X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=957ffde2681b509af05d23656f81cf951bea09de;hb=ec452b50a4a1ea0aa0e18836bfe80ca1dab20f1b;hp=678772c481d0b37069ae02774e10839847b06151;hpb=2ea763f92819d6290fa90a98cd7c2af55364ec6a;p=oom.git diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 678772c481..957ffde268 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021-2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +27,7 @@ global: service: &mariadbService name: &policy-mariadb policy-mariadb internalPort: 3306 + prometheusEnabled: false ################################################################# # Secrets metaconfig @@ -44,6 +46,27 @@ secrets: login: '{{ index .Values "mariadb-galera" "db" "user" }}' password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate + - uid: policy-app-user-creds + name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -51,9 +74,14 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret policy-xacml-pdp: enabled: true db: *dbSecretsHook @@ -69,10 +97,26 @@ policy-distribution: policy-clamp-be: enabled: true db: *dbSecretsHook -policy-clamp-fe: + config: + appUserExternalSecret: *policyAppCredsSecret +policy-clamp-ac-k8s-ppnt: + enabled: true +policy-clamp-ac-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-ac-http-ppnt: enabled: true policy-nexus: enabled: false +policy-clamp-runtime-acm: + enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-gui: + enabled: true ################################################################# # DB configuration defaults. @@ -84,6 +128,11 @@ pullPolicy: Always mariadb: image: mariadb:10.5.8 +dbmigrator: + image: onap/policy-db-migrator:2.4.1 + schema: policyadmin + policy_home: "/opt/app/policy" + subChartsOnly: enabled: true @@ -109,6 +158,10 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 + +config: + policyAppUserName: runtimeUser + mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals db: @@ -128,6 +181,12 @@ mariadb-galera: serviceAccount: nameOverride: *policy-mariadb +restServer: + policyPapUserName: policyadmin + policyPapUserPassword: zb!XztG34 + policyApiUserName: policyadmin + policyApiUserPassword: zb!XztG34 + # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) flavor: small @@ -148,3 +207,8 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read