mountPath: /dockerdata-nfs
centralizedLoggingEnabled: true
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
- service: mariadb-galera
+ service: &mariadbService mariadb-galera
internalPort: 3306
- nameOverride: mariadb-galera
+ nameOverride: &mariadbName mariadb-galera
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+
#################################################################
# Secrets metaconfig
# override this secret using external one with the same field that is used
# to pass this to subchart.
externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
- ternary
- ""
- (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
- (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" .
- "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ ternary (( hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: dmaap-proxy-creds
- name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
- type: basicAuth
- externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
- login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
- password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
- # For now this is left hardcoded but should be revisited in a future
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
type: basicAuth
login: '{{ .Values.config.sdnr.vesCollector.username }}'
password: '{{ .Values.config.sdnr.vesCollector.password }}'
+ - uid: sdnrdb-secret
+ name: &sdnrdbSecretName '{{ include "common.release" . }}-sdnc-sdnrdb-secret'
+ type: basicAuth
+ login: '{{ index .Values "config" "sdnr" "mariadb" "user" }}'
+ password: '{{ index .Values "config" "sdnr" "mariadb" "password" }}'
#################################################################
# Certificates
#################################################################
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.4.2
+image: onap/sdnc-image:2.5.5
# flag to enable debugging - application support required
debugEnabled: false
# sdnronly: true starts sdnc container with odl and sdnrwt features only
sdnronly: false
sdnrdbTrustAllCerts: true
- mountpointRegistrarEnabled: false
+ elasticsearch:
+ ## for legacy eleasticsearch database
+ enabled: &esdbenabled true
+ # enabled: &esdbenabled false
+ mariadb:
+ ## for legacy eleasticsearch database
+ enabled: false
+ # enabled: true
+ databaseName: sdnrdb
+ user: sdnrdb
+ externalSecret: *sdnrdbSecretName
+ asyncHandling: true
+ asyncPoolSize: 200
+ kafka:
+ enabled: false
+ consumerGroupPrefix: &consumerGroupPrefix sdnr
+ # Strimzi KafkaUser config see configuration below
+ kafkaUser: &kafkaUser
+ acls:
+ - name: unauthenticated.SEC_
+ type: topic
+ patternType: prefix
+ operations: [Read]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: *consumerGroupPrefix
+ type: group
+ patternType: prefix
+ operations: [Read]
+ ## set if bootstrap server is not OOM standard
+ # bootstrapServers: []
+ ## set connection parameters if not default
+ # securityProtocol: PLAINTEXT
+ # saslMechanism: SCRAM-SHA-512
+ ## saslJassConfig: provided by secret
+
+
mountpointStateProviderEnabled: false
netconfCallHome:
enabled: true
- #
- # enable and set dmaap-proxy for mountpointRegistrar
- dmaapProxy:
- enabled: false
- usepwd: true
- user: addUserHere
- password: addPasswordHere
- url: addProxyUrlHere
+
+
oauth:
enabled: false
tokenIssuer: ONAP SDNC
reportingEntityName: ONAP SDN-R
eventLogMsgDetail: SHORT
+# Strimzi KafkaUser/Topic config on top level
+kafkaUser: *kafkaUser
+
+
# dependency / sub-chart configuration
network-name-gen:
enabled: true
rootUser:
externalSecret: *rootDbSecret
db:
+ name: *sdncDbName
user: *dbUser
externalSecret: *dbSecretName
service:
- name: sdnc-dbhost
+ name: sdnc-db
sdnctlPrefix: sdnc
persistence:
mountSubPath: sdnc/mariadb-galera
enabled: true
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
serviceAccount:
nameOverride: *sdnc-db
(include "common.mariadb.secret.rootPassSecretName"
(dict "dot" . "chartName" "mariadb-galera")) }}'
userCredentialsExternalSecret: *dbSecretName
- dbPodName: mariadb-galera
- dbServiceName: mariadb-galera
+ dbPodName: *mariadbName
+ dbServiceName: *mariadbService
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
serviceAccount:
ports:
- name: http
port: 3100
- nodePort: 03
+ nodePort: "03"
ingress:
enabled: false
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
+ enabled: *esdbenabled
nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
service:
# enable
sdnc-web:
enabled: true
+ ## set if web socket port should not be default
+ # sdnrWebsocketPort: *sdnrWebsocketPort
# default number of instances
replicaCount: 1
callHomePort: &chport 4334
callHomeNodePort: 66
+ ## set if web socket port should not be default
+ ## change in sdnc-web section as well
+ # sdnrWebsocketPort: &sdnrWebsocketPort 8182
+
## Persist data to a persitent volume
persistence:
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: a1policymanagement-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: ncmp-dmi-plugin-read
+ - serviceAccount: policy-drools-pdp-read
+ - serviceAccount: robot-read
+ - serviceAccount: sdnc-ansible-server-read
+ - serviceAccount: sdnc-dmaap-listener-read
+ - serviceAccount: sdnc-prom-read
+ - serviceAccount: sdnc-ueb-listener-read
+ - serviceAccount: sdnc-web-read
+ - serviceAccount: so-sdnc-adapter-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+ authorizedPrincipalsSdnHosts:
+ - serviceAccount: sdnc-read
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
small:
limits:
cpu: 2
- memory: 4Gi
+ memory: 4.7Gi
requests:
cpu: 1
- memory: 2Gi
+ memory: 4.7Gi
large:
limits:
cpu: 4
- memory: 8Gi
+ memory: 9.4Gi
requests:
cpu: 2
- memory: 4Gi
+ memory: 9.4Gi
unlimited: {}
#Pods Service Account