# Copyright © 2019 Amdocs, Bell Canada # Copyright (c) 2020 Nordix Foundation, Modifications # Modifications Copyright © 2020-2021 Nokia # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration overrides. # # These overrides will affect all helm charts (ie. applications) # that are listed below and are 'enabled'. ################################################################# global: # Change to an unused port prefix range to prevent port conflicts # with other instances running within the same k8s cluster nodePortPrefix: 302 nodePortPrefixExt: 304 # ONAP Repository # Four different repositories are used # You can change individually these repositories to ones that will serve the # right images. If credentials are needed for one of them, see below. repository: nexus3.onap.org:10001 dockerHubRepository: &dockerHubRepository docker.io elasticRepository: &elasticRepository docker.elastic.co quayRepository: quay.io googleK8sRepository: k8s.gcr.io githubContainerRegistry: ghcr.io # Default credentials # they're optional. If the target repository doesn't need them, comment them repositoryCred: user: docker password: docker # If you want / need authentication on the repositories, please set # Don't set them if the target repo is the same than others # so id you've set repository to value `my.private.repo` and same for # dockerHubRepository, you'll have to configure only repository (exclusive) OR # dockerHubCred. # dockerHubCred: # user: myuser # password: mypassord # elasticCred: # user: myuser # password: mypassord # googleK8sCred: # user: myuser # password: mypassord # Default definition of the secret containing the docker image repository # credentials. In the default ONAP deployment the secret is created by the # repository-wrapper component, which uses the secrets defined above. # If this is not wanted or other secrets are created, alternative secret # names can be used # Overrides for specific images can be done, if the "image" entry is used as # a map and the "pullSecrets" is used, e.g. # image: # ... # pullSecrets: # - myRegistryKeySecretName # imagePullSecrets: - '{{ include "common.namespace" . }}-docker-registry-key' # common global images # Busybox for simple shell manipulation busyboxImage: busybox:1.34.1 # curl image curlImage: curlimages/curl:7.80.0 # env substitution image envsubstImage: dibi/envsubst:1 # generate htpasswd files image # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest # kubenretes client image kubectlImage: bitnami/kubectl:1.22.4 # logging agent loggingImage: beats/filebeat:5.5.0 # mariadb client image mariadbImage: bitnami/mariadb:10.5.8 # nginx server image nginxImage: bitnami/nginx:1.21.4 # postgreSQL client and server image postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 # readiness check image readinessImage: onap/oom/readiness:6.0.3 # image pull policy pullPolicy: Always # default java image jreImage: onap/integration-java11:10.0.0 # default clusterName # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} clusterName: cluster.local # default mount path root directory referenced # by persistent volumes and log files persistence: mountPath: /dockerdata-nfs enableDefaultStorageclass: false parameters: {} storageclassProvisioner: kubernetes.io/no-provisioner volumeReclaimPolicy: Retain # Global flag to enable the creation of default roles instead of using # common roles-wrapper createDefaultRoles: false # override default resource limit flavor for all charts flavor: unlimited # flag to enable debugging - application support required debugEnabled: false # default password complexity # available options: phrase, name, pin, basic, short, medium, long, maximum security # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf passwordStrength: long # configuration to set log level to all components (the one that are using # "common.log.level" to set this) # can be overrided per components by setting logConfiguration.logLevelOverride # to the desired value # logLevel: DEBUG # Global ingress configuration ingress: # generally enable ingress for ONAP components enabled: false # enable all component's Ingress interfaces enable_all: false # Provider: ingress, istio, gw-api provider: istio # Ingress class (only for provider "ingress"): e.g. nginx, traefik ingressClass: # Ingress Selector (only for provider "istio") to match with the # ingress pod label "istio=ingress" ingressSelector: ingress # optional: common used Gateway (for Istio, GW-API) and listener names commonGateway: name: "" httpListener: "" httpsListener: "" # default Ingress base URL and preAddr- and postAddr settings # Ingress URLs result: # . virtualhost: # Default Ingress base URL # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" # prefix for baseaddr # can be overwritten in component by setting ingress.preaddrOverride preaddr: "" # postfix for baseaddr # can be overwritten in component by setting ingress.postaddrOverride postaddr: "" # All http (port 80) requests via ingress will be redirected # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" # you can set an own Secret containing a certificate # only valid for Istio Gateway (ServiceMesh enabled) # tls: # secret: 'my-ingress-cert' # optional: Namespace of the Istio IngressGateway or Gateway-API # only valid for Istio Gateway (ServiceMesh enabled) namespace: istio-ingress # Global Service Mesh configuration serviceMesh: enabled: false tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd # Global Istio Authorization Policy configuration authorizationPolicies: enabled: false # metrics part # If enabled, exporters (for prometheus) will be deployed # if custom resources set to yes, CRD from prometheus operartor will be # created # Not all components have it enabled. # metrics: enabled: true custom_resources: false # Disabling AAF # POC Mode, only for use in development environment # Keep it enabled in production aafEnabled: false # Disabling MSB # POC Mode, only for use in development environment msbEnabled: true # default values for certificates certificate: default: renewBefore: 720h #30 days duration: 8760h #365 days subject: organization: "Linux-Foundation" country: "US" locality: "San-Francisco" province: "California" organizationalUnit: "ONAP" issuer: group: certmanager.onap.org kind: CMPv2Issuer name: cmpv2-issuer-onap # Enabling CMPv2 cmpv2Enabled: false platform: certificates: clientSecretName: oom-cert-service-client-tls-secret keystoreKeyRef: keystore.jks truststoreKeyRef: truststore.jks keystorePasswordSecretName: oom-cert-service-certificates-password keystorePasswordSecretKey: password truststorePasswordSecretName: oom-cert-service-certificates-password truststorePasswordSecretKey: password # Indicates offline deployment build # Set to true if you are rendering helm charts for offline deployment # Otherwise keep it disabled offlineDeploymentBuild: false # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. # if set this element will force or not tls even if serviceMesh.tls is set. tlsEnabled: false # Logging # Currently, centralized logging is not in best shape so it's disabled by # default centralizedLoggingEnabled: ¢ralizedLogging false # Example of specific for the components where you want to disable TLS only for # it: # if set this element will force or not tls even if global.serviceMesh.tls and # global.tlsEnabled is set otherwise. # robot: # tlsOverride: false # Global storage configuration # Set to "-" for default, or with the name of the storage class # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a # storageclass with RWX capabilities (or set specific configuration for these # components). # persistence: # storageClass: "-" # Example of specific for the components which requires RWX: # cds: # cds-blueprints-processor: # persistence: # storageClassOverride: "My_RWX_Storage_Class" # sdc: # sdc-onboarding-be: # persistence: # storageClassOverride: "My_RWX_Storage_Class" ################################################################# # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. ################################################################# aai: enabled: false cassandra: enabled: false cds: enabled: false cli: enabled: false cps: enabled: false dcaegen2-services: enabled: false holmes: enabled: false dmaap: enabled: false message-router: enabled: false dmaap-dr-prov: enabled: false dmaap-dr-node: enabled: false oof: enabled: false mariadb-galera: enabled: false msb: enabled: false multicloud: enabled: false nbi: enabled: false config: # openstack configuration openStackRegion: "Yolo" openStackVNFTenantId: "1234" policy: enabled: false portal-ng: enabled: false robot: enabled: false config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" sdc: enabled: false sdnc: enabled: false replicaCount: 1 mysql: replicaCount: 1 so: enabled: false replicaCount: 1 liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: false # so server configuration config: # message router configuration dmaapTopic: "AUTO" # openstack configuration openStackUserName: "vnf_user" openStackRegion: "RegionOne" openStackKeyStoneUrl: "http://1.2.3.4:5000" openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" # in order to enable static password for so-monitoring uncomment: # so-monitoring: # server: # monitoring: # password: demo123456! strimzi: enabled: false # Kafka replication & disk storage should be dimensioned # according to each given system use case. replicaCount: 3 persistence: kafka: size: 10Gi zookeeper: size: 1Gi # Strimzi kafka bridge is an optional http api towards # kafka provided by https://strimzi.io/docs/bridge/latest/ strimzi-kafka-bridge: enabled: false uui: enabled: false vfc: enabled: false vnfsdk: enabled: false modeling: enabled: false platform: enabled: false a1policymanagement: enabled: false repository-wrapper: enabled: true roles-wrapper: enabled: true