nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- aafEnabled: true
+ centralizedLoggingEnabled: true
mariadbGalera:
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
+
#################################################################
# Secrets metaconfig
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: dmaap-proxy-creds
- name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
- type: basicAuth
- externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
- login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
- password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
- # For now this is left hardcoded but should be revisited in a future
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}'
passwordPolicy: required
-
+ - uid: ves-collector-secret
+ type: basicAuth
+ login: '{{ .Values.config.sdnr.vesCollector.username }}'
+ password: '{{ .Values.config.sdnr.vesCollector.password }}'
#################################################################
# Certificates
#################################################################
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.1.5
+image: onap/sdnc-image:2.5.5
# flag to enable debugging - application support required
debugEnabled: false
ansibleUser: sdnc
ansiblePassword: sdnc
# ansibleCredsExternalSecret: some secret
+
dbSdnctlDatabase: &sdncDbName sdnctl
enableClustering: true
sdncHome: /opt/onap/sdnc
# sdnronly: true starts sdnc container with odl and sdnrwt features only
sdnronly: false
sdnrdbTrustAllCerts: true
- mountpointRegistrarEnabled: false
- mountpointStateProviderEnabled: false
- #
- # enable and set dmaap-proxy for mountpointRegistrar
- dmaapProxy:
+ kafka:
enabled: false
- usepwd: true
- user: addUserHere
- password: addPasswordHere
- url: addProxyUrlHere
+ consumerGroupPrefix: &consumerGroupPrefix sdnr
+ # Strimzi KafkaUser config see configuration below
+ kafkaUser: &kafkaUser
+ acls:
+ - name: unauthenticated.SEC_
+ type: topic
+ patternType: prefix
+ operations: [Read]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: *consumerGroupPrefix
+ type: group
+ patternType: prefix
+ operations: [Read]
+ ## set if bootstrap server is not OOM standard
+ # bootstrapServers: []
+ ## set connection parameters if not default
+ # securityProtocol: PLAINTEXT
+ # saslMechanism: SCRAM-SHA-512
+ ## saslJassConfig: provided by secret
+
+
+ mountpointStateProviderEnabled: false
+ netconfCallHome:
+ enabled: true
+
+
oauth:
enabled: false
tokenIssuer: ONAP SDNC
title: ONAP Keycloak Provider
roleMapping:
mykeycloak: admin
+ vesCollector:
+ enabled: false
+ tls:
+ enabled: true
+ trustAllCertificates: false
+ username: sample1
+ password: sample1
+ address: dcae-ves-collector.onap
+ port: 8080
+ version: v7
+ reportingEntityName: ONAP SDN-R
+ eventLogMsgDetail: SHORT
+
+# Strimzi KafkaUser/Topic config on top level
+kafkaUser: *kafkaUser
-# dependency / sub-chart configuration
-certInitializer:
- nameOverride: sdnc-cert-initializer
- truststoreMountpath: /opt/onap/sdnc/data/stores
- fqdn: "sdnc"
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqi_namespace: org.onap.sdnc
- public_fqdn: "sdnc.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd /opt/app/osaaf/local;
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
# dependency / sub-chart configuration
network-name-gen:
dgbuilder:
enabled: true
nameOverride: sdnc-dgbuilder
- certInitializer:
- nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ serviceAccount:
+ nameOverride: sdnc-dgbuilder
mariadb-galera:
service:
name: sdnc-dgbuilder
- nodePort: "03"
+ ports:
+ - name: http
+ port: 3100
+ nodePort: "03"
ingress:
enabled: false
service:
- - baseaddr: "sdnc-dgbuilder"
+ - baseaddr: "sdnc-dgbuilder-ui"
name: "sdnc-dgbuilder"
- port: 3000
- - baseaddr: "sdnc-web-service"
- name: "sdnc-web-service"
- port: 8443
+ port: 3100
config:
ssl: "redirect"
elasticsearch:
nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
- certInitializer:
- fqdn: "sdnc"
- fqi_namespace: org.onap.sdnc
- fqi: "sdnc@sdnc.onap.org"
service:
name: *elasticSearchName
master:
dedicatednode: "no"
nameOverride: *elasticSearchName
cluster_name: sdnrdb-cluster
+
# enable
sdnc-web:
enabled: true
+ ## set if web socket port should not be default
+ # sdnrWebsocketPort: *sdnrWebsocketPort
# default number of instances
replicaCount: 1
service:
type: NodePort
name: sdnc
- portName: sdnc
+ portName: http
internalPort: 8181
internalPort2: 8101
internalPort3: 8080
- internalPort4: 8443
#port
externalPort: 8282
externalPort3: 8280
- externalPort4: 8443
nodePort4: 67
clusterPort: 2550
geoNodePort5: 65
geoNodePort6: 66
+ callHomePort: &chport 4334
+ callHomeNodePort: 66
+ ## set if web socket port should not be default
+ ## change in sdnc-web section as well
+ # sdnrWebsocketPort: &sdnrWebsocketPort 8182
+
+
## Persist data to a persitent volume
persistence:
enabled: true
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/mdsal
daeximPath: /opt/opendaylight/mdsal/daexim
- journalPath: /opt/opendaylight/journal
+ journalPath: /opt/opendaylight/segmented-journal
snapshotsPath: /opt/opendaylight/snapshots
-certpersistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
-
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 50Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sdnc/certs
- certPath: /opt/app/osaaf
- ##storageClass: "manual"
-
ingress:
enabled: false
service:
- - baseaddr: "sdnc.api"
- name: "sdnc"
- port: 8443
+ - baseaddr: "sdnc-api"
+ name: "sdnc"
+ port: 8282
+ - baseaddr: "sdnc-callhome"
+ name: "sdnc-callhome"
+ port: *chport
+ protocol: tcp
+ exposedPort: *chport
+ exposedProtocol: TCP
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: a1policymanagement-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: ncmp-dmi-plugin-read
+ - serviceAccount: policy-drools-pdp-read
+ - serviceAccount: robot-read
+ - serviceAccount: sdnc-ansible-server-read
+ - serviceAccount: sdnc-dmaap-listener-read
+ - serviceAccount: sdnc-prom-read
+ - serviceAccount: sdnc-ueb-listener-read
+ - serviceAccount: sdnc-web-read
+ - serviceAccount: so-sdnc-adapter-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+ authorizedPrincipalsSdnHosts:
+ - serviceAccount: sdnc-read
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: 999
+ memory: 4.7Gi
requests:
cpu: 1
- memory: 2Gi
+ memory: 4.7Gi
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: 999
+ memory: 9.4Gi
requests:
cpu: 2
- memory: 4Gi
+ memory: 9.4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc
+ roles:
+ - read
+
+#Log configuration
+log:
+ path: /var/log/onap