# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
- # envsusbt
- envsubstImage: dibi/envsubst
mariadbGalera:
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- # Enabling CMPv2
- cmpv2Enabled: true
- platform:
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- # Certificate related
- cert_path: /var/custom-certs
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
- common_name: "sdnc.simpledemo.onap.org"
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
- outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-root-password
- name: '{{ include "common.release" . }}-sdnc-db-root-password'
+ name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password'
type: password
+ # If we're using shared mariadb, we need to use the secret name (second
+ # part).
+ # If not, we do the same trick than for user db secret hat allows you
+ # override this secret using external one with the same field that is used
+ # to pass this to subchart.
externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (default (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName"
- (index .Values "mariadb-galera" "nameOverride")))
- (index .Values "mariadb-galera" "config"
- "mariadbRootPasswordExternalSecret"))
- (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" .
+ "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
type: basicAuth
# This is a nasty trick that allows you override this secret using external one
# with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
- uid: odl-creds
name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
type: basicAuth
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
+ - uid: dmaap-proxy-creds
+ name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
+ login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
+ password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
password: '{{ .Values.config.netboxApikey }}'
passwordPolicy: required
+ - uid: aai-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}'
+ password: '{{ .Values.config.aaiTruststorePassword }}'
+ passwordPolicy: required
+ - uid: ansible-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}'
+ password: '{{ .Values.config.ansibleTruststorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.truststoreExternalSecret }}'
+ password: '{{ .Values.config.truststorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ .Values.config.keystoreExternalSecret }}'
+ password: '{{ .Values.config.keystorePassword }}'
+ passwordPolicy: required
+ - uid: dmaap-authkey
+ type: password
+ externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}'
+ password: '{{ .Values.config.dmaapAuthKey }}'
+ passwordPolicy: required
- uid: aai-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
login: '{{ .Values.config.aaiUser }}'
password: '{{ .Values.config.aaiPassword }}'
passwordPolicy: required
+ - uid: so-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.soCredsExternalSecret}}'
+ login: '{{ .Values.config.soUser }}'
+ password: '{{ .Values.config.soPassword }}'
+ passwordPolicy: required
+ - uid: neng-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.nengCredsExternalSecret}}'
+ login: '{{ .Values.config.nengUser }}'
+ password: '{{ .Values.config.nengPassword }}'
+ passwordPolicy: required
+ - uid: cds-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}'
+ login: '{{ .Values.config.cdsUser }}'
+ password: '{{ .Values.config.cdsPassword }}'
+ passwordPolicy: required
+ - uid: honeycomb-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}'
+ login: '{{ .Values.config.honeycombUser }}'
+ password: '{{ .Values.config.honeycombPassword }}'
+ passwordPolicy: required
+ - uid: dmaap-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}'
+ login: '{{ .Values.config.dmaapUser }}'
+ password: '{{ .Values.config.dmaapPassword }}'
+ passwordPolicy: required
- uid: modeling-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
+ - uid: oauth-token-secret
+ type: password
+ externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
+ password: '{{ .Values.config.sdnr.oauth.tokenSecret }}'
+ passwordPolicy: required
+ - uid: keycloak-secret
+ type: password
+ externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
+ password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}'
+ passwordPolicy: required
+
+#################################################################
+# Certificates
+#################################################################
+certificates:
+ - mountPath: /var/custom-certs
+ commonName: sdnc.simpledemo.onap.org
+ dnsNames:
+ - sdnc.simpledemo.onap.org
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ create: true
+ name: sdnc-cmpv2-keystore-password
+ key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################
# application images
-repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:2.0.4
-busyboxRepository: docker.io
-busyboxImage: busybox:1.30
+image: onap/sdnc-image:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
# odlCredsExternalSecret: some secret
netboxApikey: onceuponatimeiplayedwithnetbox20180814
# netboxApikeyExternalSecret: some secret
+ aaiTruststorePassword: changeit
+ # aaiTruststoreExternalSecret: some secret
+ ansibleTruststorePassword: changeit
+ # ansibleTruststoreExternalSecret: some secret
+ truststorePassword: adminadmin
+ # truststoreExternalSecret: some secret
+ keystorePassword: adminadmin
+ # keystoreExternalSecret: some secret
aaiUser: sdnc@sdnc.onap.org
aaiPassword: demo123456!
# aaiCredsExternalSecret: some secret
+ soUser: sdncaBpmn
+ soPassword: password1$
+ # soCredsExternalSecret: some secret
+ nengUser: ccsdkapps
+ nengPassword: ccsdkapps
+ # nengCredsExternalSecret: some secret
+ cdsUser: ccsdkapps
+ cdsPassword: ccsdkapps
+ # cdsCredsExternalSecret: some secret
+ honeycombUser: admin
+ honeycombPassword: admin
+ # honeycombCredsExternalSecret: some secret
+ dmaapUser: admin
+ dmaapPassword: admin
+ dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs="
+ # dmaapCredsExternalSecret: some secret
+ # dmaapAuthKeyExternalSecret: some secret
modelingUser: ccsdkapps
modelingPassword: ccsdkapps
# modelingCredsExternalSecret: some secret
binDir: /opt/opendaylight/bin
gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.9.1
+ salConfigVersion: 1.10.4
akka:
seedNodeTimeout: 15s
circuitBreaker:
sdnrdbTrustAllCerts: true
mountpointRegistrarEnabled: false
mountpointStateProviderEnabled: false
-
-
+ netconfCallHome:
+ enabled: true
+ #
+ # enable and set dmaap-proxy for mountpointRegistrar
+ dmaapProxy:
+ enabled: false
+ usepwd: true
+ user: addUserHere
+ password: addPasswordHere
+ url: addProxyUrlHere
+ oauth:
+ enabled: false
+ tokenIssuer: ONAP SDNC
+ tokenSecret: secret
+ supportOdlusers: true
+ redirectUri: null
+ publicUrl: none
+ odluxRbac:
+ enabled: true
+ # example definition for a oauth provider
+ providersSecrets:
+ keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46
+ providers:
+ - id: keycloak
+ type: KEYCLOAK
+ host: http://keycloak:8080
+ clientId: odlux.app
+ secret: ${KEYCLOAK_SECRET}
+ scope: openid
+ title: ONAP Keycloak Provider
+ roleMapping:
+ mykeycloak: admin
# dependency / sub-chart configuration
certInitializer:
network-name-gen:
enabled: true
mariadb-galera: &mariadbGalera
- nameOverride: sdnc-db
+ nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
- rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
- userName: sdnctl
+ rootPasswordExternalSecret: *rootDbSecret
+ userName: &dbUser sdnctl
userCredentialsExternalSecret: *dbSecretName
+ rootUser:
+ externalSecret: *rootDbSecret
+ db:
+ user: *dbUser
+ externalSecret: *dbSecretName
service:
name: sdnc-dbhost
- internalPort: 3306
sdnctlPrefix: sdnc
persistence:
mountSubPath: sdnc/mariadb-galera
enabled: true
replicaCount: 1
+ serviceAccount:
+ nameOverride: *sdnc-db
cds:
enabled: false
config:
db:
dbName: *sdncDbName
- rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+ rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary
+ (printf "%s-sdnc-db-root-password" (include "common.release" .))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" "mariadb-galera")) }}'
userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ serviceAccount:
+ nameOverride: sdnc-dgbuilder
mariadb-galera:
service:
name: sdnc-dgbuilder
# handles master and data node functionality
dedicatednode: "no"
nameOverride: *elasticSearchName
- cluster_name: *elasticSearchName
+ cluster_name: sdnrdb-cluster
# enable
sdnc-web:
enabled: true
geoNodePort5: 65
geoNodePort6: 66
+ callHomePort: 6666
+ callHomeNodePort: 66
+
## Persist data to a persitent volume
persistence:
enabled: true
size: 1Gi
mountPath: /dockerdata-nfs
mountSubPath: sdnc/mdsal
- mdsalPath: /opt/opendaylight/current/daexim
+ mdsalPath: /opt/opendaylight/mdsal
+ daeximPath: /opt/opendaylight/mdsal/daexim
+ journalPath: /opt/opendaylight/segmented-journal
+ snapshotsPath: /opt/opendaylight/snapshots
certpersistence:
enabled: true
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc
+ roles:
+ - read