X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fso%2Fvalues.yaml;h=4cf991ea606c9e0573c283e8097c7e67e084a4b4;hb=1f3834edb12b81c85e452c16cccd249fc084dcea;hp=5a06253863a29f2ef0596ac2b7184c72380e343a;hpb=63307ec8c80e82d9763d48f6497940bdcabde404;p=oom.git

diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 5a06253863..4cf991ea60 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -20,16 +20,23 @@ global:
   repository: nexus3.onap.org:10001
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.2
+  loggingRepository: docker.elastic.co
+  loggingImage: beats/filebeat:5.5.0
+  soBaseImage: onap/so/base-image:1.0
   mariadbGalera:
     nameOverride: mariadb-galera
     serviceName: mariadb-galera
     servicePort: "3306"
-    mariadbRootPassword: secretpassword
+    # mariadbRootPassword: secretpassword
+    # rootPasswordExternalSecret: some secret
     #This flag allows SO to instantiate its own mariadb-galera cluster,
     #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
     localCluster: false
   persistence:
     mountPath: /dockerdata-nfs
+  #This configuration specifies Service and port for SDNC OAM interface
+  sdncOamService: sdnc-oam
+  sdncOamPort: 8282
   #This configuration will run the migration. The configurations are for backing up the data
   #from DB and then restoring it to the present versions preferred DB.
   migration:
@@ -38,6 +45,7 @@ global:
     dbPort: 3306
     dbUser: root
     dbPassword: secretpassword
+    # dbCredsExternalSecret: some secret
   msbEnabled: true
   security:
     aaf:
@@ -67,11 +75,67 @@ global:
     certs:
       trustStorePassword: b25hcDRzbw==
       keyStorePassword: c280b25hcA==
+  certificates:
+    path: /etc/ssl/certs
+    share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-pass
+    name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+    type: password
+    externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+    password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+  - uid: db-backup-creds
+    name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+    login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+    password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+    passwordPolicy: required
+    annotations:
+      helm.sh/hook: pre-upgrade,pre-install
+      helm.sh/hook-weight: "0"
+      helm.sh/hook-delete-policy: before-hook-creation
+  - uid: db-user-creds
+    name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+    login: '{{ .Values.dbCreds.userName }}'
+    password: '{{ .Values.dbCreds.userPassword }}'
+    passwordPolicy: generate
+  - uid: db-admin-creds
+    name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+    login: '{{ .Values.dbCreds.adminName }}'
+    password: '{{ .Values.dbCreds.adminPassword }}'
+    passwordPolicy: generate
+  - uid: "so-onap-certs"
+    name: &so-certs '{{ include "common.release" . }}-so-certs'
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths:
+      - resources/config/certificates/onap-ca.crt
+      - resources/config/certificates/msb-ca.crt
+
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+dbSecrets: &dbSecrets
+  userCredsExternalSecret: *dbUserCredsSecretName
+  adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+  userName: so_user
+  adminName: so_admin
+
 repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.3
+image: onap/so/api-handler-infra:1.6.0
 pullPolicy: Always
 replicaCount: 1
 minReadySeconds: 10
@@ -91,6 +155,8 @@ updateStrategy:
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)
+persistence:
+  certificatesPath: /certificates
 resources:
   small:
     limits:
@@ -119,12 +185,19 @@ livenessProbe:
 nodeSelector: {}
 affinity: {}
 
+# application configuration
+config:
+  logstashServiceName: log-ls
+  logstashPort: 5044
+
 #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
 #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
 #                                                       --set so.global.mariadbGalera.localCluster=true \
 #                                                       --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
 #                                                       --set so.global.mariadbGalera.serviceName=so-mariadb-galera
 mariadb-galera:
+  config:
+    mariadbRootPasswordExternalSecret: *dbRootPassSecretName
   nameOverride: so-mariadb-galera
   replicaCount: 1
   service:
@@ -164,7 +237,11 @@ mso:
         auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
   health:
     auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
 so-bpmn-infra:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   cds:
     auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
   aai:
@@ -196,7 +273,11 @@ so-bpmn-infra:
     vnfm:
       adapter:
         auth: Basic dm5mbTpwYXNzd29yZDEk
+
 so-catalog-db-adapter:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   mso:
     config:
       cadi:
@@ -207,7 +288,16 @@ so-catalog-db-adapter:
     adapters:
       db:
         auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-monitoring:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
+
 so-openstack-adapter:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   aaf:
     auth:
       encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
@@ -223,6 +313,7 @@ so-openstack-adapter:
   mso:
     msoKey: 07a7159d3bf51a0e53be7a8f89699be7
     auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+    basicUser: poBpmn
     config:
       cadi:
         aafId: so@so.onap.org
@@ -231,7 +322,11 @@ so-openstack-adapter:
         noAuthn: /manage/health
     db:
       auth: Basic YnBlbDpwYXNzd29yZDEk
+
 so-request-db-adapter:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   mso:
     config:
       cadi:
@@ -242,7 +337,11 @@ so-request-db-adapter:
     adapters:
       requestDb:
         auth: Basic YnBlbDpwYXNzd29yZDEk
+
 so-sdc-controller:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   aai:
     auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
   mso:
@@ -261,7 +360,11 @@ so-sdc-controller:
     asdc-connections:
       asdc-controller1:
         password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
 so-sdnc-adapter:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   org:
     onap:
       so:
@@ -283,7 +386,14 @@ so-sdnc-adapter:
         auth: Basic YnBlbDpwYXNzd29yZDEk
     rest:
       aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+so-ve-vnfm-adapter:
+  certSecret: *so-certs
+
 so-vfc-adapter:
+  certSecret: *so-certs
+  db:
+    <<: *dbSecrets
   mso:
     config:
       cadi:
@@ -294,7 +404,9 @@ so-vfc-adapter:
     adapters:
       requestDb:
         auth: Basic YnBlbDpwYXNzd29yZDEk
+
 so-vnfm-adapter:
+  certSecret: *so-certs
   aaf:
     auth:
       username: so@so.onap.org
@@ -313,3 +425,11 @@ so-vnfm-adapter:
         aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
         apiEnforcement: org.onap.so.vnfmAdapterPerm
         noAuthn: /manage/health
+
+so-mariadb:
+  db:
+    rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+    rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+    backupCredsExternalSecret: *dbBackupCredsSecretName
+    userCredsExternalSecret: *dbUserCredsSecretName
+    adminCredsExternalSecret: *dbAdminCredsSecretName