X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=f01160fc87955ec9bb9bf3de1c4106bb6d7c72ff;hb=HEAD;hp=bcb874684a41702721d0f5c8118fc320dc883763;hpb=9e79dd39f57135ab08f58b74b628c4ae5991e503;p=oom.git diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml old mode 100755 new mode 100644 index bcb874684a..2f7f141fe3 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright (C) 2021-2025 Nordix Foundation. +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,42 +19,27 @@ # Global configuration defaults. ################################################################# global: - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - # if useOperator set to "true", set "enableServiceAccount to "false" - # as the SA is created by the Operator - enableServiceAccount: false + prometheusEnabled: true + postgres: localCluster: true - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. - config: &mariadbConfig - mysqlDatabase: policyadmin - service: &mariadbService - name: &policy-mariadb policy-mariadb - internalPort: 3306 - nameOverride: *policy-mariadb + # flag to enable the DB creation via pgo-operator + useOperator: false + service: + name: &postgresName policy-postgres + name2: &postgresName2 policy-pg-primary + name3: &postgresName3 policy-pg-replica + port: &postgresPort 5432 + nameOverride: *postgresName # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: - prometheusEnabled: false - postgres: - localCluster: false - service: - name: pgset - name2: tcp-pgset-primary - name3: tcp-pgset-replica - container: - name: postgres - #Strimzi Kafka properties - useStrimziKafka: true - # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml - useStrimziKafkaPf: false - kafkaBootstrap: strimzi-kafka-bootstrap + kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user + useStrimziKafka: true kafkaTopics: - acRuntimeTopic: - name: policy.clamp-runtime-acm - + acRuntimeOperationTopic: + name: policy-acruntime-participant + acRuntimeSyncTopic: + name: acm-ppnt-sync ################################################################# # Secrets metaconfig ################################################################# @@ -61,27 +47,29 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | - ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | - ternary - "" - (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) - ) - ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) | - ternary - .Values.global.mariadbGalera.userRootSecret - (include "common.mariadb.secret.rootPassSecretName" - (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride) + externalSecret: '{{ .Values.global.postgres.localCluster | ternary + ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .) + ) + ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary + .Values.global.postgres.userRootSecret + (include "common.postgres.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.postgres.nameOverride) ) - ) }}' - password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' + ) + }}' + password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "db" "user" }}' - password: '{{ index .Values "mariadb-galera" "db" "password" }}' + externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .) + }}' + login: '{{ (index .Values "postgres" "config" "pgUserName") }}' + password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}' passwordPolicy: generate - uid: policy-app-user-creds name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' @@ -138,6 +126,10 @@ policy-drools-pdp: db: *dbSecretsHook config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-opa-pdp: + enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-distribution: enabled: true db: *dbSecretsHook @@ -163,19 +155,6 @@ policy-nexus: enabled: false config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -policy-gui: - enabled: false - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' - -################################################################# -# DB configuration defaults. -################################################################# - -dbmigrator: - image: onap/policy-db-migrator:3.0.2 - schema: policyadmin - policy_home: "/opt/app/policy" subChartsOnly: enabled: true @@ -186,9 +165,9 @@ debugEnabled: false # default number of instances replicaCount: 1 -nodeSelector: {} +nodeSelector: { } -affinity: {} +affinity: { } # probe configuration parameters liveness: @@ -202,10 +181,8 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 - config: policyAppUserName: runtimeUser - useStrimziKafka: true policyPdpPapTopic: name: policy-pdp-pap partitions: 10 @@ -227,55 +204,35 @@ config: segmentBytes: 1073741824 consumer: groupId: policy-group + opaPdpDataTopic: + name: opa-pdp-data + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 someConfig: blah -mariadb-galera: - # mariadb-galera.config and global.mariadbGalera.config must be equals - db: - user: policy-user - # password: - externalSecret: *dbSecretName - name: &mysqlDbName policyadmin - rootUser: - externalSecret: *dbRootPassSecretName - nameOverride: *policy-mariadb - # mariadb-galera.service and global.mariadbGalera.service must be equals - service: *mariadbService - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - persistence: - enabled: true - mountSubPath: policy/maria/data - serviceAccount: - nameOverride: *policy-mariadb - -postgresImage: library/postgres:latest # application configuration override for postgres postgres: nameOverride: &postgresName policy-postgres service: name: *postgresName - name2: policy-pg-primary - name3: policy-pg-replica + name2: *postgresName2 + name3: *postgresName3 + internalPort: *postgresPort container: name: - primary: policy-pg-primary - replica: policy-pg-replica + primary: *postgresName2 + replica: *postgresName3 persistence: mountSubPath: policy/postgres/data mountInitPath: policy + size: 3Gi config: pgUserName: policy-user pgDatabase: policyadmin pgUserExternalSecret: *dbSecretName pgRootPasswordExternalSecret: *dbRootPassSecretName -readinessCheck: - wait_for: - - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' - restServer: policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 @@ -300,7 +257,11 @@ resources: requests: cpu: "200m" memory: "2Gi" - unlimited: {} + unlimited: { } + +securityContext: + user_id: 100 + group_id: 65533 #Pods Service Account serviceAccount: