X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdnc%2Fvalues.yaml;h=6ab96adde7ab9a99b3fb90318e46b4047d8f0a80;hb=601a630a60e08321baeb5a21aa345b6b0d016b0a;hp=faf6594e2ad5e9c5042575a08695d6e336d9a165;hpb=0e6972b5a5f94d76848a22f5155f49925522b324;p=oom.git diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index faf6594e2a..6ab96adde7 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,33 +30,6 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - service: mariadb-galera - # Enabling CMPv2 - cmpv2Enabled: true - CMPv2CertManagerIntegration: false - platform: - certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 - secret: - name: oom-cert-service-client-tls-secret - mountPath: /etc/onap/oom/certservice/certs/ - envVariables: - # Certificate related - cert_path: /var/custom-certs - cmpv2Organization: "Linux-Foundation" - cmpv2OrganizationalUnit: "ONAP" - cmpv2Location: "San-Francisco" - cmpv2Country: "US" - # Client configuration related - caName: "RA" - common_name: "sdnc.simpledemo.onap.org" - requestURL: "https://oom-cert-service:8443/v1/certificate/" - requestTimeout: "30000" - keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" - outputType: "P12" - keystorePassword: "secret" - truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" - truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -97,17 +71,80 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required + - uid: dmaap-proxy-creds + name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds' + type: basicAuth + externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}' + login: '{{ .Values.config.sdnr.dmaapProxy.user }}' + password: '{{ .Values.config.sdnr.dmaapProxy.password }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required - uid: netbox-apikey type: password externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' password: '{{ .Values.config.netboxApikey }}' passwordPolicy: required + - uid: aai-truststore-password + type: password + externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}' + password: '{{ .Values.config.aaiTruststorePassword }}' + passwordPolicy: required + - uid: ansible-truststore-password + type: password + externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}' + password: '{{ .Values.config.ansibleTruststorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ .Values.config.truststoreExternalSecret }}' + password: '{{ .Values.config.truststorePassword }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ .Values.config.keystoreExternalSecret }}' + password: '{{ .Values.config.keystorePassword }}' + passwordPolicy: required + - uid: dmaap-authkey + type: password + externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}' + password: '{{ .Values.config.dmaapAuthKey }}' + passwordPolicy: required - uid: aai-user-creds type: basicAuth externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' login: '{{ .Values.config.aaiUser }}' password: '{{ .Values.config.aaiPassword }}' passwordPolicy: required + - uid: so-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.soCredsExternalSecret}}' + login: '{{ .Values.config.soUser }}' + password: '{{ .Values.config.soPassword }}' + passwordPolicy: required + - uid: neng-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.nengCredsExternalSecret}}' + login: '{{ .Values.config.nengUser }}' + password: '{{ .Values.config.nengPassword }}' + passwordPolicy: required + - uid: cds-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}' + login: '{{ .Values.config.cdsUser }}' + password: '{{ .Values.config.cdsPassword }}' + passwordPolicy: required + - uid: honeycomb-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}' + login: '{{ .Values.config.honeycombUser }}' + password: '{{ .Values.config.honeycombPassword }}' + passwordPolicy: required + - uid: dmaap-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}' + login: '{{ .Values.config.dmaapUser }}' + password: '{{ .Values.config.dmaapPassword }}' + passwordPolicy: required - uid: modeling-user-creds type: basicAuth externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' @@ -133,34 +170,43 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required - - uid: keystore-password + - uid: oauth-token-secret type: password - password: secret + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.tokenSecret }}' passwordPolicy: required + - uid: keycloak-secret + type: password + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}' + passwordPolicy: required + ################################################################# # Certificates ################################################################# certificates: - - commonName: sdnc.simpledemo.onap.org + - mountPath: /var/custom-certs + commonName: sdnc.simpledemo.onap.org dnsNames: - sdnc.simpledemo.onap.org - p12Keystore: - create: true - passwordSecretRef: - name: keystore-password - key: password - jksKeystore: - create: true + keystore: + outputType: + - jks passwordSecretRef: - name: keystore-password + create: true + name: sdnc-cmpv2-keystore-password key: password + issuer: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap ################################################################# # Application configuration defaults. ################################################################# # application images pullPolicy: Always -image: onap/sdnc-image:2.0.5 +image: onap/sdnc-image:2.1.6 # flag to enable debugging - application support required debugEnabled: false @@ -174,9 +220,34 @@ config: # odlCredsExternalSecret: some secret netboxApikey: onceuponatimeiplayedwithnetbox20180814 # netboxApikeyExternalSecret: some secret + aaiTruststorePassword: changeit + # aaiTruststoreExternalSecret: some secret + ansibleTruststorePassword: changeit + # ansibleTruststoreExternalSecret: some secret + truststorePassword: adminadmin + # truststoreExternalSecret: some secret + keystorePassword: adminadmin + # keystoreExternalSecret: some secret aaiUser: sdnc@sdnc.onap.org aaiPassword: demo123456! # aaiCredsExternalSecret: some secret + soUser: sdncaBpmn + soPassword: password1$ + # soCredsExternalSecret: some secret + nengUser: ccsdkapps + nengPassword: ccsdkapps + # nengCredsExternalSecret: some secret + cdsUser: ccsdkapps + cdsPassword: ccsdkapps + # cdsCredsExternalSecret: some secret + honeycombUser: admin + honeycombPassword: admin + # honeycombCredsExternalSecret: some secret + dmaapUser: admin + dmaapPassword: admin + dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs=" + # dmaapCredsExternalSecret: some secret + # dmaapAuthKeyExternalSecret: some secret modelingUser: ccsdkapps modelingPassword: ccsdkapps # modelingCredsExternalSecret: some secret @@ -250,8 +321,38 @@ config: sdnrdbTrustAllCerts: true mountpointRegistrarEnabled: false mountpointStateProviderEnabled: false - - + netconfCallHome: + enabled: true + # + # enable and set dmaap-proxy for mountpointRegistrar + dmaapProxy: + enabled: false + usepwd: true + user: addUserHere + password: addPasswordHere + url: addProxyUrlHere + oauth: + enabled: false + tokenIssuer: ONAP SDNC + tokenSecret: secret + supportOdlusers: true + redirectUri: null + publicUrl: none + odluxRbac: + enabled: true + # example definition for a oauth provider + providersSecrets: + keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46 + providers: + - id: keycloak + type: KEYCLOAK + host: http://keycloak:8080 + clientId: odlux.app + secret: ${KEYCLOAK_SECRET} + scope: openid + title: ONAP Keycloak Provider + roleMapping: + mykeycloak: admin # dependency / sub-chart configuration certInitializer: @@ -358,6 +459,8 @@ dgbuilder: dbServiceName: mariadb-galera # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + serviceAccount: + nameOverride: sdnc-dgbuilder mariadb-galera: service: name: sdnc-dgbuilder @@ -396,7 +499,7 @@ elasticsearch: # handles master and data node functionality dedicatednode: "no" nameOverride: *elasticSearchName - cluster_name: *elasticSearchName + cluster_name: sdnrdb-cluster # enable sdnc-web: enabled: true @@ -449,6 +552,9 @@ service: geoNodePort5: 65 geoNodePort6: 66 + callHomePort: 6666 + callHomeNodePort: 66 + ## Persist data to a persitent volume persistence: enabled: true @@ -470,7 +576,7 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/mdsal - daeximPath: /opt/opendaylight/daexim + daeximPath: /opt/opendaylight/mdsal/daexim journalPath: /opt/opendaylight/journal snapshotsPath: /opt/opendaylight/snapshots