# Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 centralizedLoggingEnabled: false persistence: mountPath: /dockerdata-nfs ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: "db-root-pass" name: '{{ include "common.release" . }}-appc-db-root-pass' externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}' type: password password: '{{ .Values.config.dbRootPass }}' - uid: 'appcdb-user-creds' name: '{{ include "common.release" . }}-appcdb-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.appcdb.userName }}' password: '{{ .Values.config.appcdb.password }}' - uid: 'sdncdb-user-creds' name: '{{ include "common.release" . }}-sdncdb-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.sdncdb.userName }}' password: '{{ .Values.config.sdncdb.password }}' ################################################################# # Application configuration defaults. ################################################################# flavor: small # application image image: onap/appc-image:1.7.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false # log configuration log: path: /var/log/onap # application configuration config: # dbRootPassExternalSecret: some secret # dbRootPass: password appcdb: # Warning: changing this config option may not work. # It seems that the DB name is hardcoded. dbName: appcctl userName: appcctl # password: appcctl # userCredsExternalSecret: some secret sdncdb: # Warning: changing this config option may not work. # It seems that the DB name is hardcoded. dbName: sdnctl userName: sdnctl # password: gamma # userCredsExternalSecret: some secret odlUid: 100 odlGid: 101 ansibleServiceName: appc-ansible-server ansiblePort: 8000 mariadbGaleraSVCName: &appc-db appc-db mariadbGaleraContName: *appc-db enableAAF: true enableClustering: false configDir: /opt/onap/appc/data/properties dmaapTopic: SUCCESS dmaapTopicEnv: AUTO logstashServiceName: log-ls logstashPort: 5044 odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U openStackType: OpenStackProvider openStackName: OpenStack openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html openStackServiceTenantName: default openStackDomain: default openStackUserName: admin openStackEncryptedPassword: enc:LDEbHEAvTF1R odlUser: admin dmaapServiceUrl: http://localhost:8080/publish dmaapServiceUser: appc dmaapServicePassword: onapappc appc-ansible-server: enabled: true service: name: appc-ansible-server internalPort: 8000 config: mysqlServiceName: *appc-db appc-cdt: enabled: true mariadb-galera: nameOverride: *appc-db rootUser: externalSecret: '{{ include "common.release" . }}-appc-db-root-pass' service: name: *appc-db nfsprovisionerPrefix: appc sdnctlPrefix: appc persistence: mountSubPath: appc/data enabled: true disableNfsProvisioner: true serviceAccount: nameOverride: *appc-db replicaCount: 1 mariadbConfiguration: |- [client] port=3306 socket=/opt/bitnami/mariadb/tmp/mysql.sock plugin_dir=/opt/bitnami/mariadb/plugin [mysqld] lower_case_table_names = 1 default_storage_engine=InnoDB basedir=/opt/bitnami/mariadb datadir=/bitnami/mariadb/data plugin_dir=/opt/bitnami/mariadb/plugin tmpdir=/opt/bitnami/mariadb/tmp socket=/opt/bitnami/mariadb/tmp/mysql.sock pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid bind_address=0.0.0.0 ## Character set collation_server=utf8_unicode_ci init_connect='SET NAMES utf8' character_set_server=utf8 ## MyISAM key_buffer_size=32M myisam_recover_options=FORCE,BACKUP ## Safety skip_host_cache skip_name_resolve max_allowed_packet=16M max_connect_errors=1000000 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE sysdate_is_now=1 ## Binary Logging log_bin=mysql-bin expire_logs_days=14 # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql sync_binlog=0 # Required for Galera binlog_format=row ## Caches and Limits tmp_table_size=32M max_heap_table_size=32M # Re-enabling as now works with Maria 10.1.2 query_cache_type=1 query_cache_limit=4M query_cache_size=256M max_connections=500 thread_cache_size=50 open_files_limit=65535 table_definition_cache=4096 table_open_cache=4096 ## InnoDB innodb=FORCE innodb_strict_mode=1 # Mandatory per https://github.com/codership/documentation/issues/25 innodb_autoinc_lock_mode=2 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ innodb_doublewrite=1 innodb_flush_method=O_DIRECT innodb_log_files_in_group=2 innodb_log_file_size=128M innodb_flush_log_at_trx_commit=1 innodb_file_per_table=1 # 80% Memory is default reco. # Need to re-evaluate when DB size grows innodb_buffer_pool_size=2G innodb_file_format=Barracuda ## Logging log_error=/opt/bitnami/mariadb/logs/mysqld.log slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log log_queries_not_using_indexes=1 slow_query_log=1 ## SSL ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem # ssl_ca=/certs/ca.pem # ssl_cert=/certs/server-cert.pem # ssl_key=/certs/server-key.pem [galera] wsrep_on=ON wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so wsrep_sst_method=mariabackup wsrep_slave_threads=4 wsrep_cluster_address=gcomm:// wsrep_cluster_name=galera wsrep_sst_auth="root:" # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit innodb_flush_log_at_trx_commit=2 # MYISAM REPLICATION SUPPORT # wsrep_replicate_myisam=ON binlog_format=row default_storage_engine=InnoDB innodb_autoinc_lock_mode=2 transaction-isolation=READ-COMMITTED wsrep_causal_reads=1 wsrep_sync_wait=7 [mariadb] plugin_load_add=auth_pam ## Data-at-Rest Encryption ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem # plugin_load_add=file_key_management # file_key_management_filename=/encryption/keyfile.enc # file_key_management_filekey=FILE:/encryption/keyfile.key # file_key_management_encryption_algorithm=AES_CTR # encrypt_binlog=ON # encrypt_tmp_files=ON ## InnoDB/XtraDB Encryption # innodb_encrypt_tables=ON # innodb_encrypt_temporary_tables=ON # innodb_encrypt_log=ON # innodb_encryption_threads=4 # innodb_encryption_rotate_key_age=1 ## Aria Encryption # aria_encrypt_tables=ON # encrypt_tmp_disk_tables=ON dgbuilder: nameOverride: appc-dgbuilder certInitializer: nameOverride: appc-dgbuilder-cert-initializer config: db: rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds' dbPodName: *appc-db dbServiceName: *appc-db service: name: appc-dgbuilder serviceAccount: nameOverride: appc-dgbuilder ingress: enabled: false service: - baseaddr: "appc-dgbuilder" name: "appc-dgbuilder" port: 3000 config: ssl: "redirect" #passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. appc-cdt: nodePort3: 11 # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 300 periodSeconds: 60 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 300 periodSeconds: 60 service: type: NodePort name: appc portName: appc internalPort: 8443 externalPort: 8443 nodePort: 30 externalPort2: 1830 nodePort2: 31 clusterPort: 2550 internalPort3: 9191 externalPort3: 9090 nodePort3: 11 ## Persist data to a persitent volume persistence: enabled: true ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: volumeReclaimPolicy: Retain ## database data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) accessMode: ReadWriteOnce size: 1Gi mountPath: /dockerdata-nfs mountSubPath: appc/mdsal mdsalPath: /opt/opendaylight/current/daexim ingress: enabled: false service: - baseaddr: "appc.api" name: "appc" port: 8443 config: ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 1 memory: 2Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {}