X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdnc%2Fvalues.yaml;h=52a21ea370582294d1612228ae7319520c7e3928;hb=273b2a273f2532fd7cb85c13d432ba1d7f131cfd;hp=555409f747d9a92f9cb3c49924958f4db684c45c;hpb=10ab5daccb4375ca8644ad9d738bbdb2efc7a650;p=oom.git diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 555409f747..52a21ea370 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,3 +1,4 @@ +# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,21 +20,124 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: mountPath: /dockerdata-nfs + aafEnabled: true + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + # Enabling CMPv2 + cmpv2Enabled: true + platform: + certServiceClient: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + secret: + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ + envVariables: + # Certificate related + cert_path: /var/custom-certs + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + common_name: "sdnc.simpledemo.onap.org" + requestURL: "https://oom-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" + keystorePassword: "secret" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" + truststorePassword: "secret" ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: '{{ include "common.release" . }}-sdnc-db-root-password' + type: password + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary (default (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" + (index .Values "mariadb-galera" "nameOverride"))) + (index .Values "mariadb-galera" "config" + "mariadbRootPasswordExternalSecret")) + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - uid: odl-creds + name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required + - uid: netbox-apikey + type: password + externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' + password: '{{ .Values.config.netboxApikey }}' + passwordPolicy: required + - uid: aai-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' + login: '{{ .Values.config.aaiUser }}' + password: '{{ .Values.config.aaiPassword }}' + passwordPolicy: required + - uid: modeling-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' + login: '{{ .Values.config.modelingUser }}' + password: '{{ .Values.config.modelingPassword }}' + passwordPolicy: required + - uid: restconf-creds + type: basicAuth + externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + passwordPolicy: required + - uid: ansible-creds + name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' + type: basicAuth + externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' + login: '{{ .Values.config.ansibleUser }}' + password: '{{ .Values.config.ansiblePassword }}' + passwordPolicy: required + - uid: scaleout-creds + type: basicAuth + externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' + login: '{{ .Values.config.scaleoutUser }}' + password: '{{ .Values.config.scaleoutPassword }}' + passwordPolicy: required +################################################################# # Application configuration defaults. ################################################################# # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.7.6 - +image: onap/sdnc-image:2.0.1 +busyboxRepository: docker.io +busyboxImage: busybox:1.30 # flag to enable debugging - application support required debugEnabled: false @@ -42,11 +146,27 @@ debugEnabled: false config: odlUid: 100 odlGid: 101 + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - dbRootPassword: secretpassword - dbSdnctlUser: sdnctl - dbSdnctlDatabase: sdnctl - dbSdnctlPassword: gamma + # odlCredsExternalSecret: some secret + netboxApikey: onceuponatimeiplayedwithnetbox20180814 + # netboxApikeyExternalSecret: some secret + aaiUser: sdnc@sdnc.onap.org + aaiPassword: demo123456! + # aaiCredsExternalSecret: some secret + modelingUser: ccsdkapps + modelingPassword: ccsdkapps + # modelingCredsExternalSecret: some secret + restconfUser: admin + restconfPassword: admin + # restconfCredsExternalSecret: some secret + scaleoutUser: admin + scaleoutPassword: admin + # scaleoutExternalSecret: some secret + ansibleUser: sdnc + ansiblePassword: sdnc + # ansibleCredsExternalSecret: some secret + dbSdnctlDatabase: &sdncDbName sdnctl enableClustering: true sdncHome: /opt/onap/sdnc binDir: /opt/onap/sdnc/bin @@ -58,19 +178,21 @@ config: peerODLCluster: 127.0.0.1 isPrimaryCluster: true configDir: /opt/onap/sdnc/data/properties + ccsdkConfigDir: /opt/onap/ccsdk/data/properties dmaapTopic: SUCCESS dmaapPort: 3904 logstashServiceName: log-ls logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 - javaHome: /usr/lib/jvm/java-1.8-openjdk + javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin + gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config - salConfigVersion: 1.8.2 + salConfigVersion: 1.9.1 akka: seedNodeTimeout: 15s circuitBreaker: @@ -88,81 +210,162 @@ config: javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 - numberGGLogFiles: 10 + numberGCLogFiles: 10 + minMemory: 512m + maxMemory: 2048m + gcLogOptions: "" + # Next line enables gc logging + # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" + # enables sdnr functionality + sdnr: + enabled: true + # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), + # mode: dm - SDNC contains sdnr device manager + ODLUX components + mode: dm + # sdnronly: true starts sdnc container with odl and sdnrwt features only + sdnronly: false + sdnrdbTrustAllCerts: true + mountpointRegistrarEnabled: false + mountpointStateProviderEnabled: false - #local Mariadb-galera cluster - localDBCluster: false +# dependency / sub-chart configuration +certInitializer: + nameOverride: sdnc-cert-initializer + truststoreMountpath: /opt/onap/sdnc/data/stores + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 - #Shared mariadb-galera details - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera +# dependency / sub-chart configuration +network-name-gen: + enabled: true +mariadb-galera: &mariadbGalera + nameOverride: sdnc-db + config: &mariadbGaleraConfig + rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' + userName: sdnctl + userCredentialsExternalSecret: *dbSecretName + service: + name: sdnc-dbhost internalPort: 3306 + sdnctlPrefix: sdnc + persistence: + mountSubPath: sdnc/mariadb-galera + enabled: true + replicaCount: 1 -# dependency / sub-chart configuration cds: enabled: false dmaap-listener: + enabled: true nameOverride: sdnc-dmaap-listener + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera dmaapPort: 3904 sdncPort: 8282 configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName ueb-listener: + enabled: true + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: sdncPort: 8282 sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - -sdnc-portal: - config: - sdncChartName: sdnc - mysqlChartName: mariadb-galera - configDir: /opt/onap/sdnc/data/properties - dbRootPassword: secretpassword - dbSdnctlPassword: gamma - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-ansible-server: + enabled: true + config: + restCredsExternalSecret: *ansibleSecretName + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: ansible service: name: sdnc-ansible-server internalPort: 8000 - config: - mysqlServiceName: mariadb-galera - -mariadb-galera: - nameOverride: sdnc-db - service: - name: sdnc-dbhost - internalPort: 3306 - sdnctlPrefix: sdnc - persistence: - mountSubPath: sdnc/mariadb-galera - enabled: true - replicaCount: 1 dgbuilder: + enabled: true nameOverride: sdnc-dgbuilder + certInitializer: + nameOverride: sdnc-dgbuilder-cert-initializer config: + db: + dbName: *sdncDbName + rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}' + userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera - dbRootPassword: secretpassword - dbSdnctlPassword: gamma + # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + mariadb-galera: service: name: sdnc-dgbuilder nodePort: "03" + ingress: + enabled: false + service: + - baseaddr: "sdnc-dgbuilder" + name: "sdnc-dgbuilder" + port: 3000 + - baseaddr: "sdnc-web-service" + name: "sdnc-web-service" + port: 8443 + config: + ssl: "redirect" + + + +# local elasticsearch cluster +localElasticCluster: true +elasticsearch: + nameOverride: sdnrdb + name: sdnrdb-cluster + certInitializer: + fqdn: "sdnc" + fqi_namespace: org.onap.sdnc + fqi: "sdnc@sdnc.onap.org" + service: + name: sdnrdb + master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" + nameOverride: sdnrdb +# enable +sdnc-web: + enabled: false # default number of instances replicaCount: 1 @@ -193,13 +396,10 @@ service: #port externalPort: 8282 - nodePort: "02" externalPort2: 8202 - nodePort2: "08" externalPort3: 8280 - nodePort3: 46 externalPort4: 8443 nodePort4: 67 @@ -250,13 +450,13 @@ certpersistence: size: 50Mi mountPath: /dockerdata-nfs mountSubPath: sdnc/certs - certPath: /opt/opendaylight/current/certs + certPath: /opt/app/osaaf ##storageClass: "manual" ingress: enabled: false service: - - baseaddr: "sdnc" + - baseaddr: "sdnc.api" name: "sdnc" port: 8443 config: