Merge "[COMMON][MARIADB] Upgrade Mariadb DB galera version"

[oom.git] / kubernetes / sdnc / values.yaml

# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302
  nodePortPrefixExt: 304
  persistence:
    mountPath: /dockerdata-nfs
  aafEnabled: true
  mariadbGalera:
    #This flag allows SO to instantiate its own mariadb-galera cluster
    #If shared instance is used, this chart assumes that DB already exists
    localCluster: false
    service: mariadb-galera
    internalPort: 3306
    nameOverride: mariadb-galera
    service: mariadb-galera
  # Enabling CMPv2
  cmpv2Enabled: true
  platform:
    certServiceClient:
      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
      secret:
        name: oom-cert-service-client-tls-secret
        mountPath: /etc/onap/oom/certservice/certs/
      envVariables:
        # Certificate related
        cert_path: /var/custom-certs
        cmpv2Organization: "Linux-Foundation"
        cmpv2OrganizationalUnit: "ONAP"
        cmpv2Location: "San-Francisco"
        cmpv2Country: "US"
        # Client configuration related
        caName: "RA"
        common_name: "sdnc.simpledemo.onap.org"
        requestURL: "https://oom-cert-service:8443/v1/certificate/"
        requestTimeout: "30000"
        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
        outputType: "P12"
        keystorePassword: "secret"
        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
        truststorePassword: "secret"

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: db-root-password
    name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password'
    type: password
    # If we're using shared mariadb, we need to use the secret name (second
    # part).
    # If not, we do the same trick than for user db secret hat allows you
    # override this secret using external one with the same field that is used
    # to pass this to subchart.
    externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
      ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
                  ternary
                    ""
                    (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
              (include "common.mariadb.secret.rootPassSecretName"
                (dict "dot" .
                      "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
  - uid: db-secret
    name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
    type: basicAuth
    # This is a nasty trick that allows you override this secret using external one
    # with the same field that is used to pass this to subchart
    externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) |
      ternary
        ""
        (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}'
    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
  - uid: odl-creds
    name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
    type: basicAuth
    externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
    login: '{{ .Values.config.odlUser }}'
    password: '{{ .Values.config.odlPassword }}'
    # For now this is left hardcoded but should be revisited in a future
    passwordPolicy: required
  - uid: netbox-apikey
    type: password
    externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
    password: '{{ .Values.config.netboxApikey }}'
    passwordPolicy: required
  - uid: aai-user-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
    login: '{{ .Values.config.aaiUser }}'
    password: '{{ .Values.config.aaiPassword }}'
    passwordPolicy: required
  - uid: modeling-user-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
    login: '{{ .Values.config.modelingUser }}'
    password: '{{ .Values.config.modelingPassword }}'
    passwordPolicy: required
  - uid: restconf-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
    login: '{{ .Values.config.restconfUser }}'
    password: '{{ .Values.config.restconfPassword }}'
    passwordPolicy: required
  - uid: ansible-creds
    name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
    type: basicAuth
    externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
    login: '{{ .Values.config.ansibleUser }}'
    password: '{{ .Values.config.ansiblePassword }}'
    passwordPolicy: required
  - uid: scaleout-creds
    type: basicAuth
    externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
    login: '{{ .Values.config.scaleoutUser }}'
    password: '{{ .Values.config.scaleoutPassword }}'
    passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application images

pullPolicy: Always
image: onap/sdnc-image:2.0.4

# flag to enable debugging - application support required
debugEnabled: false

# application configuration
config:
  odlUid: 100
  odlGid: 101
  odlUser: admin
  odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
  # odlCredsExternalSecret: some secret
  netboxApikey: onceuponatimeiplayedwithnetbox20180814
  # netboxApikeyExternalSecret: some secret
  aaiUser: sdnc@sdnc.onap.org
  aaiPassword: demo123456!
  # aaiCredsExternalSecret: some secret
  modelingUser: ccsdkapps
  modelingPassword: ccsdkapps
  # modelingCredsExternalSecret: some secret
  restconfUser: admin
  restconfPassword: admin
  # restconfCredsExternalSecret: some secret
  scaleoutUser: admin
  scaleoutPassword: admin
  # scaleoutExternalSecret: some secret
  ansibleUser: sdnc
  ansiblePassword: sdnc
  # ansibleCredsExternalSecret: some secret
  dbSdnctlDatabase: &sdncDbName sdnctl
  enableClustering: true
  sdncHome: /opt/onap/sdnc
  binDir: /opt/onap/sdnc/bin
  etcDir: /opt/onap/sdnc/data
  geoEnabled: false
# if geoEnabled is set to true here, mysql.geoEnabled must be set to true
# if geoEnabled is set to true the following 3 values must be set to their proper values
  myODLCluster: 127.0.0.1
  peerODLCluster: 127.0.0.1
  isPrimaryCluster: true
  configDir: /opt/onap/sdnc/data/properties
  ccsdkConfigDir: /opt/onap/ccsdk/data/properties
  dmaapTopic: SUCCESS
  dmaapPort: 3904
  logstashServiceName: log-ls
  logstashPort: 5044
  ansibleServiceName: sdnc-ansible-server
  ansiblePort: 8000
  javaHome: /opt/java/openjdk

  odl:
    etcDir: /opt/opendaylight/etc
    binDir: /opt/opendaylight/bin
    gcLogDir: /opt/opendaylight/data/log
    salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
    salConfigVersion: 1.9.1
    akka:
      seedNodeTimeout: 15s
      circuitBreaker:
        maxFailures: 10
        callTimeout: 90s
        resetTimeout: 30s
      recoveryEventTimeout: 90s
    datastore:
      persistentActorRestartMinBackoffInSeconds: 10
      persistentActorRestartMaxBackoffInSeconds: 40
      persistentActorRestartResetBackoffInSeconds: 20
      shardTransactionCommitTimeoutInSeconds: 120
      shardIsolatedLeaderCheckIntervalInMillis: 30000
      operationTimeoutInSeconds: 120
    javaOptions:
      maxGCPauseMillis: 100
      parallelGCThreads : 3
      numberGCLogFiles: 10
      minMemory: 512m
      maxMemory: 2048m
      gcLogOptions: ""
      # Next line enables gc logging
      # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
        # enables sdnr functionality
  sdnr:
    enabled: true
    # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
    # mode: dm - SDNC contains sdnr device manager + ODLUX components
    mode: dm
    # sdnronly: true starts sdnc container with odl and sdnrwt features only
    sdnronly: false
    sdnrdbTrustAllCerts: true
    mountpointRegistrarEnabled: false
    mountpointStateProviderEnabled: false



# dependency / sub-chart configuration
certInitializer:
  nameOverride: sdnc-cert-initializer
  truststoreMountpath: /opt/onap/sdnc/data/stores
  fqdn: "sdnc"
  app_ns: "org.osaaf.aaf"
  fqi: "sdnc@sdnc.onap.org"
  fqi_namespace: org.onap.sdnc
  public_fqdn: "sdnc.onap.org"
  aafDeployFqi: "deployer@people.osaaf.org"
  aafDeployPass: demo123456!
  cadi_latitude: "38.0"
  cadi_longitude: "-72.0"
  credsPath: /opt/app/osaaf/local
  aaf_add_config: >
    cd /opt/app/osaaf/local;
    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1

# dependency / sub-chart configuration
network-name-gen:
  enabled: true
mariadb-galera: &mariadbGalera
  nameOverride: &sdnc-db sdnc-db
  config: &mariadbGaleraConfig
    rootPasswordExternalSecret: *rootDbSecret
    userName: &dbUser sdnctl
    userCredentialsExternalSecret: *dbSecretName
  rootUser:
    externalSecret: *rootDbSecret
  db:
    user: *dbUser
    externalSecret: *dbSecretName
  service:
    name: sdnc-dbhost
  sdnctlPrefix: sdnc
  persistence:
    mountSubPath: sdnc/mariadb-galera
    enabled: true
  replicaCount: 1
  serviceAccount:
    nameOverride: *sdnc-db

cds:
  enabled: false

dmaap-listener:
  enabled: true
  nameOverride: sdnc-dmaap-listener
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: *sdncDbName
  config:
    sdncChartName: sdnc
    dmaapPort: 3904
    sdncPort: 8282
    configDir: /opt/onap/sdnc/data/properties
    odlCredsExternalSecret: *odlCredsSecretName

ueb-listener:
  enabled: true
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: *sdncDbName
  nameOverride: sdnc-ueb-listener
  config:
    sdncPort: 8282
    sdncChartName: sdnc
    configDir: /opt/onap/sdnc/data/properties
    odlCredsExternalSecret: *odlCredsSecretName

sdnc-ansible-server:
  enabled: true
  config:
    restCredsExternalSecret: *ansibleSecretName
  mariadb-galera:
    <<: *mariadbGalera
    config:
      <<: *mariadbGaleraConfig
      mysqlDatabase: ansible
  service:
    name: sdnc-ansible-server
    internalPort: 8000

dgbuilder:
  enabled: true
  nameOverride: sdnc-dgbuilder
  certInitializer:
    nameOverride: sdnc-dgbuilder-cert-initializer
  config:
    db:
      dbName: *sdncDbName
      rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
        ternary
          (printf "%s-sdnc-db-root-password" (include "common.release" .))
          (include "common.mariadb.secret.rootPassSecretName"
            (dict "dot" . "chartName" "mariadb-galera")) }}'
      userCredentialsExternalSecret: *dbSecretName
    dbPodName: mariadb-galera
    dbServiceName: mariadb-galera
    # This should be revisited and changed to plain text
    dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
  mariadb-galera:
  service:
    name: sdnc-dgbuilder
    nodePort: "03"

  ingress:
    enabled: false
    service:
      - baseaddr: "sdnc-dgbuilder"
        name: "sdnc-dgbuilder"
        port: 3000
      - baseaddr: "sdnc-web-service"
        name: "sdnc-web-service"
        port: 8443
    config:
      ssl: "redirect"



# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
  nameOverride: &elasticSearchName sdnrdb
  name: sdnrdb-cluster
  certInitializer:
    fqdn: "sdnc"
    fqi_namespace: org.onap.sdnc
    fqi: "sdnc@sdnc.onap.org"
  service:
    name: *elasticSearchName
  master:
    replicaCount: 3
    # dedicatednode: "yes"
    # working as master node only, in this case increase replicaCount for elasticsearch-data
    # dedicatednode: "no"
    # handles master and data node functionality
    dedicatednode: "no"
    nameOverride: *elasticSearchName
    cluster_name: *elasticSearchName
# enable
sdnc-web:
  enabled: true
# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10

service:
  type: NodePort
  name: sdnc
  portName: sdnc
  internalPort: 8181
  internalPort2: 8101
  internalPort3: 8080
  internalPort4: 8443

  #port
  externalPort: 8282

  externalPort2: 8202

  externalPort3: 8280

  externalPort4: 8443
  nodePort4: 67

  clusterPort: 2550
  clusterPort2: 2650
  clusterPort3: 2681

  geoNodePort1: 61
  geoNodePort2: 62
  geoNodePort3: 63
  geoNodePort4: 64
  geoNodePort5: 65
  geoNodePort6: 66

## Persist data to a persitent volume
persistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:
  volumeReclaimPolicy: Retain

  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  accessMode: ReadWriteOnce
  size: 1Gi
  mountPath: /dockerdata-nfs
  mountSubPath: sdnc/mdsal
  mdsalPath: /opt/opendaylight/current/daexim

certpersistence:
  enabled: true

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:

  volumeReclaimPolicy: Retain
  accessMode: ReadWriteOnce
  size: 50Mi
  mountPath: /dockerdata-nfs
  mountSubPath: sdnc/certs
  certPath: /opt/app/osaaf
  ##storageClass: "manual"

ingress:
  enabled: false
  service:
    - baseaddr: "sdnc.api"
      name: "sdnc"
      port: 8443
  config:
    ssl: "redirect"

#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)

resources:
  small:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 1
      memory: 2Gi
  large:
    limits:
      cpu: 4
      memory: 8Gi
    requests:
      cpu: 2
      memory: 4Gi
  unlimited: {}