X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdnc%2Fvalues.yaml;h=9a0079854546c06deba392d112541fa9b8229a0b;hb=6212653fb318e884a8d3691bab3d4586cc7865c6;hp=f02bc0b3b08943c98e72b8d75878fb7aedcc10f3;hpb=5d3c01e7a04a0c67fc90788ce7a7be254542c3c9;p=oom.git

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f02bc0b3b0..9a00798545 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -31,6 +31,7 @@ global:
     internalPort: 3306
     nameOverride: mariadb-galera
 
+
 #################################################################
 # Secrets metaconfig
 #################################################################
@@ -71,14 +72,6 @@ secrets:
     password: '{{ .Values.config.odlPassword }}'
     # For now this is left hardcoded but should be revisited in a future
     passwordPolicy: required
-  - uid: dmaap-proxy-creds
-    name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
-    type: basicAuth
-    externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
-    login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
-    password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
-    # For now this is left hardcoded but should be revisited in a future
-    passwordPolicy: required
   - uid: netbox-apikey
     type: password
     externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -209,7 +202,7 @@ certificates:
 # application images
 
 pullPolicy: Always
-image: onap/sdnc-image:2.4.2
+image: onap/sdnc-image:2.5.5
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -323,18 +316,37 @@ config:
     # sdnronly: true starts sdnc container with odl and sdnrwt features only
     sdnronly: false
     sdnrdbTrustAllCerts: true
-    mountpointRegistrarEnabled: false
+    kafka:
+      enabled: false
+      consumerGroupPrefix: &consumerGroupPrefix sdnr
+      # Strimzi KafkaUser config see configuration below
+      kafkaUser: &kafkaUser
+        acls:
+        - name: unauthenticated.SEC_
+          type: topic
+          patternType: prefix
+          operations: [Read]
+        - name: unauthenticated.VES_PNFREG_OUTPUT
+          type: topic
+          patternType: literal
+          operations: [Read]
+        - name: *consumerGroupPrefix
+          type: group
+          patternType: prefix
+          operations: [Read]
+      ## set if bootstrap server is not OOM standard
+      # bootstrapServers: []
+      ## set connection parameters if not default
+      # securityProtocol: PLAINTEXT
+      # saslMechanism: SCRAM-SHA-512
+      ## saslJassConfig: provided by secret
+
+
     mountpointStateProviderEnabled: false
     netconfCallHome:
       enabled: true
-    #
-    # enable and set dmaap-proxy for mountpointRegistrar
-    dmaapProxy:
-      enabled: false
-      usepwd: true
-      user: addUserHere
-      password: addPasswordHere
-      url: addProxyUrlHere
+
+
     oauth:
       enabled: false
       tokenIssuer: ONAP SDNC
@@ -370,6 +382,10 @@ config:
       reportingEntityName: ONAP SDN-R
       eventLogMsgDetail: SHORT
 
+# Strimzi KafkaUser/Topic config on top level
+kafkaUser: *kafkaUser
+
+
 # dependency / sub-chart configuration
 network-name-gen:
   enabled: true
@@ -463,7 +479,7 @@ dgbuilder:
     ports:
     - name: http
       port: 3100
-      nodePort: 03
+      nodePort: "03"
 
   ingress:
     enabled: false
@@ -496,6 +512,8 @@ elasticsearch:
 # enable
 sdnc-web:
   enabled: true
+  ## set if web socket port should not be default
+  # sdnrWebsocketPort: *sdnrWebsocketPort
 # default number of instances
 replicaCount: 1
 
@@ -545,6 +563,10 @@ service:
 
   callHomePort: &chport 4334
   callHomeNodePort: 66
+  ## set if web socket port should not be default
+  ## change in sdnc-web section as well
+  # sdnrWebsocketPort: &sdnrWebsocketPort 8182
+
 
 ## Persist data to a persitent volume
 persistence:
@@ -586,6 +608,26 @@ ingress:
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)
@@ -593,18 +635,18 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 4Gi
+      cpu: 999
+      memory: 4.7Gi
     requests:
       cpu: 1
-      memory: 2Gi
+      memory: 4.7Gi
   large:
     limits:
-      cpu: 4
-      memory: 8Gi
+      cpu: 999
+      memory: 9.4Gi
     requests:
       cpu: 2
-      memory: 4Gi
+      memory: 9.4Gi
   unlimited: {}
 
 #Pods Service Account