# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuImage: ubuntu:16.04
- mariadb:
- nameOverride: policydb
- pdp:
- nameOverride: pdp
- pap:
- nameOverride: pap
- drools:
- nameOverride: drools
- brmwgw:
- nameOverride: brmsgw
- nexus:
- nameOverride: nexus
-
+ mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+ localCluster: true
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config: &mariadbConfig
+ mysqlDatabase: policyadmin
+ service: &mariadbService policy-mariadb
+ internalPort: 3306
+ nameOverride: *mariadbService
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+ prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
+ policyKafkaUser: policy-kafka-user
+ kafkaTopics:
+ acRuntimeTopic:
+ name: policy.clamp-runtime-acm
#################################################################
-# Application configuration defaults.
+# Secrets metaconfig
#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
-pullPolicy: Always
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
+ password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
+ - uid: policy-pap-user-creds
+ name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyPapUserName }}'
+ password: '{{ .Values.restServer.policyPapUserPassword }}'
+ passwordPolicy: required
+ - uid: policy-api-user-creds
+ name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyApiUserName }}'
+ password: '{{ .Values.restServer.policyApiUserPassword }}'
+ passwordPolicy: required
-subChartsOnly:
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
+policy-api:
+ enabled: true
+ db: *dbSecretsHook
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-pap:
+ enabled: true
+ db: *dbSecretsHook
+ restServer:
+ papUserExternalSecret: *policyPapCredsSecret
+ apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-xacml-pdp:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-apex-pdp:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-drools-pdp:
+ enabled: false
+ db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-distribution:
enabled: true
+ db: *dbSecretsHook
+policy-clamp-ac-k8s-ppnt:
+ enabled: true
+policy-clamp-ac-pf-ppnt:
+ enabled: true
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ papUserExternalSecret: *policyPapCredsSecret
+policy-clamp-ac-http-ppnt:
+ enabled: true
+policy-clamp-ac-a1pms-ppnt:
+ enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
+policy-clamp-runtime-acm:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+policy-nexus:
+ enabled: false
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-gui:
+ enabled: false
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-nameOverride: pap
+#################################################################
+# DB configuration defaults.
+#################################################################
-pdp:
- nameOverride: pdp
-mariadb:
- nameOverride: policydb
-drools:
- nameOverride: drools
-brmwgw:
- nameOverride: brmsgw
-nexus:
- nameOverride: nexus
+dbmigrator:
+ image: onap/policy-db-migrator:3.1.3
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
+subChartsOnly:
+ enabled: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- preloadPolicies: false
- pdpPort: 8081
-
# default number of instances
replicaCount: 1
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- name: pap
- portName: pap
- internalPort: 8443
- externalPort: 8443
- nodePort: 19
- internalPort2: 9091
- externalPort2: 9091
- nodePort2: 18
-
-ingress:
- enabled: false
+
+config:
+ policyAppUserName: runtimeUser
+ policyPdpPapTopic:
+ name: policy-pdp-pap
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyHeartbeatTopic:
+ name: policy-heartbeat
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyNotificationTopic:
+ name: policy-notification
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ someConfig: blah
+
+mariadb-galera:
+ # mariadb-galera.config and global.mariadbGalera.config must be equals
+ db:
+ user: policy-user
+ # password:
+ externalSecret: *dbSecretName
+ name: &mysqlDbName policyadmin
+ rootUser:
+ externalSecret: *dbRootPassSecretName
+ nameOverride: *mariadbService
+ # mariadb-galera.service and global.mariadbGalera.service must be equals
+ service:
+ name: *mariadbService
+ replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
+ persistence:
+ enabled: true
+ mountSubPath: policy/maria/data
+ serviceAccount:
+ nameOverride: *mariadbService
+
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy-user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
+
+readinessCheck:
+ wait_for_postgres:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+ wait_for_mariadb:
+ services:
+ - '{{ include "common.mariadbService" . }}'
+
+restServer:
+ policyPapUserName: policyadmin
+ policyPapUserPassword: zb!XztG34
+ policyApiUserName: policyadmin
+ policyApiUserPassword: zb!XztG34
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "200m"
+ memory: "2Gi"
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy
+ roles:
+ - read