1 # Copyright © 2019 Amdocs, Bell Canada
2 # Copyright (c) 2020 Nordix Foundation, Modifications
3 # Modifications Copyright © 2020-2021 Nokia
4 # Modifications Copyright © 2023 Nordix Foundation
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 #################################################################
19 # Global configuration overrides.
21 # These overrides will affect all helm charts (ie. applications)
22 # that are listed below and are 'enabled'.
23 #################################################################
25 # Change to an unused port prefix range to prevent port conflicts
26 # with other instances running within the same k8s cluster
28 nodePortPrefixExt: 304
31 # Install test components
32 # test components are out of the scope of ONAP but allow to have a entire
33 # environment to test the different features of ONAP
34 # Current tests environments provided:
35 # - netbox (needed for CDS IPAM)
36 # - AWX (needed for XXX)
37 # - EJBCA Server (needed for CMPv2 tests)
38 # Today, "contrib" chart that hosting these components must also be enabled
39 # in order to make it work. So `contrib.enabled` must have the same value than
40 # addTestingComponents
41 addTestingComponents: &testing false
44 # Four different repositories are used
45 # You can change individually these repositories to ones that will serve the
46 # right images. If credentials are needed for one of them, see below.
47 repository: nexus3.onap.org:10001
48 dockerHubRepository: &dockerHubRepository docker.io
49 elasticRepository: &elasticRepository docker.elastic.co
50 googleK8sRepository: k8s.gcr.io
51 githubContainerRegistry: ghcr.io
54 # Legacy repositories which will be removed at the end of migration.
56 loggingRepository: *elasticRepository
57 busyboxRepository: *dockerHubRepository
60 # they're optional. If the target repository doesn't need them, comment them
64 # If you want / need authentication on the repositories, please set
65 # Don't set them if the target repo is the same than others
66 # so id you've set repository to value `my.private.repo` and same for
67 # dockerHubRepository, you'll have to configure only repository (exclusive) OR
80 # common global images
81 # Busybox for simple shell manipulation
82 busyboxImage: busybox:1.34.1
85 curlImage: curlimages/curl:7.80.0
87 # env substitution image
88 envsubstImage: dibi/envsubst:1
90 # generate htpasswd files image
91 # there's only latest image for htpasswd
92 htpasswdImage: xmartlabs/htpasswd:latest
94 # kubenretes client image
95 kubectlImage: bitnami/kubectl:1.22.4
98 loggingImage: beats/filebeat:5.5.0
100 # mariadb client image
101 mariadbImage: bitnami/mariadb:10.5.8
104 nginxImage: bitnami/nginx:1.21.4
106 # postgreSQL client and server image
107 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
109 # readiness check image
110 readinessImage: onap/oom/readiness:3.0.1
116 jreImage: onap/integration-java11:10.0.0
118 # default clusterName
119 # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
120 clusterName: cluster.local
122 # default mount path root directory referenced
123 # by persistent volumes and log files
125 mountPath: /dockerdata-nfs
126 enableDefaultStorageclass: false
128 storageclassProvisioner: kubernetes.io/no-provisioner
129 volumeReclaimPolicy: Retain
131 # override default resource limit flavor for all charts
134 # flag to enable debugging - application support required
137 # default password complexity
138 # available options: phrase, name, pin, basic, short, medium, long, maximum security
139 # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
140 passwordStrength: long
142 # configuration to set log level to all components (the one that are using
143 # "common.log.level" to set this)
144 # can be overrided per components by setting logConfiguration.logLevelOverride
145 # to the desired value
148 # Global ingress configuration
150 # generally enable ingress for ONAP components
152 # enable all component's Ingress interfaces
155 # default Ingress base URL and preAddr- and postAddr settings
156 # Ingress URLs result:
157 # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
159 # Default Ingress base URL
160 # can be overwritten in component by setting ingress.baseurlOverride
161 baseurl: "simpledemo.onap.org"
162 # prefix for baseaddr
163 # can be overwritten in component by setting ingress.preaddrOverride
165 # postfix for baseaddr
166 # can be overwritten in component by setting ingress.postaddrOverride
169 # All http (port 80) requests via ingress will be redirected
170 # to port 443 on Ingress controller
171 # only valid for Istio Gateway (ServiceMesh enabled)
174 # you can set an own Secret containing a certificate
175 # only valid for Istio Gateway (ServiceMesh enabled)
177 # secret: 'my-ingress-cert'
179 # optional: Namespace of the Istio IngressGateway
180 # only valid for Istio Gateway (ServiceMesh enabled)
181 namespace: istio-ingress
183 # Global Service Mesh configuration
184 # POC Mode, don't use it in production
188 # be aware that linkerd is not well tested
189 engine: "istio" # valid value: istio or linkerd
191 # Global Istio Authorization Policy configuration
192 authorizationPolicies:
196 # If enabled, exporters (for prometheus) will be deployed
197 # if custom resources set to yes, CRD from prometheus operartor will be
199 # Not all components have it enabled.
203 custom_resources: false
206 # POC Mode, only for use in development environment
207 # Keep it enabled in production
209 aafAgentImage: onap/aaf/aaf_agent:2.1.20
212 # POC Mode, only for use in development environment
215 # default values for certificates
218 renewBefore: 720h #30 days
219 duration: 8760h #365 days
221 organization: "Linux-Foundation"
223 locality: "San-Francisco"
224 province: "California"
225 organizationalUnit: "ONAP"
227 group: certmanager.onap.org
229 name: cmpv2-issuer-onap
235 clientSecretName: oom-cert-service-client-tls-secret
236 keystoreKeyRef: keystore.jks
237 truststoreKeyRef: truststore.jks
238 keystorePasswordSecretName: oom-cert-service-certificates-password
239 keystorePasswordSecretKey: password
240 truststorePasswordSecretName: oom-cert-service-certificates-password
241 truststorePasswordSecretKey: password
243 # Indicates offline deployment build
244 # Set to true if you are rendering helm charts for offline deployment
245 # Otherwise keep it disabled
246 offlineDeploymentBuild: false
249 # Set to false if you want to disable TLS for NodePorts. Be aware that this
250 # will loosen your security.
251 # if set this element will force or not tls even if serviceMesh.tls is set.
255 # Currently, centralized logging is not in best shape so it's disabled by
257 centralizedLoggingEnabled: ¢ralizedLogging false
259 # Example of specific for the components where you want to disable TLS only for
261 # if set this element will force or not tls even if global.serviceMesh.tls and
262 # global.tlsEnabled is set otherwise.
266 # Global storage configuration
267 # Set to "-" for default, or with the name of the storage class
268 # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
269 # storageclass with RWX capabilities (or set specific configuration for these
274 # Example of specific for the components which requires RWX:
277 # storageClassOverride: "My_RWX_Storage_Class"
282 # storageClassOverride: "My_RWX_Storage_Class"
284 # cds-blueprints-processor:
286 # storageClassOverride: "My_RWX_Storage_Class"
290 # storageClassOverride: "My_RWX_Storage_Class"
292 #################################################################
293 # Enable/disable and configure helm charts (ie. applications)
294 # to customize the ONAP deployment.
295 #################################################################
301 # you must always set the same values as value set in cps.enabled
315 # Today, "contrib" chart that hosting these components must also be enabled
316 # in order to make it work. So `contrib.enabled` must have the same value than
317 # addTestingComponents
336 # Today, "logging" chart that perform the central part of logging must also be
337 # enabled in order to make it work. So `logging.enabled` must have the same
338 # value as centralizedLoggingEnabled
340 enabled: *centralizedLogging
354 # openstack configuration
355 openStackRegion: "Yolo"
356 openStackVNFTenantId: "1234"
366 # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
367 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
383 # necessary to disable liveness probe when setting breakpoints
384 # in debugger so K8s doesn't restart unresponsive container
387 # so server configuration
389 # message router configuration
391 # openstack configuration
392 openStackUserName: "vnf_user"
393 openStackRegion: "RegionOne"
394 openStackKeyStoneUrl: "http://1.2.3.4:5000"
395 openStackServiceTenantName: "service"
396 openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
398 # in order to enable static password for so-monitoring uncomment:
402 # password: demo123456!
406 # Kafka replication & disk storage should be dimensioned
407 # according to each given system use case.
414 # Strimzi kafka bridge is an optional http api towards
415 # kafka provided by https://strimzi.io/docs/bridge/latest/
416 strimzi-kafka-bridge: