1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
3 # Modifications Copyright (C) 2021-2022 Nordix Foundation.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 #################################################################
18 # Global configuration defaults.
19 #################################################################
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
26 mysqlDatabase: policyadmin
27 service: &mariadbService
28 name: &policy-mariadb policy-mariadb
30 prometheusEnabled: false
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
39 kafkaBootstrap: strimzi-kafka-bootstrap
40 policyKafkaUser: policy-kafka-user
41 policyDistKafkaUser: policy-dist-kafka-user
43 #################################################################
45 #################################################################
47 - uid: db-root-password
48 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
50 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
51 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
54 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
56 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
57 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
58 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
59 passwordPolicy: generate
60 - uid: policy-app-user-creds
61 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
63 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
64 login: '{{ .Values.config.policyAppUserName }}'
65 password: '{{ .Values.config.policyAppUserPassword }}'
66 passwordPolicy: generate
67 - uid: policy-pap-user-creds
68 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
70 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
71 login: '{{ .Values.restServer.policyPapUserName }}'
72 password: '{{ .Values.restServer.policyPapUserPassword }}'
73 passwordPolicy: required
74 - uid: policy-api-user-creds
75 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
77 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
78 login: '{{ .Values.restServer.policyApiUserName }}'
79 password: '{{ .Values.restServer.policyApiUserPassword }}'
80 passwordPolicy: required
82 name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
84 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
85 password: '{{ .Values.postgres.config.pgRootpassword }}'
88 name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
90 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
91 login: '{{ .Values.postgres.config.pgUserName }}'
92 password: '{{ .Values.postgres.config.pgUserPassword }}'
93 passwordPolicy: generate
96 credsExternalSecret: *dbSecretName
102 apiUserExternalSecret: *policyApiCredsSecret
104 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
109 papUserExternalSecret: *policyPapCredsSecret
110 apiUserExternalSecret: *policyApiCredsSecret
112 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
117 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
122 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
127 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
132 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}'
133 policy-clamp-ac-k8s-ppnt:
136 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
137 policy-clamp-ac-pf-ppnt:
140 apiUserExternalSecret: *policyApiCredsSecret
141 papUserExternalSecret: *policyPapCredsSecret
143 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
144 policy-clamp-ac-http-ppnt:
147 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
148 policy-clamp-ac-a1pms-ppnt:
151 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
155 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
156 policy-clamp-runtime-acm:
160 appUserExternalSecret: *policyAppCredsSecret
161 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
165 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
167 #################################################################
168 # DB configuration defaults.
169 #################################################################
171 repository: nexus3.onap.org:10001
175 image: mariadb:10.5.8
178 image: onap/policy-db-migrator:2.5.1
180 policy_home: "/opt/app/policy"
185 # flag to enable debugging - application support required
188 # default number of instances
195 # probe configuration parameters
197 initialDelaySeconds: 10
199 # necessary to disable liveness probe when setting breakpoints
200 # in debugger so K8s doesn't restart unresponsive container
204 initialDelaySeconds: 10
209 policyAppUserName: runtimeUser
210 useStrimziKafka: true
212 name: policy-acruntime-participant
215 segmentBytes: 1073741824
217 groupId: policy-group
222 segmentBytes: 1073741824
224 groupId: policy-group
225 policyHeartbeatTopic:
226 name: policy-heartbeat
229 segmentBytes: 1073741824
231 groupId: policy-group
232 policyNotificationTopic:
233 name: policy-notification
236 segmentBytes: 1073741824
238 groupId: policy-group
242 # mariadb-galera.config and global.mariadb.config must be equals
246 externalSecret: *dbSecretName
247 name: &mysqlDbName policyadmin
249 externalSecret: *dbRootPassSecretName
250 nameOverride: *policy-mariadb
251 # mariadb-galera.service and global.mariadb.service must be equals
252 service: *mariadbService
256 mountSubPath: policy/maria/data
258 nameOverride: *policy-mariadb
260 postgresImage: library/postgres:latest
261 # application configuration override for postgres
263 nameOverride: &postgresName policy-postgres
266 name2: policy-pg-primary
267 name3: policy-pg-replica
270 primary: policy-pg-primary
271 replica: policy-pg-replica
273 mountSubPath: policy/postgres/data
274 mountInitPath: policy
276 pgUserName: policy_user
277 pgDatabase: policyadmin
278 pgUserExternalSecret: *pgUserCredsSecretName
279 pgRootPasswordExternalSecret: *pgRootPassSecretName
283 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
286 policyPapUserName: policyadmin
287 policyPapUserPassword: zb!XztG34
288 policyApiUserName: policyadmin
289 policyApiUserPassword: zb!XztG34
291 # Resource Limit flavor -By Default using small
292 # Segregation for Different environment (small, large, or unlimited)
311 #Pods Service Account