X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fappc%2Fvalues.yaml;h=f59a64f3d264fb25849ed5d214bb92c9e796cb37;hb=687f528514a0fb7a54d677aae837cadea9072dbc;hp=fcfca4a41c805762b71ea3a59e61c822e5ea1864;hpb=1155349e7b7dafc81ad94a5e48423e8aaf6fb7f2;p=oom.git

diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index fcfca4a41c..f59a64f3d2 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -18,37 +18,72 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
+  centralizedLoggingEnabled: false
   persistence:
     mountPath: /dockerdata-nfs
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    name: '{{ include "common.release" . }}-appc-db-root-pass'
+    externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
+    type: password
+    password: '{{ .Values.config.dbRootPass }}'
+  - uid: 'appcdb-user-creds'
+    name: '{{ include "common.release" . }}-appcdb-user-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.appcdb.userName }}'
+    password: '{{ .Values.config.appcdb.password }}'
+  - uid: 'sdncdb-user-creds'
+    name: '{{ include "common.release" . }}-sdncdb-user-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.sdncdb.userName }}'
+    password: '{{ .Values.config.sdncdb.password }}'
+
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 flavor: small
 # application image
-repository: nexus3.onap.org:10001
-image: onap/appc-image:1.7.0
+image: onap/appc-image:1.7.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
+# log configuration
+log:
+  path: /var/log/onap
+
 # application configuration
 config:
+#  dbRootPassExternalSecret: some secret
+#  dbRootPass: password
+  appcdb:
+    # Warning: changing this config option may not work.
+    # It seems that the DB name is hardcoded.
+    dbName: appcctl
+    userName: appcctl
+    # password: appcctl
+    # userCredsExternalSecret: some secret
+  sdncdb:
+    # Warning: changing this config option may not work.
+    # It seems that the DB name is hardcoded.
+    dbName: sdnctl
+    userName: sdnctl
+    # password: gamma
+    # userCredsExternalSecret: some secret
   odlUid: 100
   odlGid: 101
   ansibleServiceName: appc-ansible-server
   ansiblePort: 8000
-  mariadbRootPassword: secretpassword
-  userName: my-user
-  userPassword: my-password
-  mysqlDatabase: my-database
-  mariadbGaleraSVCName: appc-dbhost
-  mariadbGaleraContName: appc-db
+  mariadbGaleraSVCName: &appc-db appc-db
+  mariadbGaleraContName: *appc-db
   enableAAF: true
   enableClustering: false
   configDir: /opt/onap/appc/data/properties
@@ -70,35 +105,184 @@ config:
   dmaapServicePassword: onapappc
 
 appc-ansible-server:
+  enabled: true
   service:
     name: appc-ansible-server
     internalPort: 8000
   config:
-    mysqlServiceName: appc-dbhost
+    mysqlServiceName: *appc-db
+
+appc-cdt:
+  enabled: true
 
 mariadb-galera:
-  nameOverride: appc-db
+  nameOverride: *appc-db
+  rootUser:
+    externalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
   service:
-    name: appc-dbhost
-    portName: appc-dbhost
+    name: *appc-db
   nfsprovisionerPrefix: appc
   sdnctlPrefix: appc
   persistence:
     mountSubPath: appc/data
     enabled: true
   disableNfsProvisioner: true
+  serviceAccount:
+    nameOverride: *appc-db
+  replicaCount: 1
+
+  mariadbConfiguration: |-
+    [client]
+    port=3306
+    socket=/opt/bitnami/mariadb/tmp/mysql.sock
+    plugin_dir=/opt/bitnami/mariadb/plugin
+
+    [mysqld]
+    lower_case_table_names = 1
+    default_storage_engine=InnoDB
+    basedir=/opt/bitnami/mariadb
+    datadir=/bitnami/mariadb/data
+    plugin_dir=/opt/bitnami/mariadb/plugin
+    tmpdir=/opt/bitnami/mariadb/tmp
+    socket=/opt/bitnami/mariadb/tmp/mysql.sock
+    pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
+    bind_address=0.0.0.0
+
+    ## Character set
+    collation_server=utf8_unicode_ci
+    init_connect='SET NAMES utf8'
+    character_set_server=utf8
+
+    ## MyISAM
+    key_buffer_size=32M
+    myisam_recover_options=FORCE,BACKUP
+
+    ## Safety
+    skip_host_cache
+    skip_name_resolve
+    max_allowed_packet=16M
+    max_connect_errors=1000000
+    sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE
+    sysdate_is_now=1
+
+    ## Binary Logging
+    log_bin=mysql-bin
+    expire_logs_days=14
+    # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
+    sync_binlog=0
+    # Required for Galera
+    binlog_format=row
+
+    ## Caches and Limits
+    tmp_table_size=32M
+    max_heap_table_size=32M
+    # Re-enabling as now works with Maria 10.1.2
+    query_cache_type=1
+    query_cache_limit=4M
+    query_cache_size=256M
+    max_connections=500
+    thread_cache_size=50
+    open_files_limit=65535
+    table_definition_cache=4096
+    table_open_cache=4096
+
+    ## InnoDB
+    innodb=FORCE
+    innodb_strict_mode=1
+    # Mandatory per https://github.com/codership/documentation/issues/25
+    innodb_autoinc_lock_mode=2
+    # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+    innodb_doublewrite=1
+    innodb_flush_method=O_DIRECT
+    innodb_log_files_in_group=2
+    innodb_log_file_size=128M
+    innodb_flush_log_at_trx_commit=1
+    innodb_file_per_table=1
+    # 80% Memory is default reco.
+    # Need to re-evaluate when DB size grows
+    innodb_buffer_pool_size=2G
+    innodb_file_format=Barracuda
+
+    ## Logging
+    log_error=/opt/bitnami/mariadb/logs/mysqld.log
+    slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
+    log_queries_not_using_indexes=1
+    slow_query_log=1
+
+    ## SSL
+    ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
+    # ssl_ca=/certs/ca.pem
+    # ssl_cert=/certs/server-cert.pem
+    # ssl_key=/certs/server-key.pem
+
+    [galera]
+    wsrep_on=ON
+    wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
+    wsrep_sst_method=mariabackup
+    wsrep_slave_threads=4
+    wsrep_cluster_address=gcomm://
+    wsrep_cluster_name=galera
+    wsrep_sst_auth="root:"
+    # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
+    innodb_flush_log_at_trx_commit=2
+    # MYISAM REPLICATION SUPPORT #
+    wsrep_replicate_myisam=ON
+    binlog_format=row
+    default_storage_engine=InnoDB
+    innodb_autoinc_lock_mode=2
+    transaction-isolation=READ-COMMITTED
+    wsrep_causal_reads=1
+    wsrep_sync_wait=7
+
+    [mariadb]
+    plugin_load_add=auth_pam
+
+    ## Data-at-Rest Encryption
+    ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
+    # plugin_load_add=file_key_management
+    # file_key_management_filename=/encryption/keyfile.enc
+    # file_key_management_filekey=FILE:/encryption/keyfile.key
+    # file_key_management_encryption_algorithm=AES_CTR
+    # encrypt_binlog=ON
+    # encrypt_tmp_files=ON
+
+    ## InnoDB/XtraDB Encryption
+    # innodb_encrypt_tables=ON
+    # innodb_encrypt_temporary_tables=ON
+    # innodb_encrypt_log=ON
+    # innodb_encryption_threads=4
+    # innodb_encryption_rotate_key_age=1
+
+    ## Aria Encryption
+    # aria_encrypt_tables=ON
+    # encrypt_tmp_disk_tables=ON
 
 dgbuilder:
   nameOverride: appc-dgbuilder
+  certInitializer:
+    nameOverride: appc-dgbuilder-cert-initializer
   config:
-    dbPodName: appc-db
-    dbServiceName: appc-dbhost
+    db:
+      rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
+      userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
+    dbPodName: *appc-db
+    dbServiceName: *appc-db
   service:
     name: appc-dgbuilder
+  serviceAccount:
+    nameOverride: appc-dgbuilder
+  ingress:
+    enabled: false
+    service:
+      - baseaddr: "appc-dgbuilder"
+        name: "appc-dgbuilder"
+        port: 3000
+    config:
+      ssl: "redirect"
 
-#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4.
+#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
 appc-cdt:
-  nodePort4: 11
+  nodePort3: 11
 # default number of instances
 replicaCount: 1
 
@@ -123,21 +307,17 @@ service:
   name: appc
   portName: appc
 
-  internalPort: 8181
-  externalPort: 8282
-  nodePort: "08"
-
-  internalPort2: 8443
-  externalPort2: 8443
-  nodePort2: 30
+  internalPort: 8443
+  externalPort: 8443
+  nodePort: 30
 
-  externalPort3: 1830
-  nodePort3: 31
+  externalPort2: 1830
+  nodePort2: 31
   clusterPort: 2550
 
-  internalPort4: 9191
-  externalPort4: 9090
-  nodePort4: 11
+  internalPort3: 9191
+  externalPort3: 9090
+  nodePort3: 11
 
 ## Persist data to a persitent volume
 persistence:
@@ -164,7 +344,7 @@ persistence:
 ingress:
   enabled: false
   service:
-    - baseaddr: appc
+    - baseaddr: "appc.api"
       name: "appc"
       port: 8443
   config: