# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# with '*mariadbConfig' pointer.
config: &mariadbConfig
mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
- nameOverride: *policy-mariadb
+ service: &mariadbService policy-mariadb
+ internalPort: 3306
+ nameOverride: *mariadbService
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
+ useInPolicy: true
prometheusEnabled: false
postgres:
localCluster: false
name3: tcp-pgset-replica
container:
name: postgres
- #Strimzi Kafka properties
- useStrimziKafka: true
- # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
- useStrimziKafkaPf: false
- kafkaBootstrap: strimzi-kafka-bootstrap
+ useInPolicy: false
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
-
#################################################################
# Secrets metaconfig
#################################################################
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary (
+ ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: true
+ enabled: false
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-gui:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
#################################################################
# DB configuration defaults.
#################################################################
dbmigrator:
- image: onap/policy-db-migrator:3.1.0
- schema: policyadmin
+ # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later.
+ image: onap/policy-db-migrator:3.1.3
+ # These schemas will be required with the new version of db-migrator
+ # schemas: "policyadmin clampacm pooling operationshistory"
+ schemas: "policyadmin"
policy_home: "/opt/app/policy"
subChartsOnly:
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
name: &mysqlDbName policyadmin
rootUser:
externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
+ nameOverride: *mariadbService
# mariadb-galera.service and global.mariadbGalera.service must be equals
- service: *mariadbService
+ service:
+ name: *mariadbService
replicaCount: 1
mariadbOperator:
galera:
enabled: true
mountSubPath: policy/maria/data
serviceAccount:
- nameOverride: *policy-mariadb
+ nameOverride: *mariadbService
postgresImage: library/postgres:latest
# application configuration override for postgres
pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
- wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
+ wait_for_postgres:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+ wait_for_mariadb:
+ services:
+ - '{{ include "common.mariadbService" . }}'
restServer:
policyPapUserName: policyadmin
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 65533
+
#Pods Service Account
serviceAccount:
nameOverride: policy
roles:
- - read
+ - read
\ No newline at end of file