X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fonap%2Fvalues.yaml;h=5f48a5e2ede0a64c71c5469041e0ac163b1b8ca0;hb=refs%2Fheads%2Fmaster;hp=bdbf5ab3238e8e3d6537b3ec27f7b379e9ab3795;hpb=85c772b931c10b1dfcf11eb605837054a3549441;p=oom.git diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index bdbf5ab323..5f48a5e2ed 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2019 Amdocs, Bell Canada # Copyright (c) 2020 Nordix Foundation, Modifications # Modifications Copyright © 2020-2021 Nokia +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,19 +27,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - - # Install test components - # test components are out of the scope of ONAP but allow to have a entire - # environment to test the different features of ONAP - # Current tests environments provided: - # - netbox (needed for CDS IPAM) - # - AWX (needed for XXX) - # - EJBCA Server (needed for CMPv2 tests) - # Today, "contrib" chart that hosting these components must also be enabled - # in order to make it work. So `contrib.enabled` must have the same value than - # addTestingComponents - addTestingComponents: &testing false - # ONAP Repository # Four different repositories are used # You can change individually these repositories to ones that will serve the @@ -46,15 +34,10 @@ global: repository: nexus3.onap.org:10001 dockerHubRepository: &dockerHubRepository docker.io elasticRepository: &elasticRepository docker.elastic.co + quayRepository: quay.io googleK8sRepository: k8s.gcr.io githubContainerRegistry: ghcr.io - #/!\ DEPRECATED /!\ - # Legacy repositories which will be removed at the end of migration. - # Please don't use - loggingRepository: *elasticRepository - busyboxRepository: *dockerHubRepository - # Default credentials # they're optional. If the target repository doesn't need them, comment them repositoryCred: @@ -75,6 +58,20 @@ global: # user: myuser # password: mypassord + # Default definition of the secret containing the docker image repository + # credentials. In the default ONAP deployment the secret is created by the + # repository-wrapper component, which uses the secrets defined above. + # If this is not wanted or other secrets are created, alternative secret + # names can be used + # Overrides for specific images can be done, if the "image" entry is used as + # a map and the "pullSecrets" is used, e.g. + # image: + # ... + # pullSecrets: + # - myRegistryKeySecretName + # + imagePullSecrets: + - '{{ include "common.namespace" . }}-docker-registry-key' # common global images # Busybox for simple shell manipulation @@ -106,7 +103,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 # readiness check image - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.3 # image pull policy pullPolicy: Always @@ -127,6 +124,10 @@ global: storageclassProvisioner: kubernetes.io/no-provisioner volumeReclaimPolicy: Retain + # Global flag to enable the creation of default roles instead of using + # common roles-wrapper + createDefaultRoles: false + # override default resource limit flavor for all charts flavor: unlimited @@ -150,11 +151,36 @@ global: enabled: false # enable all component's Ingress interfaces enable_all: false - # default Ingress base URL - # can be overwritten in component vy setting ingress.baseurlOverride + + # Provider: ingress, istio, gw-api + provider: istio + # Ingress class (only for provider "ingress"): e.g. nginx, traefik + ingressClass: + # Ingress Selector (only for provider "istio") to match with the + # ingress pod label "istio=ingress" + ingressSelector: ingress + # optional: common used Gateway (for Istio, GW-API) and listener names + commonGateway: + name: "" + httpListener: "" + httpsListener: "" + + # default Ingress base URL and preAddr- and postAddr settings + # Ingress URLs result: + # . virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" - # All http requests via ingress will be redirected on Ingress controller + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + + # All http (port 80) requests via ingress will be redirected + # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" @@ -163,18 +189,21 @@ global: # tls: # secret: 'my-ingress-cert' - # optional: Namespace of the Istio IngressGateway + # optional: Namespace of the Istio IngressGateway or Gateway-API # only valid for Istio Gateway (ServiceMesh enabled) namespace: istio-ingress # Global Service Mesh configuration - # POC Mode, don't use it in production serviceMesh: enabled: false tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd + # Global Istio Authorization Policy configuration + authorizationPolicies: + enabled: false + # metrics part # If enabled, exporters (for prometheus) will be deployed # if custom resources set to yes, CRD from prometheus operartor will be @@ -188,8 +217,7 @@ global: # Disabling AAF # POC Mode, only for use in development environment # Keep it enabled in production - aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 + aafEnabled: false # Disabling MSB # POC Mode, only for use in development environment @@ -212,7 +240,7 @@ global: name: cmpv2-issuer-onap # Enabling CMPv2 - cmpv2Enabled: true + cmpv2Enabled: false platform: certificates: clientSecretName: oom-cert-service-client-tls-secret @@ -232,7 +260,7 @@ global: # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. # if set this element will force or not tls even if serviceMesh.tls is set. - # tlsEnabled: false + tlsEnabled: false # Logging # Currently, centralized logging is not in best shape so it's disabled by @@ -255,14 +283,6 @@ global: # storageClass: "-" # Example of specific for the components which requires RWX: -# aaf: -# persistence: -# storageClassOverride: "My_RWX_Storage_Class" -# contrib: -# netbox: -# netbox-app: -# persistence: -# storageClassOverride: "My_RWX_Storage_Class" # cds: # cds-blueprints-processor: # persistence: @@ -277,64 +297,28 @@ global: # to customize the ONAP deployment. ################################################################# -aaf: - enabled: false - aaf-sms: - cps: - # you must always set the same values as value set in cps.enabled - enabled: false aai: enabled: false -appc: - enabled: false - config: - openStackType: OpenStackProvider - openStackName: OpenStack - openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html - openStackServiceTenantName: default - openStackDomain: default - openStackUserName: admin - openStackEncryptedPassword: admin cassandra: enabled: false cds: enabled: false -clamp: - enabled: false cli: enabled: false -consul: - enabled: false -# Today, "contrib" chart that hosting these components must also be enabled -# in order to make it work. So `contrib.enabled` must have the same value than -# addTestingComponents -contrib: - enabled: *testing cps: enabled: false dcaegen2-services: enabled: false -dcaemod: - enabled: false holmes: enabled: false dmaap: enabled: false message-router: enabled: false - dmaap-bc: - enabled: false dmaap-dr-prov: enabled: false dmaap-dr-node: enabled: false -# Today, "logging" chart that perform the central part of logging must also be -# enabled in order to make it work. So `logging.enabled` must have the same -# value as centralizedLoggingEnabled -log: - enabled: *centralizedLogging -sniro-emulator: - enabled: false oof: enabled: false mariadb-galera: @@ -351,14 +335,12 @@ nbi: openStackVNFTenantId: "1234" policy: enabled: false -pomba: - enabled: false -portal: +portal-ng: enabled: false robot: enabled: false config: - # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment + # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" sdc: enabled: false @@ -415,8 +397,6 @@ uui: enabled: false vfc: enabled: false -vid: - enabled: false vnfsdk: enabled: false modeling: @@ -425,8 +405,6 @@ platform: enabled: false a1policymanagement: enabled: false -cert-wrapper: - enabled: true repository-wrapper: enabled: true roles-wrapper: