X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=851c8957ae46e835213fc787072a7bab69555235;hb=1a76edf1159156d832e62c268b54fd727f82057f;hp=b33738348505da89870e3667e2ac07497a3ee72d;hpb=cfb4c8a9e14c0b69213bf0e80a1d5d7a5d697eb9;p=oom.git diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index b337383485..9027e490f0 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021-2023 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,17 +18,33 @@ # Global configuration defaults. ################################################################# global: - readinessImage: onap/oom/readiness:3.0.1 - aafEnabled: true mariadb: + localCluster: true # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig mysqlDatabase: policyadmin service: &mariadbService - name: policy-mariadb - portName: mysql-policy + name: &policy-mariadb policy-mariadb internalPort: 3306 + prometheusEnabled: false + postgres: + localCluster: false + service: + name: pgset + name2: tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres + #Strimzi Kafka properties + useStrimziKafka: true + # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml + useStrimziKafkaPf: false + kafkaBootstrap: strimzi-kafka-bootstrap + policyKafkaUser: policy-kafka-user + kafkaTopics: + acRuntimeTopic: + name: policy.clamp-runtime-acm ################################################################# # Secrets metaconfig @@ -36,16 +53,37 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate + - uid: policy-app-user-creds + name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -53,31 +91,71 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-xacml-pdp: enabled: true db: *dbSecretsHook + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-apex-pdp: enabled: true db: *dbSecretsHook + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-drools-pdp: enabled: true db: *dbSecretsHook + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-distribution: enabled: true db: *dbSecretsHook -policy-nexus: +policy-clamp-ac-k8s-ppnt: + enabled: true +policy-clamp-ac-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-ac-http-ppnt: + enabled: true +policy-clamp-ac-a1pms-ppnt: + enabled: true +policy-clamp-ac-kserve-ppnt: + enabled: true +policy-clamp-runtime-acm: enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-nexus: + enabled: false + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-gui: + enabled: false + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' ################################################################# # DB configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -mariadb_image: library/mariadb:10 -pullPolicy: Always +dbmigrator: + image: onap/policy-db-migrator:2.6.2 + schema: policyadmin + policy_home: "/opt/app/policy" subChartsOnly: enabled: true @@ -104,21 +182,105 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 + +config: + policyAppUserName: runtimeUser + useStrimziKafka: true + policyPdpPapTopic: + name: policy-pdp-pap + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyHeartbeatTopic: + name: policy-heartbeat + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + policyNotificationTopic: + name: policy-notification + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: policy-group + someConfig: blah + mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: - <<: *mariadbConfig - userName: policy_user - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - userCredentialsExternalSecret: *dbSecretName - nameOverride: policy-mariadb + db: + user: policy_user + # password: + externalSecret: *dbSecretName + name: &mysqlDbName policyadmin + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: *policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService replicaCount: 1 persistence: enabled: true mountSubPath: policy/maria/data - externalConfig: |- - [mysqld] - lower_case_table_names = 1 + serviceAccount: + nameOverride: *policy-mariadb + +postgresImage: library/postgres:latest +# application configuration override for postgres +postgres: + nameOverride: &postgresName policy-postgres + service: + name: *postgresName + name2: policy-pg-primary + name3: policy-pg-replica + container: + name: + primary: policy-pg-primary + replica: policy-pg-replica + persistence: + mountSubPath: policy/postgres/data + mountInitPath: policy + config: + pgUserName: policy_user + pgDatabase: policyadmin + pgUserExternalSecret: *dbSecretName + pgRootPasswordExternalSecret: *dbRootPassSecretName + +readinessCheck: + wait_for: + - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' + +restServer: + policyPapUserName: policyadmin + policyPapUserPassword: zb!XztG34 + policyApiUserName: policyadmin + policyApiUserPassword: zb!XztG34 + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read