474           "lb_policy":"ip_hash"
475         },
476         {
477           "serviceName": "so",
478           "version": "v1",
479           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
480           "protocol": "REST",
481           "port": "{{ .Values.service.internalPort }}",
482           "visualRange":"0",
483           "lb_policy":"ip_hash"
484         },
485         {
486           "serviceName": "so",
487           "version": "v1",
488           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
489           "protocol": "REST",
490           "port": "{{ .Values.service.internalPort }}",
491           "visualRange":"0",
492           "lb_policy":"ip_hash"
493         },
494         {
495           "serviceName": "so",
496           "version": "v1",
497           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
498           "protocol": "REST",
499           "port": "{{ .Values.service.internalPort }}",
500           "visualRange":"0",
501           "lb_policy":"ip_hash"
502         },
503         {
504           "serviceName": "so",
505           "version": "v1",
506           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
507           "protocol": "REST",
508           "port": "{{ .Values.service.internalPort }}",
509           "visualRange":"0",
510           "lb_policy":"ip_hash"
511         },
512         {
513           "serviceName": "so",
514           "version": "v1",
515           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
516           "protocol": "REST",
517           "port": "{{ .Values.service.internalPort }}",
518           "visualRange":"0",
519           "lb_policy":"ip_hash"
520         },
521         {
522           "serviceName": "so",
523           "version": "v1",
524           "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
525           "protocol": "REST",
526           "port": "{{ .Values.service.internalPort }}",
527           "visualRange":"0",
528           "lb_policy":"ip_hash"
529         },
530         {
531           "serviceName": "so",
532           "version": "v1",
533           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
534           "protocol": "REST",
535           "port": "{{ .Values.service.internalPort }}",
536           "visualRange":"0",
537           "lb_policy":"ip_hash"
538         },
539         {
540           "serviceName": "so",
541           "version": "v1",
542           "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
543           "protocol": "REST",
544           "port": "{{ .Values.service.internalPort }}",
545           "visualRange":"0",
546           "lb_policy":"ip_hash"
547         }
548       ]{{ end }}
550 updateStrategy:
551   type: RollingUpdate
552   maxUnavailable: 1
553   maxSurge: 1
555 ################################################################
556 # soHelpers part
557 #################################################################
558 soHelpers:
559   containerPort: *containerPort
561 # Resource Limit flavor -By Default using small
562 flavor: small
563 # Segregation for Different environment (Small and Large)
564 resources:
565   small:
566     limits:
567       cpu: "1"
568       memory: "4Gi"
569     requests:
570       cpu: "0.5"
571       memory: "1Gi"
572   large:
573     limits:
574       cpu: "2"
575       memory: "8Gi"
576     requests:
577       cpu: "1"
578       memory: "2Gi"
579   unlimited: {}
581 nodeSelector: {}
582 affinity: {}
584 # application configuration
585 config:
586   logstashServiceName: log-ls
587   logstashPort: 5044
588   # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
589   openStackKeystoneVersion: "KEYSTONE"
591 #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
592 #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
593 #                                                       --set so.global.mariadbGalera.localCluster=true \
594 #                                                       --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
595 #                                                       --set so.global.mariadbGalera.serviceName=so-mariadb-galera
596 mariadb-galera: &mariadbGalera
597   rootUser:
598     externalSecret: *dbRootPassSecretName
599   nameOverride: &so-mariadb so-mariadb-galera
600   replicaCount: 1
601   service:
602     name: *so-mariadb
603     portName: *so-mariadb
604     internalPort: 3306
605   mariadbOperator:
606     galera:
607       enabled: false
608   persistence:
609     mountSubPath: so/mariadb-galera/data
610     enabled: true
611   serviceAccount:
612     nameOverride: *so-mariadb
614 ingress:
615   enabled: false
616   service:
617     - baseaddr: 'so-api'
618       name: 'so'
619       port: 8080
621 serviceMesh:
622   authorizationPolicy:
623     authorizedPrincipals:
624       - serviceAccount: consul-read
625       - serviceAccount: consul-server-read
626       - serviceAccount: nbi-read
627       - serviceAccount: policy-drools-pdp-read
628       - serviceAccount: so-bpmn-infra-read
629       - serviceAccount: robot-read
630       - serviceAccount: istio-ingress
631         namespace: istio-ingress
633 mso:
634   adapters:
635     requestDb:
636       auth: Basic YnBlbDpwYXNzd29yZDEk
637   camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
638   msoKey: 07a7159d3bf51a0e53be7a8f89699be7
639   sdc:
640     client:
641       auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
642   aai:
643     auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
644   oof:
645     login: test
646     password: testpwd
647   so:
648     operationalEnv:
649       dmaap:
650         auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
651   health:
652     auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
654 so-bpmn-infra:
655   mariadb-galera:
656     <<: *mariadbGalera
657   db:
658     <<: *dbSecrets
659   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
661 so-catalog-db-adapter:
662   enabled: true
663   mariadb-galera:
664     <<: *mariadbGalera
665   db:
666     <<: *dbSecrets
668 so-cnf-adapter:
669   enabled: true
670   mariadb-galera:
671     <<: *mariadbGalera
672   db:
673     <<: *dbSecrets
674   server:
675     aaiCredsExternalSecret: *aai-secrets
676     actuatorCredsExternalSecret: *actuator-secrets
677   mso:
678     msoKeySecret: *mso-key
680 so-cnfm-lcm:
681   enabled: true
682   mariadb-galera:
683     <<: *mariadbGalera
684   db:
685     <<: *dbSecrets
687 so-etsi-nfvo-ns-lcm:
688   enabled: true
689   mariadb-galera:
690     <<: *mariadbGalera
691   db:
692     <<: *dbSecrets
694 so-mariadb:
695   mariadb-galera:
696     <<: *mariadbGalera
697   db:
698     rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
699     #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
700     rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
701       ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .)
702                ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
703                  ternary
704                    .Values.global.mariadbGalera.userRootSecret
705                    (include "common.mariadb.secret.rootPassSecretName"
706                      (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
707                    )
708                ) }}'
709     backupCredsExternalSecret: *dbBackupCredsSecretName
710     userCredsExternalSecret: *dbUserCredsSecretName
711     adminCredsExternalSecret: *dbAdminCredsSecretName
713 so-admin-cockpit:
714   enabled: true
715   mariadb-galera:
716     <<: *mariadbGalera
717   db:
718     <<: *dbSecrets
720 so-nssmf-adapter:
721   enabled: true
722   server:
723     actuatorCredsExternalSecret: *actuator-secrets
724     bpelCredsExternalSecret: *bpel-secrets
725   mariadb-galera:
726     <<: *mariadbGalera
727   db:
728     <<: *dbSecrets
730 so-oof-adapter:
731   enabled: true
732   mariadb-galera:
733     <<: *mariadbGalera
734   db:
735     <<: *dbSecrets
736   mso:
737     msoKeySecret: *mso-key
738     camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
739     oof:
740       authSecret: *mso-oof-auth
741   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
743 so-openstack-adapter:
744   enabled: true
745   mariadb-galera:
746     <<: *mariadbGalera
747   db:
748     <<: *dbSecrets
749   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
751 so-request-db-adapter:
752   mariadb-galera:
753     <<: *mariadbGalera
754   db:
755     <<: *dbSecrets
757 so-sdc-controller:
758   mariadb-galera:
759     <<: *mariadbGalera
760   db:
761     <<: *dbSecrets
762   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
764 so-sdnc-adapter:
765   enabled: true
766   mariadb-galera:
767     <<: *mariadbGalera
768   db:
769     <<: *dbSecrets
770   mso:
771     msoKeySecret: *mso-key
772   logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
774 so-ve-vnfm-adapter:
775   enabled: false
777 so-etsi-sol005-adapter:
778   enabled: true
779   mariadb-galera:
780     <<: *mariadbGalera
781   db:
782     <<: *dbSecrets
784 so-etsi-sol003-adapter:
785   enabled: true
787 #Pods Service Account
788 serviceAccount:
789   nameOverride: so
790   roles:
791     - read
793 #Log configuration
794 log:
795   path: /var/log/onap