# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
addTestingComponents: &testing false
# ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
+ # Four different repositories are used
+ # You can change individually these repositories to ones that will serve the
+ # right images. If credentials are needed for one of them, see below.
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: &dockerHubRepository docker.io
+ elasticRepository: &elasticRepository docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+ githubContainerRegistry: ghcr.io
+
+ #/!\ DEPRECATED /!\
+ # Legacy repositories which will be removed at the end of migration.
+ # Please don't use
+ loggingRepository: *elasticRepository
+ busyboxRepository: *dockerHubRepository
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
repositoryCred:
user: docker
password: docker
- dockerHubRepository: docker.io
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # so id you've set repository to value `my.private.repo` and same for
+ # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+ # dockerHubCred.
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+
+ # common global images
+ # Busybox for simple shell manipulation
+ busyboxImage: busybox:1.32
# curl image
- curlImage: curlimages/curl:7.69.1
+ curlImage: curlimages/curl:7.80.0
+
+ # env substitution image
+ envsubstImage: dibi/envsubst:1
+
+ # generate htpasswd files image
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+
+ # kubenretes client image
+ kubectlImage: bitnami/kubectl:1.19
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
+ # logging agent
+ loggingImage: beats/filebeat:5.5.0
- # dockerHub main repository
- dockerHubRepository: docker.io
+ # mariadb client image
+ mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28
- # busybox repo and image
- busyboxRepository: docker.io
- busyboxImage: busybox:1.30
+ # nginx server image
+ nginxImage: bitnami/nginx:1.18-debian-10
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
+ # postgreSQL client and server image
+ postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
+
+ # readiness check image
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
+ # default java image
+ jreImage: onap/integration-java11:10.0.0
+
# default clusterName
# {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
clusterName: cluster.local
# to the desired value
# logLevel: DEBUG
- #Global ingress configuration
+ # Global ingress configuration
ingress:
enabled: false
virtualhost:
- enabled: true
baseurl: "simpledemo.onap.org"
# Global Service Mesh configuration
serviceMesh:
enabled: false
tls: true
+ # be aware that linkerd is not well tested
+ engine: "istio" # valid value: istio or linkerd
+
+ # metrics part
+ # If enabled, exporters (for prometheus) will be deployed
+ # if custom resources set to yes, CRD from prometheus operartor will be
+ # created
+ # Not all components have it enabled.
+ #
+ metrics:
+ enabled: true
+ custom_resources: false
# Disabling AAF
# POC Mode, only for use in development environment
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ # Disabling MSB
+ # POC Mode, only for use in development environment
+ msbEnabled: true
+
+ # default values for certificates
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+
# Enabling CMPv2
cmpv2Enabled: true
platform:
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- # Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
- outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
+ certificates:
+ clientSecretName: oom-cert-service-client-tls-secret
+ keystoreKeyRef: keystore.jks
+ truststoreKeyRef: truststore.jks
+ keystorePasswordSecretName: oom-cert-service-certificates-password
+ keystorePasswordSecretKey: password
+ truststorePasswordSecretName: oom-cert-service-certificates-password
+ truststorePasswordSecretKey: password
+
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# addTestingComponents
contrib:
enabled: *testing
+cps:
+ enabled: false
dcaegen2:
enabled: false
+dcaegen2-services:
+ enabled: false
dcaemod:
enabled: false
-dmaap:
+holmes:
enabled: false
-esr:
+dmaap:
enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
# server:
# monitoring:
# password: demo123456!
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
uui:
enabled: false
vfc:
cert-wrapper:
enabled: true
+repository-wrapper:
+ enabled: true
+roles-wrapper:
+ enabled: true