X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdnc%2Fvalues.yaml;h=f0d70e2c33ba8a89514628aa037ef229d732c9ac;hb=180578d41ed15c8e349faa943fa82bf41a145779;hp=4447a7dfaa1ae986ff7d69968d88db854a9c59d8;hpb=69572f6a9694f9044dd3033f1351b510aabf3bcf;p=oom.git diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 4447a7dfaa..f0d70e2c33 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,3 +1,4 @@ +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,6 +27,90 @@ global: persistence: mountPath: /dockerdata-nfs aafEnabled: true + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: '{{ include "common.release" . }}-sdnc-db-root-password' + type: password + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary (default (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" + (index .Values "mariadb-galera" "nameOverride"))) + (index .Values "mariadb-galera" "config" + "mariadbRootPasswordExternalSecret")) + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - uid: odl-creds + name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.deploy_fqi }}' + password: '{{ .Values.aaf_init.deploy_pass }}' + passwordPolicy: required + - uid: netbox-apikey + type: password + externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' + password: '{{ .Values.config.netboxApikey }}' + passwordPolicy: required + - uid: aai-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' + login: '{{ .Values.config.aaiUser }}' + password: '{{ .Values.config.aaiPassword }}' + passwordPolicy: required + - uid: modeling-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' + login: '{{ .Values.config.modelingUser }}' + password: '{{ .Values.config.modelingPassword }}' + passwordPolicy: required + - uid: restconf-creds + type: basicAuth + externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + passwordPolicy: required + - uid: ansible-creds + name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' + type: basicAuth + externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' + login: '{{ .Values.config.ansibleUser }}' + password: '{{ .Values.config.ansiblePassword }}' + passwordPolicy: required + - uid: scaleout-creds + type: basicAuth + externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' + login: '{{ .Values.config.scaleoutUser }}' + password: '{{ .Values.config.scaleoutPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -33,7 +118,7 @@ global: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.7.6 +image: onap/sdnc-image:1.8.1 # flag to enable debugging - application support required @@ -43,11 +128,27 @@ debugEnabled: false config: odlUid: 100 odlGid: 101 + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - dbRootPassword: secretpassword - dbSdnctlUser: sdnctl - dbSdnctlDatabase: sdnctl - dbSdnctlPassword: gamma + # odlCredsExternalSecret: some secret + netboxApikey: onceuponatimeiplayedwithnetbox20180814 + # netboxApikeyExternalSecret: some secret + aaiUser: sdnc@sdnc.onap.org + aaiPassword: demo123456! + # aaiCredsExternalSecret: some secret + modelingUser: ccsdkapps + modelingPassword: ccsdkapps + # modelingCredsExternalSecret: some secret + restconfUser: admin + restconfPassword: admin + # restconfCredsExternalSecret: some secret + scaleoutUser: admin + scaleoutPassword: admin + # scaleoutExternalSecret: some secret + ansibleUser: sdnc + ansiblePassword: sdnc + # ansibleCredsExternalSecret: some secret + dbSdnctlDatabase: &sdncDbName sdnctl enableClustering: true sdncHome: /opt/onap/sdnc binDir: /opt/onap/sdnc/bin @@ -59,6 +160,7 @@ config: peerODLCluster: 127.0.0.1 isPrimaryCluster: true configDir: /opt/onap/sdnc/data/properties + ccsdkConfigDir: /opt/onap/ccsdk/data/properties dmaapTopic: SUCCESS dmaapPort: 3904 logstashServiceName: log-ls @@ -91,17 +193,6 @@ config: parallelGCThreads : 3 numberGGLogFiles: 10 - - - #local Mariadb-galera cluster - localDBCluster: false - - #Shared mariadb-galera details - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera - internalPort: 3306 - # dependency / sub-chart configuration aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 @@ -114,67 +205,129 @@ aaf_init: cadi_latitude: "38.0" cadi_longitude: "-72.0" +mariadb-galera: &mariadbGalera + nameOverride: sdnc-db + config: &mariadbGaleraConfig + rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' + userName: sdnctl + userCredentialsExternalSecret: *dbSecretName + service: + name: sdnc-dbhost + internalPort: 3306 + sdnctlPrefix: sdnc + persistence: + mountSubPath: sdnc/mariadb-galera + enabled: true + replicaCount: 1 + cds: enabled: false dmaap-listener: nameOverride: sdnc-dmaap-listener + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera dmaapPort: 3904 sdncPort: 8282 configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName ueb-listener: + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: sdncPort: 8282 sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-portal: + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - dbRootPassword: secretpassword - dbSdnctlPassword: gamma - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-ansible-server: + config: + restCredsExternalSecret: *ansibleSecretName + mariadb-galera: + <<: *mariadbGalera + config: + <<: *mariadbGaleraConfig + mysqlDatabase: ansible service: name: sdnc-ansible-server internalPort: 8000 - config: - mysqlServiceName: mariadb-galera - -mariadb-galera: - nameOverride: sdnc-db - service: - name: sdnc-dbhost - internalPort: 3306 - sdnctlPrefix: sdnc - persistence: - mountSubPath: sdnc/mariadb-galera - enabled: true - replicaCount: 1 dgbuilder: nameOverride: sdnc-dgbuilder config: + db: + dbName: *sdncDbName + rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}' + userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera - dbRootPassword: secretpassword - dbSdnctlPassword: gamma + # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + mariadb-galera: service: name: sdnc-dgbuilder nodePort: "03" + ingress: + enabled: false + service: + - baseaddr: "sdnc-dgbuilder" + name: "sdnc-dgbuilder" + port: 3000 + config: + ssl: "redirect" + +# local elasticsearch cluster +localElasticCluster: true +elasticsearch: + nameOverride: sdnrdb + name: sdnrdb-cluster + aafConfig: + fqdn: "sdnc" + fqi_namespace: org.onap.sdnc + fqi: "sdnc@sdnc.onap.org" + service: + name: sdnrdb + + master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" + nameOverride: sdnrdb + + curator: + enabled: true + nameOverride: sdnrdb + data: + enabled: true + replicaCount: 1 + nameOverride: sdnrdb + + # default number of instances replicaCount: 1 @@ -205,13 +358,10 @@ service: #port externalPort: 8282 - nodePort: "02" externalPort2: 8202 - nodePort2: "08" externalPort3: 8280 - nodePort3: 46 externalPort4: 8443 nodePort4: 67 @@ -268,7 +418,7 @@ certpersistence: ingress: enabled: false service: - - baseaddr: "sdnc" + - baseaddr: "sdnc.api" name: "sdnc" port: 8443 config: