# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
mariadb:
+ localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
name3: tcp-pgset-replica
container:
name: postgres
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+ # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
+ useStrimziKafkaPf: false
kafkaBootstrap: strimzi-kafka-bootstrap
policyKafkaUser: policy-kafka-user
+ kafkaTopics:
+ acRuntimeTopic:
+ name: policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
policy-distribution:
enabled: true
db: *dbSecretsHook
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-clamp-be:
- enabled: true
- db: *dbSecretsHook
- config:
- appUserExternalSecret: *policyAppCredsSecret
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-k8s-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-http-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-nexus:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-a1pms-ppnt:
+ enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
+policy-nexus:
+ enabled: false
+ config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
- enabled: true
+ enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
# DB configuration defaults.
#################################################################
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
- image: mariadb:10.5.8
-
dbmigrator:
- image: onap/policy-db-migrator:2.4.3
+ image: onap/policy-db-migrator:3.0.2
schema: policyadmin
policy_home: "/opt/app/policy"
config:
policyAppUserName: runtimeUser
useStrimziKafka: true
- acRuntimeTopic:
- name: policy-acruntime-participant
- partitions: 10
- retentionMs: 7200000
- segmentBytes: 1073741824
- consumer:
- groupId: policy-group
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ someConfig: blah
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
- user: policy_user
+ user: policy-user
# password:
externalSecret: *dbSecretName
name: &mysqlDbName policyadmin
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
persistence:
enabled: true
mountSubPath: policy/maria/data
mountSubPath: policy/postgres/data
mountInitPath: policy
config:
- pgUserName: policy_user
+ pgUserName: policy-user
pgDatabase: policyadmin
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
wait_for:
Code Review / oom.git / blobdiff