-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
- # envsusbt
- envsubstImage: dibi/envsubst
mariadbGalera:
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ # Enabling CMPv2 with CertManager
+ CMPv2CertManagerIntegration: false
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-root-password
- name: '{{ include "common.release" . }}-sdnc-db-root-password'
+ name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password'
type: password
+ # If we're using shared mariadb, we need to use the secret name (second
+ # part).
+ # If not, we do the same trick than for user db secret hat allows you
+ # override this secret using external one with the same field that is used
+ # to pass this to subchart.
externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (default (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName"
- (index .Values "mariadb-galera" "nameOverride")))
- (index .Values "mariadb-galera" "config"
- "mariadbRootPasswordExternalSecret"))
- (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" .
+ "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
type: basicAuth
# This is a nasty trick that allows you override this secret using external one
# with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
- uid: odl-creds
name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
type: basicAuth
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
+ - uid: dmaap-proxy-creds
+ name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
+ login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
+ password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
+#################################################################
+# Certificates
+#################################################################
+certificates:
+ - mountPath: /var/custom-certs
+ commonName: sdnc.simpledemo.onap.org
+ dnsNames:
+ - sdnc.simpledemo.onap.org
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: sdnc-cmpv2-keystore-password
+ key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################
# application images
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-image: onap/sdnc-image:1.8.2
+pullPolicy: Always
+image: onap/sdnc-image:2.0.5
# flag to enable debugging - application support required
debugEnabled: false
logstashPort: 5044
ansibleServiceName: sdnc-ansible-server
ansiblePort: 8000
- javaHome: /usr/lib/jvm/java-1.8-openjdk
+ javaHome: /opt/java/openjdk
odl:
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
+ gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.10.4
akka:
seedNodeTimeout: 15s
circuitBreaker:
javaOptions:
maxGCPauseMillis: 100
parallelGCThreads : 3
- numberGGLogFiles: 10
+ numberGCLogFiles: 10
+ minMemory: 512m
+ maxMemory: 2048m
+ gcLogOptions: ""
+ # Next line enables gc logging
+ # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
+ # enables sdnr functionality
+ sdnr:
+ enabled: true
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+ # enable and set dmaap-proxy for mountpointRegistrar
+ dmaapProxy:
+ enabled: false
+ usepwd: true
+ user: addUserHere
+ password: addPasswordHere
+ url: addProxyUrlHere
+
+
+
+
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
+ truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
- nameOverride: sdnc-db
+ nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
- rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
- userName: sdnctl
+ rootPasswordExternalSecret: *rootDbSecret
+ userName: &dbUser sdnctl
userCredentialsExternalSecret: *dbSecretName
+ rootUser:
+ externalSecret: *rootDbSecret
+ db:
+ user: *dbUser
+ externalSecret: *dbSecretName
service:
name: sdnc-dbhost
- internalPort: 3306
sdnctlPrefix: sdnc
persistence:
mountSubPath: sdnc/mariadb-galera
enabled: true
replicaCount: 1
+ serviceAccount:
+ nameOverride: *sdnc-db
cds:
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
-sdnc-portal:
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
+ certInitializer:
+ nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
- rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+ rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary
+ (printf "%s-sdnc-db-root-password" (include "common.release" .))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" "mariadb-galera")) }}'
userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
- nameOverride: sdnrdb
+ nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
certInitializer:
fqdn: "sdnc"
fqi_namespace: org.onap.sdnc
fqi: "sdnc@sdnc.onap.org"
service:
- name: sdnrdb
-
+ name: *elasticSearchName
master:
replicaCount: 3
# dedicatednode: "yes"
# dedicatednode: "no"
# handles master and data node functionality
dedicatednode: "no"
- nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+ nameOverride: *elasticSearchName
+ cluster_name: *elasticSearchName
+# enable
+sdnc-web:
+ enabled: true
# default number of instances
replicaCount: 1
size: 1Gi
mountPath: /dockerdata-nfs
mountSubPath: sdnc/mdsal
- mdsalPath: /opt/opendaylight/current/daexim
+ mdsalPath: /opt/opendaylight/mdsal
+ daeximPath: /opt/opendaylight/daexim
+ journalPath: /opt/opendaylight/journal
+ snapshotsPath: /opt/opendaylight/snapshots
+
+certpersistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 50Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sdnc/certs
+ certPath: /opt/app/osaaf
+ ##storageClass: "manual"
ingress:
enabled: false