# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- readinessImage: onap/oom/readiness:3.0.1
aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
config: &mariadbConfig
mysqlDatabase: policyadmin
service: &mariadbService
- name: policy-mariadb
- portName: mysql-policy
+ name: &policy-mariadb policy-mariadb
internalPort: 3306
+ prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ policyKafkaUser: policy-kafka-user
#################################################################
# Secrets metaconfig
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
- password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
policy: generate
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
+ - uid: policy-pap-user-creds
+ name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyPapUserName }}'
+ password: '{{ .Values.restServer.policyPapUserPassword }}'
+ passwordPolicy: required
+ - uid: policy-api-user-creds
+ name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
+ login: '{{ .Values.restServer.policyApiUserName }}'
+ password: '{{ .Values.restServer.policyApiUserPassword }}'
+ passwordPolicy: required
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
db: &dbSecretsHook
policy-api:
enabled: true
db: *dbSecretsHook
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-pap:
enabled: true
db: *dbSecretsHook
+ restServer:
+ papUserExternalSecret: *policyPapCredsSecret
+ apiUserExternalSecret: *policyApiCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-xacml-pdp:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-apex-pdp:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-distribution:
enabled: true
db: *dbSecretsHook
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-k8s-ppnt:
+ enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-pf-ppnt:
+ enabled: true
+ restServer:
+ apiUserExternalSecret: *policyApiCredsSecret
+ papUserExternalSecret: *policyPapCredsSecret
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-http-ppnt:
+ enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-nexus:
+ enabled: false
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-runtime-acm:
enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-gui:
+ enabled: false
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
#################################################################
# DB configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-mariadb_image: library/mariadb:10
pullPolicy: Always
+mariadb:
+ image: mariadb:10.5.8
+
+dbmigrator:
+ image: onap/policy-db-migrator:2.5.0
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
subChartsOnly:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+ useStrimziKafka: true
+ acRuntimeTopic:
+ name: policy-acruntime-participant
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyPdpPapTopic:
+ name: policy-pdp-pap
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyHeartbeatTopic:
+ name: policy-heartbeat
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyNotificationTopic:
+ name: policy-notification
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ someConfig: blah
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
- config:
- <<: *mariadbConfig
- userName: policy_user
- mariadbRootPasswordExternalSecret: *dbRootPassSecretName
- userCredentialsExternalSecret: *dbSecretName
- nameOverride: policy-mariadb
+ db:
+ user: policy_user
+ # password:
+ externalSecret: *dbSecretName
+ name: &mysqlDbName policyadmin
+ rootUser:
+ externalSecret: *dbRootPassSecretName
+ nameOverride: *policy-mariadb
# mariadb-galera.service and global.mariadb.service must be equals
service: *mariadbService
replicaCount: 1
persistence:
enabled: true
mountSubPath: policy/maria/data
- externalConfig: |-
- [mysqld]
- lower_case_table_names = 1
+ serviceAccount:
+ nameOverride: *policy-mariadb
+
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy_user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
+restServer:
+ policyPapUserName: policyadmin
+ policyPapUserPassword: zb!XztG34
+ policyApiUserName: policyadmin
+ policyApiUserPassword: zb!XztG34
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy
+ roles:
+ - read