# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
- servicePort: "3306"
- mariadbRootPassword: secretpassword
+ servicePort: '3306'
+ # mariadbRootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
persistence:
mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
#This configuration will run the migration. The configurations are for backing up the data
#from DB and then restoring it to the present versions preferred DB.
migration:
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+ # dbCredsExternalSecret: some secret
msbEnabled: true
security:
aaf:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- cadi:
- cadiLoglevel: DEBUG
- cadiKeyFile: /app/org.onap.so.keyfile
- cadiTrustStore: /app/org.onap.so.trust.jks
- cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
- cadiLatitude: 38.4329
- cadiLongitude: -90.43248
- aafEnv: IST
- aafApiVersion: 2.1
- aafRootNs: org.onap.so
- aafLocateUrl: https://aaf-locate.onap:8095
- aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
- trustStorePassword: b25hcDRzbw==
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: '0'
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+ - uid: 'so-onap-certs'
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/msb-ca.crt
+ - uid: "mso-key"
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.global.app.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
+
#################################################################
# Application configuration defaults.
#################################################################
+
+dbSecrets: &dbSecrets
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+ userName: so_user
+ adminName: so_admin
+
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.3
+image: onap/so/api-handler-infra:1.6.4
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
logPath: ./logs/apih/
app: api-handler-infra
service:
- type: NodePort
- nodePort: 77
- internalPort: 8080
- externalPort: 8080
- portName: so-apih-port
+ type: NodePort
+ nodePort: 77
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-apih-port
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-apih-cert-init
+ certInitializer:
+ nameOverride: so-apih-cert-init
+ credsPath: /opt/app/osaaf/local
+ certSecret: *so-certs
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
cpu: 1000m
memory: 2Gi
unlimited: {}
-livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
nodeSelector: {}
affinity: {}
logstashServiceName: log-ls
logstashPort: 5044
-
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
ingress:
enabled: false
service:
- - baseaddr: "so"
- name: "so"
+ - baseaddr: 'so.api'
+ name: 'so'
port: 8080
config:
- ssl: "none"
+ ssl: 'none'
mso:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.apihPerm
- noAuthn: /manage/health
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ oof:
+ login: test
+ password: testpwd
so:
operationalEnv:
dmaap:
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
+so-appc-orchestrator:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-bpmn-infra:
- cds:
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
- po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- config:
- cadi:
- aafId: so@so.onap.org
- aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.bpmnPerm
- noAuthn: /manage/health
- sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
- sniro:
- auth: test:testpwd
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
- oof:
- auth: test:testpwd
- so:
- vnfm:
- adapter:
- auth: Basic dm5mbTpwYXNzd29yZDEk
+ db:
+ <<: *dbSecrets
+
so-catalog-db-adapter:
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.catalogDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-etsi-nfvo-ns-lcm:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-monitoring:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-openstack-adapter:
- aaf:
- auth:
- encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- org:
- onap:
- so:
- adapters:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
- valet:
- basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
- mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- basicUser: poBpmn
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.openStackAdapterPerm
- noAuthn: /manage/health
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-request-db-adapter:
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.requestDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ <<: *dbSecrets
+
so-sdc-controller:
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdcControllerPerm
- noAuthn: /manage/health
- asdc:
- config:
- key: 566B754875657232314F5548556D3665
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- asdc-connections:
- asdc-controller1:
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ db:
+ <<: *dbSecrets
+
so-sdnc-adapter:
- org:
- onap:
- so:
- adapters:
- sdnc:
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
- network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdncAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- rest:
- aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-ve-vnfm-adapter:
+ enabled: true
+
so-vfc-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-nssmf-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vfcAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-vnfm-adapter:
- aaf:
- auth:
- username: so@so.onap.org
- password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vnfmAdapterPerm
- noAuthn: /manage/health
+ enabled: true
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName