# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2025 Nordix Foundation.
+# Modifications Copyright © 2024-2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
- mariadb:
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
- config: &mariadbConfig
- mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
-
+ prometheusEnabled: true
+ postgres:
+ localCluster: true
+ # flag to enable the DB creation via pgo-operator
+ useOperator: false
+ service:
+ name: &postgresName policy-postgres
+ name2: &postgresName2 policy-pg-primary
+ name3: &postgresName3 policy-pg-replica
+ port: &postgresPort 5432
+ nameOverride: *postgresName
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
+ policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
+ kafkaTopics:
+ acRuntimeOperationTopic:
+ name: policy-acruntime-participant
+ acRuntimeSyncTopic:
+ name: acm-ppnt-sync
#################################################################
# Secrets metaconfig
#################################################################
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
- password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+ externalSecret: '{{ .Values.global.postgres.localCluster | ternary
+ ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .)
+ )
+ ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary
+ .Values.global.postgres.userRootSecret
+ (include "common.postgres.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.postgres.nameOverride)
+ )
+ )
+ }}'
+ password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}'
policy: generate
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "db" "user" }}'
- password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .)
+ }}'
+ login: '{{ (index .Values "postgres" "config" "pgUserName") }}'
+ password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}'
passwordPolicy: generate
- uid: policy-app-user-creds
name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
db: *dbSecretsHook
restServer:
apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-pap:
enabled: true
db: *dbSecretsHook
restServer:
papUserExternalSecret: *policyPapCredsSecret
apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-xacml-pdp:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-apex-pdp:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
enabled: true
db: *dbSecretsHook
-policy-distribution:
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-opa-pdp:
enabled: true
- db: *dbSecretsHook
-policy-clamp-be:
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-distribution:
enabled: true
db: *dbSecretsHook
- config:
- appUserExternalSecret: *policyAppCredsSecret
-policy-clamp-cl-k8s-ppnt:
+policy-clamp-ac-k8s-ppnt:
enabled: true
-policy-clamp-cl-pf-ppnt:
+policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
-policy-clamp-cl-http-ppnt:
+policy-clamp-ac-http-ppnt:
enabled: true
-policy-nexus:
- enabled: false
-policy-clamp-cl-runtime:
+policy-clamp-ac-a1pms-ppnt:
+ enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
+policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
-policy-gui:
- enabled: true
-
-#################################################################
-# DB configuration defaults.
-#################################################################
-
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
- image: mariadb:10.5.8
-
-dbmigrator:
- image: onap/policy-db-migrator:2.4.1
- schema: policyadmin
- policy_home: "/opt/app/policy"
+policy-nexus:
+ enabled: false
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
subChartsOnly:
enabled: true
# default number of instances
replicaCount: 1
-nodeSelector: {}
+nodeSelector: { }
-affinity: {}
+affinity: { }
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
-
config:
policyAppUserName: runtimeUser
+ policyPdpPapTopic:
+ name: policy-pdp-pap
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyHeartbeatTopic:
+ name: policy-heartbeat
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyNotificationTopic:
+ name: policy-notification
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ opaPdpDataTopic:
+ name: opa-pdp-data
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ someConfig: blah
-mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
- db:
- user: policy_user
- # password:
- externalSecret: *dbSecretName
- name: &mysqlDbName policyadmin
- rootUser:
- externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadb.service must be equals
- service: *mariadbService
- replicaCount: 1
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: *postgresName2
+ name3: *postgresName3
+ internalPort: *postgresPort
+ container:
+ name:
+ primary: *postgresName2
+ replica: *postgresName3
persistence:
- enabled: true
- mountSubPath: policy/maria/data
- serviceAccount:
- nameOverride: *policy-mariadb
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ size: 3Gi
+ config:
+ pgUserName: policy-user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
restServer:
policyPapUserName: policyadmin
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 200m
- memory: 2Gi
- unlimited: {}
+ cpu: "200m"
+ memory: "2Gi"
+ unlimited: { }
+
+securityContext:
+ user_id: 100
+ group_id: 65533
#Pods Service Account
serviceAccount:
Code Review / oom.git / blobdiff