X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=c544467b53a44bb096df08d7d0e59a8157cad26f;hb=2f3773631ae41e6c66f2a0222810621044cbbb16;hp=714f9d928c628caa0fe2d810392b18d130929192;hpb=98efeea41f5617760fcc5fdb6718409b69684db9;p=oom.git diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 714f9d928c..c544467b53 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright (C) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,6 @@ # Global configuration defaults. ################################################################# global: - readinessImage: onap/oom/readiness:3.0.1 aafEnabled: true mariadb: # '&mariadbConfig' means we "store" the values for later use in the file @@ -25,8 +25,7 @@ global: config: &mariadbConfig mysqlDatabase: policyadmin service: &mariadbService - name: policy-mariadb - portName: mysql-policy + name: &policy-mariadb policy-mariadb internalPort: 3306 ################################################################# @@ -36,16 +35,37 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate + - uid: policy-app-user-creds + name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -53,9 +73,14 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret policy-xacml-pdp: enabled: true db: *dbSecretsHook @@ -68,17 +93,47 @@ policy-drools-pdp: policy-distribution: enabled: true db: *dbSecretsHook +policy-clamp-be: + enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-clamp-fe: + enabled: true +policy-clamp-cl-k8s-ppnt: + enabled: true +policy-clamp-cl-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-cl-http-ppnt: + enabled: true policy-nexus: enabled: false +policy-clamp-cl-runtime: + enabled: true + db: *dbSecretsHook + config: + appUserExternalSecret: *policyAppCredsSecret +policy-gui: + enabled: true ################################################################# # DB configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -mariadb_image: library/mariadb:10 pullPolicy: Always +mariadb: + image: mariadb:10.5.8 + +dbmigrator: + image: onap/policy-db-migrator:2.4.1 + schema: policyadmin + policy_home: "/opt/app/policy" + subChartsOnly: enabled: true @@ -104,23 +159,34 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 + +config: + policyAppUserName: runtimeUser + mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: - <<: *mariadbConfig - userName: policy_user - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - userCredentialsExternalSecret: *dbSecretName - nameOverride: policy-mariadb + db: + user: policy_user + # password: + externalSecret: *dbSecretName + name: &mysqlDbName policyadmin + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: *policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService replicaCount: 1 persistence: enabled: true mountSubPath: policy/maria/data - externalConfig: |- - [mysqld] - lower_case_table_names = 1 + serviceAccount: + nameOverride: *policy-mariadb + +restServer: + policyPapUserName: policyadmin + policyPapUserPassword: zb!XztG34 + policyApiUserName: policyadmin + policyApiUserPassword: zb!XztG34 # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) @@ -142,3 +208,8 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read