# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright (C) 2021-2025 Nordix Foundation.
+# Modifications Copyright © 2024-2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- mariadbGalera:
- # flag to enable the DB creation via mariadb-operator
- useOperator: true
- # if useOperator set to "true", set "enableServiceAccount to "false"
- # as the SA is created by the Operator
- enableServiceAccount: false
+ prometheusEnabled: true
+ postgres:
localCluster: true
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
- config: &mariadbConfig
- mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
- nameOverride: *policy-mariadb
+ # flag to enable the DB creation via pgo-operator
+ useOperator: false
+ service:
+ name: &postgresName policy-postgres
+ name2: &postgresName2 policy-pg-primary
+ name3: &postgresName3 policy-pg-replica
+ port: &postgresPort 5432
+ nameOverride: *postgresName
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
- prometheusEnabled: false
- postgres:
- localCluster: false
- service:
- name: pgset
- name2: tcp-pgset-primary
- name3: tcp-pgset-replica
- container:
- name: postgres
kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
- acRuntimeTopic:
- name: policy.clamp-runtime-acm
+ acRuntimeOperationTopic:
+ name: policy-acruntime-participant
+ acRuntimeSyncTopic:
+ name: acm-ppnt-sync
#################################################################
# Secrets metaconfig
#################################################################
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
- ternary
- ""
- (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
- )
- ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
- ternary
- .Values.global.mariadbGalera.userRootSecret
- (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ externalSecret: '{{ .Values.global.postgres.localCluster | ternary
+ ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .)
+ )
+ ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary
+ .Values.global.postgres.userRootSecret
+ (include "common.postgres.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.postgres.nameOverride)
)
- ) }}'
- password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+ )
+ }}'
+ password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}'
policy: generate
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "db" "user" }}'
- password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .)
+ }}'
+ login: '{{ (index .Values "postgres" "config" "pgUserName") }}'
+ password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}'
passwordPolicy: generate
- uid: policy-app-user-creds
name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: false
+ enabled: true
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-opa-pdp:
+ enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-distribution:
enabled: true
db: *dbSecretsHook
enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-gui:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-
-#################################################################
-# DB configuration defaults.
-#################################################################
-
-dbmigrator:
- image: onap/policy-db-migrator:3.1.0
- schema: policyadmin
- policy_home: "/opt/app/policy"
subChartsOnly:
enabled: true
# default number of instances
replicaCount: 1
-nodeSelector: {}
+nodeSelector: { }
-affinity: {}
+affinity: { }
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
-
config:
policyAppUserName: runtimeUser
policyPdpPapTopic:
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ opaPdpDataTopic:
+ name: opa-pdp-data
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
someConfig: blah
-mariadb-galera:
- # mariadb-galera.config and global.mariadbGalera.config must be equals
- db:
- user: policy-user
- # password:
- externalSecret: *dbSecretName
- name: &mysqlDbName policyadmin
- rootUser:
- externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadbGalera.service must be equals
- service: *mariadbService
- replicaCount: 1
- mariadbOperator:
- galera:
- enabled: false
- persistence:
- enabled: true
- mountSubPath: policy/maria/data
- serviceAccount:
- nameOverride: *policy-mariadb
-
-postgresImage: library/postgres:latest
# application configuration override for postgres
postgres:
nameOverride: &postgresName policy-postgres
service:
name: *postgresName
- name2: policy-pg-primary
- name3: policy-pg-replica
+ name2: *postgresName2
+ name3: *postgresName3
+ internalPort: *postgresPort
container:
name:
- primary: policy-pg-primary
- replica: policy-pg-replica
+ primary: *postgresName2
+ replica: *postgresName3
persistence:
mountSubPath: policy/postgres/data
mountInitPath: policy
+ size: 3Gi
config:
pgUserName: policy-user
pgDatabase: policyadmin
pgUserExternalSecret: *dbSecretName
pgRootPasswordExternalSecret: *dbRootPassSecretName
-readinessCheck:
- wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
-
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34
requests:
cpu: "200m"
memory: "2Gi"
- unlimited: {}
+ unlimited: { }
+
+securityContext:
+ user_id: 100
+ group_id: 65533
#Pods Service Account
serviceAccount:
Code Review / oom.git / blobdiff