# Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2022 CMCC Corporation # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for uui. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ################################################################# # Global configuration defaults. ################################################################# global: uuiPortPrefix: 303 secrets: - uid: pg-root-pass name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-pg-root-pass' type: password externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate - uid: pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-pg-user-creds' type: basicAuth externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate ################################################################# # AAF part ################################################################# certInitializer: nameOverride: uui-server-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: uui fqi: uui@uui.onap.org fqi_namespace: org.onap.uui public_fqdn: uui.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local aaf_add_config: | echo "*** changing them into shell safe ones" export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks echo "*** set key password as same password as keystore password" keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ -keystore {{ .Values.fqi_namespace }}.jks \ -keypass "${cadi_keystore_password_p12}" \ -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} echo "*** save the generated passwords" echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} ################################################################# # Application configuration defaults. ################################################################# subChartsOnly: enabled: true flavor: small # application image repository: nexus3.onap.org:10001 image: onap/usecase-ui-server:5.1.1 pullPolicy: Always # application configuration msbaddr: msb-iag.{{include "common.namespace" .}}:443 mraddr: message-router.{{include "common.namespace" .}}:3904 # application configuration override for postgres postgres: nameOverride: &postgresName uui-server-postgres service: name: *postgresName name2: uui-server-pg-primary name3: uui-server-pg-replica container: name: primary: uui-server-pg-primary replica: uui-server-pg-replica persistence: mountSubPath: uui/uuiserver/data mountInitPath: uui/uuiserver config: pgUserName: uui pgDatabase: uuidb pgUserExternalSecret: *pgUserCredsSecretName pgRootPasswordExternalSecret: *pgRootPassSecretName # flag to enable debugging - application support required debugEnabled: false # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 120 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 60 periodSeconds: 10 service: type: NodePort name: uui-server portName: uui-server internalPort: 8082 nodePort: 99 ingress: enabled: false service: - baseaddr: uui-server-api name: "uui-server" port: 8082 config: ssl: "redirect" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # # Example: # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory resources: small: limits: cpu: 1.5 memory: 350Mi requests: cpu: 1 memory: 245Mi large: limits: cpu: 2 memory: 500Mi requests: cpu: 1 memory: 500Mi unlimited: {} serviceAccount: nameOverride: uui-server roles: - read securityContext: user_id: 100 group_id: 655533