# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
- #This configuration specifies Service and port for SDNC OAM interface
+ # This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ # This concerns CDS/AAI communication through HTTP when TLS is not being needed
+ # Port value should match the one in aai/values.yml : service.externalPlainPort
+ aaiData:
+ ExternalPlainPort: 80 # when TLS is not needed
+ ServiceName: aai # domain
+ # http://aai:80 or https://aai:443
+
+ #AAF is enabled by default
+ #aafEnabled: true
+
+ #enable importCustomCerts to add custom CA to blueprint processor pod
+ #importCustomCertsEnabled: true
+
+ #use below configmap to add custom CA certificates
+ #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod
+ #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod
+ #customCertsConfigMap: onap-cds-blueprints-processor-configmap
+
#################################################################
# Secrets metaconfig
#################################################################
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
+ - uid: cds-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: password
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+ - uid: cps-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}'
+ login: '{{ .Values.config.cps.cpsUsername }}'
+ password: '{{ .Values.config.cps.cpsPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-blueprints-processor-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ #enable below if we need custom CA to be added to blueprint processor pod
+ #importCustomCertsEnabled: true
+ #truststoreMountpath: /opt/onap/cds
+ #truststoreOutputFileName: truststoreONAPall.jks
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.1.4
+image: onap/ccsdk-blueprintsprocessor:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
dbService: mariadb-galera
dbPort: 3306
dbName: sdnctl
- #dbRootPass: Custom root password
+ # dbRootPass: Custom root password
dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
+ someConfig: blah
+ cps:
+ cpsUsername: ''
+ cpsPassword: ''
+ cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds'
# default number of instances
replicaCount: 1
affinity: {}
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
+# If useStrimziKafka is true, the following also applies:
+# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
+# The connection type must be kafka-scram-plain-text-auth
+# The bootstrapServers will target the strimzi kafka cluster by default
+useStrimziKafka: false
+cdsKafkaUser: cds-kafka-user
+kafkaRequestConsumer:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ groupId: cds-consumer
+ topic: cds.blueprint-processor.self-service-api.request
+ clientId: request-receiver-client-id
+ pollMillSec: 1000
+kafkaRequestProducer:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.response
+ enableIdempotence: false
+kafkaAuditRequest:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.request
+ enableIdempotence: false
+kafkaAuditResponse:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-response-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.response
+ enableIdempotence: false
# probe configuration parameters
startup:
periodSeconds: 10
liveness:
- initialDelaySeconds: 0
+ initialDelaySeconds: 1
periodSeconds: 20
- timeoutSeconds: 20
+ timeoutSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: true
+ enabled: false
readiness:
initialDelaySeconds: 120
service:
http:
type: ClusterIP
- portName: blueprints-processor-http
+ portName: http
internalPort: 8080
externalPort: 8080
grpc:
type: ClusterIP
- portName: blueprints-processor-grpc
+ portName: grpc
internalPort: 9111
externalPort: 9111
cluster:
type: ClusterIP
- portName: blueprints-processor-cluster
+ portName: tcp-cluster
internalPort: 5701
externalPort: 5701
- baseaddr: "blueprintsprocessorhttp"
name: "cds-blueprints-processor-http"
port: 8080
- config:
- ssl: "none"
+ config:
+ ssl: "none"
logback:
rootLogLevel: INFO
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-blueprints-processor
+ roles:
+ - read
+
+# workflow store flag
+workflow:
+ storeEnabled: false