1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
3 # Modifications Copyright (C) 2021-2023 Nordix Foundation.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 #################################################################
18 # Global configuration defaults.
19 #################################################################
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
26 mysqlDatabase: policyadmin
27 service: &mariadbService
28 name: &policy-mariadb policy-mariadb
30 prometheusEnabled: false
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
39 #Strimzi Kafka properties
41 kafkaBootstrap: strimzi-kafka-bootstrap
42 policyKafkaUser: policy-kafka-user
45 name: policy.clamp-runtime-acm
47 #################################################################
49 #################################################################
51 - uid: db-root-password
52 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
54 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
55 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
58 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
60 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
61 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
62 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
63 passwordPolicy: generate
64 - uid: policy-app-user-creds
65 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
67 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
68 login: '{{ .Values.config.policyAppUserName }}'
69 password: '{{ .Values.config.policyAppUserPassword }}'
70 passwordPolicy: generate
71 - uid: policy-pap-user-creds
72 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
74 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
75 login: '{{ .Values.restServer.policyPapUserName }}'
76 password: '{{ .Values.restServer.policyPapUserPassword }}'
77 passwordPolicy: required
78 - uid: policy-api-user-creds
79 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
81 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
82 login: '{{ .Values.restServer.policyApiUserName }}'
83 password: '{{ .Values.restServer.policyApiUserPassword }}'
84 passwordPolicy: required
86 name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
88 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
89 password: '{{ .Values.postgres.config.pgRootpassword }}'
92 name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
94 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
95 login: '{{ .Values.postgres.config.pgUserName }}'
96 password: '{{ .Values.postgres.config.pgUserPassword }}'
97 passwordPolicy: generate
100 credsExternalSecret: *dbSecretName
106 apiUserExternalSecret: *policyApiCredsSecret
108 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
113 papUserExternalSecret: *policyPapCredsSecret
114 apiUserExternalSecret: *policyApiCredsSecret
116 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
121 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
126 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
131 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
135 policy-clamp-ac-k8s-ppnt:
137 policy-clamp-ac-pf-ppnt:
140 apiUserExternalSecret: *policyApiCredsSecret
141 papUserExternalSecret: *policyPapCredsSecret
142 policy-clamp-ac-http-ppnt:
144 policy-clamp-ac-a1pms-ppnt:
146 policy-clamp-ac-kserve-ppnt:
148 policy-clamp-runtime-acm:
152 appUserExternalSecret: *policyAppCredsSecret
156 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
160 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
162 #################################################################
163 # DB configuration defaults.
164 #################################################################
167 image: onap/policy-db-migrator:2.6.1
169 policy_home: "/opt/app/policy"
174 # flag to enable debugging - application support required
177 # default number of instances
184 # probe configuration parameters
186 initialDelaySeconds: 10
188 # necessary to disable liveness probe when setting breakpoints
189 # in debugger so K8s doesn't restart unresponsive container
193 initialDelaySeconds: 10
198 policyAppUserName: runtimeUser
199 useStrimziKafka: true
204 segmentBytes: 1073741824
206 groupId: policy-group
207 policyHeartbeatTopic:
208 name: policy-heartbeat
211 segmentBytes: 1073741824
213 groupId: policy-group
214 policyNotificationTopic:
215 name: policy-notification
218 segmentBytes: 1073741824
220 groupId: policy-group
224 # mariadb-galera.config and global.mariadb.config must be equals
228 externalSecret: *dbSecretName
229 name: &mysqlDbName policyadmin
231 externalSecret: *dbRootPassSecretName
232 nameOverride: *policy-mariadb
233 # mariadb-galera.service and global.mariadb.service must be equals
234 service: *mariadbService
238 mountSubPath: policy/maria/data
240 nameOverride: *policy-mariadb
242 postgresImage: library/postgres:latest
243 # application configuration override for postgres
245 nameOverride: &postgresName policy-postgres
248 name2: policy-pg-primary
249 name3: policy-pg-replica
252 primary: policy-pg-primary
253 replica: policy-pg-replica
255 mountSubPath: policy/postgres/data
256 mountInitPath: policy
258 pgUserName: policy_user
259 pgDatabase: policyadmin
260 pgUserExternalSecret: *pgUserCredsSecretName
261 pgRootPasswordExternalSecret: *pgRootPassSecretName
265 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
268 policyPapUserName: policyadmin
269 policyPapUserPassword: zb!XztG34
270 policyApiUserName: policyadmin
271 policyApiUserPassword: zb!XztG34
273 # Resource Limit flavor -By Default using small
274 # Segregation for Different environment (small, large, or unlimited)
293 #Pods Service Account