X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdnc%2Fvalues.yaml;h=a1ed2ca0b162cad181eabe9a423b90de37cd0db7;hb=7709c1769692d893f88ea61cbe4e54e377b72829;hp=6ab96adde7ab9a99b3fb90318e46b4047d8f0a80;hpb=64c2d941090b9a0ce5fe50410da2215df56ffa27;p=oom.git

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 6ab96adde7..ee8b2e5c30 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -22,7 +22,7 @@ global:
   nodePortPrefixExt: 304
   persistence:
     mountPath: /dockerdata-nfs
-  aafEnabled: true
+  centralizedLoggingEnabled: true
   mariadbGalera:
     #This flag allows SO to instantiate its own mariadb-galera cluster
     #If shared instance is used, this chart assumes that DB already exists
@@ -180,7 +180,10 @@ secrets:
     externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
     password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}'
     passwordPolicy: required
-
+  - uid: ves-collector-secret
+    type: basicAuth
+    login: '{{ .Values.config.sdnr.vesCollector.username }}'
+    password: '{{ .Values.config.sdnr.vesCollector.password }}'
 #################################################################
 # Certificates
 #################################################################
@@ -206,7 +209,7 @@ certificates:
 # application images
 
 pullPolicy: Always
-image: onap/sdnc-image:2.1.6
+image: onap/sdnc-image:2.4.2
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -260,6 +263,7 @@ config:
   ansibleUser: sdnc
   ansiblePassword: sdnc
   # ansibleCredsExternalSecret: some secret
+
   dbSdnctlDatabase: &sdncDbName sdnctl
   enableClustering: true
   sdncHome: /opt/onap/sdnc
@@ -353,24 +357,18 @@ config:
         title: ONAP Keycloak Provider
         roleMapping:
           mykeycloak: admin
-
-# dependency / sub-chart configuration
-certInitializer:
-  nameOverride: sdnc-cert-initializer
-  truststoreMountpath: /opt/onap/sdnc/data/stores
-  fqdn: "sdnc"
-  app_ns: "org.osaaf.aaf"
-  fqi: "sdnc@sdnc.onap.org"
-  fqi_namespace: org.onap.sdnc
-  public_fqdn: "sdnc.onap.org"
-  aafDeployFqi: "deployer@people.osaaf.org"
-  aafDeployPass: demo123456!
-  cadi_latitude: "38.0"
-  cadi_longitude: "-72.0"
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: >
-    cd /opt/app/osaaf/local;
-    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+    vesCollector:
+      enabled: false
+      tls:
+        enabled: true
+      trustAllCertificates: false
+      username: sample1
+      password: sample1
+      address: dcae-ves-collector.onap
+      port: 8080
+      version: v7
+      reportingEntityName: ONAP SDN-R
+      eventLogMsgDetail: SHORT
 
 # dependency / sub-chart configuration
 network-name-gen:
@@ -444,8 +442,6 @@ sdnc-ansible-server:
 dgbuilder:
   enabled: true
   nameOverride: sdnc-dgbuilder
-  certInitializer:
-    nameOverride: sdnc-dgbuilder-cert-initializer
   config:
     db:
       dbName: *sdncDbName
@@ -464,17 +460,17 @@ dgbuilder:
   mariadb-galera:
   service:
     name: sdnc-dgbuilder
-    nodePort: "03"
+    ports:
+    - name: http
+      port: 3100
+      nodePort: 03
 
   ingress:
     enabled: false
     service:
-      - baseaddr: "sdnc-dgbuilder"
+      - baseaddr: "sdnc-dgbuilder-ui"
         name: "sdnc-dgbuilder"
-        port: 3000
-      - baseaddr: "sdnc-web-service"
-        name: "sdnc-web-service"
-        port: 8443
+        port: 3100
     config:
       ssl: "redirect"
 
@@ -485,10 +481,6 @@ localElasticCluster: true
 elasticsearch:
   nameOverride: &elasticSearchName sdnrdb
   name: sdnrdb-cluster
-  certInitializer:
-    fqdn: "sdnc"
-    fqi_namespace: org.onap.sdnc
-    fqi: "sdnc@sdnc.onap.org"
   service:
     name: *elasticSearchName
   master:
@@ -500,6 +492,7 @@ elasticsearch:
     dedicatednode: "no"
     nameOverride: *elasticSearchName
     cluster_name: sdnrdb-cluster
+
 # enable
 sdnc-web:
   enabled: true
@@ -525,11 +518,10 @@ readiness:
 service:
   type: NodePort
   name: sdnc
-  portName: sdnc
+  portName: http
   internalPort: 8181
   internalPort2: 8101
   internalPort3: 8080
-  internalPort4: 8443
 
   #port
   externalPort: 8282
@@ -538,7 +530,6 @@ service:
 
   externalPort3: 8280
 
-  externalPort4: 8443
   nodePort4: 67
 
   clusterPort: 2550
@@ -552,7 +543,7 @@ service:
   geoNodePort5: 65
   geoNodePort6: 66
 
-  callHomePort: 6666
+  callHomePort: &chport 4334
   callHomeNodePort: 66
 
 ## Persist data to a persitent volume
@@ -577,34 +568,44 @@ persistence:
   mountSubPath: sdnc/mdsal
   mdsalPath: /opt/opendaylight/mdsal
   daeximPath: /opt/opendaylight/mdsal/daexim
-  journalPath: /opt/opendaylight/journal
+  journalPath: /opt/opendaylight/segmented-journal
   snapshotsPath: /opt/opendaylight/snapshots
 
-certpersistence:
-  enabled: true
-
-  ## A manually managed Persistent Volume and Claim
-  ## Requires persistence.enabled: true
-  ## If defined, PVC must be created manually before volume will be bound
-  # existingClaim:
-
-  volumeReclaimPolicy: Retain
-  accessMode: ReadWriteOnce
-  size: 50Mi
-  mountPath: /dockerdata-nfs
-  mountSubPath: sdnc/certs
-  certPath: /opt/app/osaaf
-  ##storageClass: "manual"
-
 ingress:
   enabled: false
   service:
-    - baseaddr: "sdnc.api"
-      name: "sdnc"
-      port: 8443
+  - baseaddr: "sdnc-api"
+    name: "sdnc"
+    port: 8282
+  - baseaddr: "sdnc-callhome"
+    name: "sdnc-callhome"
+    port: *chport
+    protocol: tcp
+    exposedPort: *chport
+    exposedProtocol: TCP
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)
@@ -625,3 +626,13 @@ resources:
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: sdnc
+  roles:
+    - read
+
+#Log configuration
+log:
+  path: /var/log/onap