X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=f01160fc87955ec9bb9bf3de1c4106bb6d7c72ff;hb=HEAD;hp=7707985a88eb1806275c8672ad2bb653d49099c2;hpb=0d61fe8a534142ff3fb9bb91d69328085fde7418;p=oom.git

diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
old mode 100755
new mode 100644
index 7707985a88..2f7f141fe3
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,7 @@
 # Copyright Â© 2017 Amdocs, Bell Canada
 # Modifications Copyright Â© 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2025 Nordix Foundation.
+# Modifications Copyright Â© 2024-2025 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,25 +19,27 @@
 # Global configuration defaults.
 #################################################################
 global:
-  aafEnabled: true
-  mariadb:
-    # '&mariadbConfig' means we "store" the values for  later use in the file
-    # with '*mariadbConfig' pointer.
-    config: &mariadbConfig
-      mysqlDatabase: policyadmin
-    service: &mariadbService
-      name: &policy-mariadb policy-mariadb
-      internalPort: 3306
-  prometheusEnabled: false
+  prometheusEnabled: true
   postgres:
-    localCluster: false
+    localCluster: true
+    # flag to enable the DB creation via pgo-operator
+    useOperator: false
     service:
-      name: pgset
-      name2: tcp-pgset-primary
-      name3: tcp-pgset-replica
-    container:
-      name: postgres
-
+      name: &postgresName policy-postgres
+      name2: &postgresName2 policy-pg-primary
+      name3: &postgresName3 policy-pg-replica
+      port: &postgresPort 5432
+    nameOverride: *postgresName
+    # (optional) if localCluster=false and an external secret is used set this variable
+    #userRootSecret: <secretName>
+  kafkaBootstrap: strimzi-kafka-bootstrap:9092
+  policyKafkaUser: policy-kafka-user
+  useStrimziKafka: true
+  kafkaTopics:
+    acRuntimeOperationTopic:
+      name: policy-acruntime-participant
+    acRuntimeSyncTopic:
+      name: acm-ppnt-sync
 #################################################################
 # Secrets metaconfig
 #################################################################
@@ -44,15 +47,29 @@ secrets:
   - uid: db-root-password
     name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
     type: password
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
-    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+    externalSecret: '{{ .Values.global.postgres.localCluster | ternary
+                 ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary
+                   ""
+                   (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .)
+                 )
+                 ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary
+                   .Values.global.postgres.userRootSecret
+                   (include "common.postgres.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.postgres.nameOverride)
+                   )
+                 )
+               }}'
+    password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}'
     policy: generate
   - uid: db-secret
     name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
     type: basicAuth
-    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
-    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
-    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+    externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary
+                        ""
+                        (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .)
+                     }}'
+    login: '{{ (index .Values "postgres" "config" "pgUserName") }}'
+    password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}'
     passwordPolicy: generate
   - uid: policy-app-user-creds
     name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
@@ -75,19 +92,6 @@ secrets:
     login: '{{ .Values.restServer.policyApiUserName }}'
     password: '{{ .Values.restServer.policyApiUserPassword }}'
     passwordPolicy: required
-  - uid: pg-root-pass
-    name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
-    type: password
-    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
-    password: '{{ .Values.postgres.config.pgRootpassword }}'
-    policy: generate
-  - uid: pg-user-creds
-    name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
-    type: basicAuth
-    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
-    login: '{{ .Values.postgres.config.pgUserName }}'
-    password: '{{ .Values.postgres.config.pgUserPassword }}'
-    passwordPolicy: generate
 
 db: &dbSecretsHook
   credsExternalSecret: *dbSecretName
@@ -97,29 +101,38 @@ policy-api:
   db: *dbSecretsHook
   restServer:
     apiUserExternalSecret: *policyApiCredsSecret
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-pap:
   enabled: true
   db: *dbSecretsHook
   restServer:
     papUserExternalSecret: *policyPapCredsSecret
     apiUserExternalSecret: *policyApiCredsSecret
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-xacml-pdp:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-apex-pdp:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-drools-pdp:
   enabled: true
   db: *dbSecretsHook
-policy-distribution:
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-opa-pdp:
   enabled: true
-  db: *dbSecretsHook
-policy-clamp-be:
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-distribution:
   enabled: true
   db: *dbSecretsHook
-  config:
-    appUserExternalSecret: *policyAppCredsSecret
 policy-clamp-ac-k8s-ppnt:
   enabled: true
 policy-clamp-ac-pf-ppnt:
@@ -129,30 +142,19 @@ policy-clamp-ac-pf-ppnt:
     papUserExternalSecret: *policyPapCredsSecret
 policy-clamp-ac-http-ppnt:
   enabled: true
-policy-nexus:
-  enabled: false
+policy-clamp-ac-a1pms-ppnt:
+  enabled: true
+policy-clamp-ac-kserve-ppnt:
+  enabled: true
 policy-clamp-runtime-acm:
   enabled: true
   db: *dbSecretsHook
   config:
     appUserExternalSecret: *policyAppCredsSecret
-policy-gui:
-  enabled: true
-
-#################################################################
-# DB configuration defaults.
-#################################################################
-
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
-  image: mariadb:10.5.8
-
-dbmigrator:
-  image: onap/policy-db-migrator:2.4.3
-  schema: policyadmin
-  policy_home: "/opt/app/policy"
+policy-nexus:
+  enabled: false
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 
 subChartsOnly:
   enabled: true
@@ -163,9 +165,9 @@ debugEnabled: false
 # default number of instances
 replicaCount: 1
 
-nodeSelector: {}
+nodeSelector: { }
 
-affinity: {}
+affinity: { }
 
 # probe configuration parameters
 liveness:
@@ -179,53 +181,57 @@ readiness:
   initialDelaySeconds: 10
   periodSeconds: 10
 
-
 config:
   policyAppUserName: runtimeUser
+  policyPdpPapTopic:
+    name: policy-pdp-pap
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  policyHeartbeatTopic:
+    name: policy-heartbeat
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  policyNotificationTopic:
+    name: policy-notification
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  opaPdpDataTopic:
+    name: opa-pdp-data
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+  someConfig: blah
 
-mariadb-galera:
-  # mariadb-galera.config and global.mariadb.config must be equals
-  db:
-    user: policy_user
-    # password:
-    externalSecret: *dbSecretName
-    name: &mysqlDbName policyadmin
-  rootUser:
-    externalSecret: *dbRootPassSecretName
-  nameOverride: *policy-mariadb
-  # mariadb-galera.service and global.mariadb.service must be equals
-  service: *mariadbService
-  replicaCount: 1
-  persistence:
-    enabled: true
-    mountSubPath: policy/maria/data
-  serviceAccount:
-    nameOverride: *policy-mariadb
-
-postgresImage: library/postgres:latest
 # application configuration override for postgres
 postgres:
   nameOverride: &postgresName policy-postgres
   service:
     name: *postgresName
-    name2: policy-pg-primary
-    name3: policy-pg-replica
+    name2: *postgresName2
+    name3: *postgresName3
+    internalPort: *postgresPort
   container:
     name:
-      primary: policy-pg-primary
-      replica: policy-pg-replica
+      primary: *postgresName2
+      replica: *postgresName3
   persistence:
     mountSubPath: policy/postgres/data
     mountInitPath: policy
+    size: 3Gi
   config:
-    pgUserName: policy_user
+    pgUserName: policy-user
     pgDatabase: policyadmin
-    pgUserExternalSecret: *pgUserCredsSecretName
-    pgRootPasswordExternalSecret: *pgRootPassSecretName
-
-readinessCheck:
-  wait_for:
-    - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+    pgUserExternalSecret: *dbSecretName
+    pgRootPasswordExternalSecret: *dbRootPassSecretName
 
 restServer:
   policyPapUserName: policyadmin
@@ -239,19 +245,23 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: "1"
+      memory: "4Gi"
     requests:
-      cpu: 100m
-      memory: 1Gi
+      cpu: "100m"
+      memory: "1Gi"
   large:
     limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: "2"
+      memory: "8Gi"
     requests:
-      cpu: 200m
-      memory: 2Gi
-  unlimited: {}
+      cpu: "200m"
+      memory: "2Gi"
+  unlimited: { }
+
+securityContext:
+  user_id: 100
+  group_id: 65533
 
 #Pods Service Account
 serviceAccount:
