1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
3 # Modifications Copyright (C) 2021-2023 Nordix Foundation.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 #################################################################
18 # Global configuration defaults.
19 #################################################################
22 # flag to enable the DB creation via mariadb-operator
24 # if useOperator set to "true", set "enableServiceAccount to "false"
25 # as the SA is created by the Operator
26 enableServiceAccount: false
28 # '&mariadbConfig' means we "store" the values for later use in the file
29 # with '*mariadbConfig' pointer.
30 config: &mariadbConfig
31 mysqlDatabase: policyadmin
32 service: &mariadbService
33 name: &policy-mariadb policy-mariadb
35 nameOverride: *policy-mariadb
36 # (optional) if localCluster=false and an external secret is used set this variable
37 #userRootSecret: <secretName>
38 prometheusEnabled: false
43 name2: tcp-pgset-primary
44 name3: tcp-pgset-replica
47 kafkaBootstrap: strimzi-kafka-bootstrap:9092
48 policyKafkaUser: policy-kafka-user
51 name: policy.clamp-runtime-acm
52 #################################################################
54 #################################################################
56 - uid: db-root-password
57 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
59 externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
60 ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
63 (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
65 ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
67 .Values.global.mariadbGalera.userRootSecret
68 (include "common.mariadb.secret.rootPassSecretName"
69 (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
72 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
75 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
77 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
78 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
79 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
80 passwordPolicy: generate
81 - uid: policy-app-user-creds
82 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
84 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
85 login: '{{ .Values.config.policyAppUserName }}'
86 password: '{{ .Values.config.policyAppUserPassword }}'
87 passwordPolicy: generate
88 - uid: policy-pap-user-creds
89 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
91 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
92 login: '{{ .Values.restServer.policyPapUserName }}'
93 password: '{{ .Values.restServer.policyPapUserPassword }}'
94 passwordPolicy: required
95 - uid: policy-api-user-creds
96 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
98 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
99 login: '{{ .Values.restServer.policyApiUserName }}'
100 password: '{{ .Values.restServer.policyApiUserPassword }}'
101 passwordPolicy: required
104 credsExternalSecret: *dbSecretName
110 apiUserExternalSecret: *policyApiCredsSecret
112 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
117 papUserExternalSecret: *policyPapCredsSecret
118 apiUserExternalSecret: *policyApiCredsSecret
120 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
125 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
130 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
135 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
139 policy-clamp-ac-k8s-ppnt:
141 policy-clamp-ac-pf-ppnt:
144 apiUserExternalSecret: *policyApiCredsSecret
145 papUserExternalSecret: *policyPapCredsSecret
146 policy-clamp-ac-http-ppnt:
148 policy-clamp-ac-a1pms-ppnt:
150 policy-clamp-ac-kserve-ppnt:
152 policy-clamp-runtime-acm:
156 appUserExternalSecret: *policyAppCredsSecret
160 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
164 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
166 #################################################################
167 # DB configuration defaults.
168 #################################################################
171 image: onap/policy-db-migrator:3.1.0
173 policy_home: "/opt/app/policy"
178 # flag to enable debugging - application support required
181 # default number of instances
188 # probe configuration parameters
190 initialDelaySeconds: 10
192 # necessary to disable liveness probe when setting breakpoints
193 # in debugger so K8s doesn't restart unresponsive container
197 initialDelaySeconds: 10
202 policyAppUserName: runtimeUser
207 segmentBytes: 1073741824
209 groupId: policy-group
210 policyHeartbeatTopic:
211 name: policy-heartbeat
214 segmentBytes: 1073741824
216 groupId: policy-group
217 policyNotificationTopic:
218 name: policy-notification
221 segmentBytes: 1073741824
223 groupId: policy-group
227 # mariadb-galera.config and global.mariadbGalera.config must be equals
231 externalSecret: *dbSecretName
232 name: &mysqlDbName policyadmin
234 externalSecret: *dbRootPassSecretName
235 nameOverride: *policy-mariadb
236 # mariadb-galera.service and global.mariadbGalera.service must be equals
237 service: *mariadbService
244 mountSubPath: policy/maria/data
246 nameOverride: *policy-mariadb
248 postgresImage: library/postgres:latest
249 # application configuration override for postgres
251 nameOverride: &postgresName policy-postgres
254 name2: policy-pg-primary
255 name3: policy-pg-replica
258 primary: policy-pg-primary
259 replica: policy-pg-replica
261 mountSubPath: policy/postgres/data
262 mountInitPath: policy
264 pgUserName: policy-user
265 pgDatabase: policyadmin
266 pgUserExternalSecret: *dbSecretName
267 pgRootPasswordExternalSecret: *dbRootPassSecretName
271 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
272 wait_for_global_operator:
274 - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
275 wait_for_local_operator:
277 - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
280 - '{{ include "common.mariadbAppName" . }}'
283 - '{{ include "common.mariadbAppName" . }}'
286 policyPapUserName: policyadmin
287 policyPapUserPassword: zb!XztG34
288 policyApiUserName: policyadmin
289 policyApiUserPassword: zb!XztG34
291 # Resource Limit flavor -By Default using small
292 # Segregation for Different environment (small, large, or unlimited)
311 #Pods Service Account