# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ prometheusEnabled: false
#################################################################
# Secrets metaconfig
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
+ - uid: policy-pap-user-creds
+ name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyPapUserName }}'
+ password: '{{ .Values.restServer.policyPapUserPassword }}'
+ passwordPolicy: required
+ - uid: policy-api-user-creds
+ name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyApiUserName }}'
+ password: '{{ .Values.restServer.policyApiUserPassword }}'
+ passwordPolicy: required
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
policy-api:
enabled: true
db: *dbSecretsHook
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
policy-pap:
enabled: true
db: *dbSecretsHook
+ restServer:
+ papUserExternalSecret: *policyPapCredsSecret
+ apiUserExternalSecret: *policyApiCredsSecret
policy-xacml-pdp:
enabled: true
db: *dbSecretsHook
policy-clamp-be:
enabled: true
db: *dbSecretsHook
-policy-clamp-fe:
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+policy-clamp-ac-k8s-ppnt:
+ enabled: true
+policy-clamp-ac-pf-ppnt:
enabled: true
-policy-clamp-cl-k8s-ppnt:
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ papUserExternalSecret: *policyPapCredsSecret
+policy-clamp-ac-http-ppnt:
enabled: true
policy-nexus:
enabled: false
+policy-clamp-runtime-acm:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-gui:
enabled: true
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.3.0
+ image: onap/policy-db-migrator:2.4.1
schema: policyadmin
policy_home: "/opt/app/policy"
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
serviceAccount:
nameOverride: *policy-mariadb
+restServer:
+ policyPapUserName: policyadmin
+ policyPapUserPassword: zb!XztG34
+ policyApiUserName: policyadmin
+ policyApiUserPassword: zb!XztG34
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
flavor: small