X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=714f9d928c628caa0fe2d810392b18d130929192;hb=9964927d8766c5c396ef2caf6f7aeb7494db279e;hp=f283d9042f05c33238291c5b3595653d354ad2b6;hpb=30397707d68c56fc9c8816a9fe495d75d90124b1;p=oom.git diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml old mode 100644 new mode 100755 index f283d9042f..8dca11d74b --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021-2023 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,32 +18,41 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst - ubuntuImage: ubuntu:16.04 - pdp: - nameOverride: pdp - pap: - nameOverride: pap - drools: - nameOverride: drools - brmwgw: - nameOverride: brmsgw - nexus: - nameOverride: nexus - mariadb: + mariadbGalera: + # flag to enable the DB creation via mariadb-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false + localCluster: true # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig mysqlDatabase: policyadmin service: &mariadbService - name: policy-mariadb - portName: mysql-policy + name: &policy-mariadb policy-mariadb internalPort: 3306 + nameOverride: *policy-mariadb + # (optional) if localCluster=false and an external secret is used set this variable + #userRootSecret: + prometheusEnabled: false + postgres: + localCluster: false + service: + name: pgset + name2: tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres + #Strimzi Kafka properties + useStrimziKafka: true + # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml + useStrimziKafkaPf: false + kafkaBootstrap: strimzi-kafka-bootstrap + policyKafkaUser: policy-kafka-user + kafkaTopics: + acRuntimeTopic: + name: policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -51,60 +61,128 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | + ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) + ) + ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) | + ternary + .Values.global.mariadbGalera.userRootSecret + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride) + ) + ) }}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.3 -mariadb_image: library/mariadb:10 -pullPolicy: Always - -subChartsOnly: - enabled: true + - uid: policy-app-user-creds + name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName -pap: - nameOverride: pap +policy-api: + enabled: true db: *dbSecretsHook -pdp: - nameOverride: pdp + restServer: + apiUserExternalSecret: *policyApiCredsSecret + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-pap: + enabled: true db: *dbSecretsHook -drools: - nameOverride: drools + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-xacml-pdp: + enabled: true db: *dbSecretsHook -brmsgw: - nameOverride: brmsgw + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-apex-pdp: + enabled: true db: *dbSecretsHook -policy-api: + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-drools-pdp: + enabled: true db: *dbSecretsHook -policy-xacml-pdp: + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-distribution: + enabled: true + db: *dbSecretsHook +policy-clamp-ac-k8s-ppnt: + enabled: true +policy-clamp-ac-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-ac-http-ppnt: + enabled: true +policy-clamp-ac-a1pms-ppnt: + enabled: true +policy-clamp-ac-kserve-ppnt: + enabled: true +policy-clamp-runtime-acm: + enabled: true db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-nexus: + enabled: false + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-gui: + enabled: false + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -nexus: - nameOverride: nexus +################################################################# +# DB configuration defaults. +################################################################# + +dbmigrator: + image: onap/policy-db-migrator:3.1.0 + schema: policyadmin + policy_home: "/opt/app/policy" + +subChartsOnly: + enabled: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - preloadPolicies: false - pdpPort: 8081 - # default number of instances replicaCount: 1 @@ -124,60 +202,108 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - name: pap - portName: pap - internalPort: 8443 - externalPort: 8443 - nodePort: 19 - internalPort2: 9091 - externalPort2: 9091 - nodePort2: 18 - -ingress: - enabled: false - service: - - baseaddr: "policy.api" - name: "pap" - port: 8443 - config: - ssl: "redirect" + +config: + policyAppUserName: runtimeUser + useStrimziKafka: true + policyPdpPapTopic: + name: policy-pdp-pap + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyHeartbeatTopic: + name: policy-heartbeat + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyNotificationTopic: + name: policy-notification + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + someConfig: blah mariadb-galera: - # mariadb-galera.config and global.mariadb.config must be equals - config: - <<: *mariadbConfig - userName: policy_user - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - userCredentialsExternalSecret: *dbSecretName - nameOverride: policy-mariadb - # mariadb-galera.service and global.mariadb.service must be equals + # mariadb-galera.config and global.mariadbGalera.config must be equals + db: + user: policy-user + # password: + externalSecret: *dbSecretName + name: &mysqlDbName policyadmin + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: *policy-mariadb + # mariadb-galera.service and global.mariadbGalera.service must be equals service: *mariadbService replicaCount: 1 + mariadbOperator: + galera: + enabled: false persistence: enabled: true mountSubPath: policy/maria/data - externalConfig: |- - [mysqld] - lower_case_table_names = 1 + serviceAccount: + nameOverride: *policy-mariadb + +postgresImage: library/postgres:latest +# application configuration override for postgres +postgres: + nameOverride: &postgresName policy-postgres + service: + name: *postgresName + name2: policy-pg-primary + name3: policy-pg-replica + container: + name: + primary: policy-pg-primary + replica: policy-pg-replica + persistence: + mountSubPath: policy/postgres/data + mountInitPath: policy + config: + pgUserName: policy-user + pgDatabase: policyadmin + pgUserExternalSecret: *dbSecretName + pgRootPasswordExternalSecret: *dbRootPassSecretName + +readinessCheck: + wait_for: + - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' + +restServer: + policyPapUserName: policyadmin + policyPapUserPassword: zb!XztG34 + policyApiUserName: policyadmin + policyApiUserPassword: zb!XztG34 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "4Gi" requests: - cpu: 10m - memory: 1Gi + cpu: "100m" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "8Gi" requests: - cpu: 20m - memory: 2Gi + cpu: "200m" + memory: "2Gi" unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read