# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright (C) 2021-2025 Nordix Foundation.
+# Modifications Copyright © 2024-2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- mariadb:
- localCluster: true
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
- config: &mariadbConfig
- mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
- prometheusEnabled: false
+ prometheusEnabled: true
postgres:
- localCluster: false
+ localCluster: true
+ # flag to enable the DB creation via pgo-operator
+ useOperator: false
service:
- name: pgset
- name2: tcp-pgset-primary
- name3: tcp-pgset-replica
- container:
- name: postgres
- #Strimzi Kafka properties
- useStrimziKafka: true
- # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
- useStrimziKafkaPf: false
- kafkaBootstrap: strimzi-kafka-bootstrap
+ name: &postgresName policy-postgres
+ name2: &postgresName2 policy-pg-primary
+ name3: &postgresName3 policy-pg-replica
+ port: &postgresPort 5432
+ nameOverride: *postgresName
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
- acRuntimeTopic:
- name: policy.clamp-runtime-acm
-
+ acRuntimeOperationTopic:
+ name: policy-acruntime-participant
+ acRuntimeSyncTopic:
+ name: acm-ppnt-sync
#################################################################
# Secrets metaconfig
#################################################################
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
- password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+ externalSecret: '{{ .Values.global.postgres.localCluster | ternary
+ ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .)
+ )
+ ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary
+ .Values.global.postgres.userRootSecret
+ (include "common.postgres.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.postgres.nameOverride)
+ )
+ )
+ }}'
+ password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}'
policy: generate
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "db" "user" }}'
- password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary
+ ""
+ (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .)
+ }}'
+ login: '{{ (index .Values "postgres" "config" "pgUserName") }}'
+ password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}'
passwordPolicy: generate
- uid: policy-app-user-creds
name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-opa-pdp:
+ enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-distribution:
enabled: true
db: *dbSecretsHook
enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-gui:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-
-#################################################################
-# DB configuration defaults.
-#################################################################
-
-dbmigrator:
- image: onap/policy-db-migrator:3.0.2
- schema: policyadmin
- policy_home: "/opt/app/policy"
subChartsOnly:
enabled: true
# default number of instances
replicaCount: 1
-nodeSelector: {}
+nodeSelector: { }
-affinity: {}
+affinity: { }
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
-
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ opaPdpDataTopic:
+ name: opa-pdp-data
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
someConfig: blah
-mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
- db:
- user: policy-user
- # password:
- externalSecret: *dbSecretName
- name: &mysqlDbName policyadmin
- rootUser:
- externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadb.service must be equals
- service: *mariadbService
- replicaCount: 1
- mariadbOperator:
- galera:
- enabled: false
- persistence:
- enabled: true
- mountSubPath: policy/maria/data
- serviceAccount:
- nameOverride: *policy-mariadb
-
-postgresImage: library/postgres:latest
# application configuration override for postgres
postgres:
nameOverride: &postgresName policy-postgres
service:
name: *postgresName
- name2: policy-pg-primary
- name3: policy-pg-replica
+ name2: *postgresName2
+ name3: *postgresName3
+ internalPort: *postgresPort
container:
name:
- primary: policy-pg-primary
- replica: policy-pg-replica
+ primary: *postgresName2
+ replica: *postgresName3
persistence:
mountSubPath: policy/postgres/data
mountInitPath: policy
+ size: 3Gi
config:
pgUserName: policy-user
pgDatabase: policyadmin
pgUserExternalSecret: *dbSecretName
pgRootPasswordExternalSecret: *dbRootPassSecretName
-readinessCheck:
- wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
-
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 200m
- memory: 2Gi
- unlimited: {}
+ cpu: "200m"
+ memory: "2Gi"
+ unlimited: { }
+
+securityContext:
+ user_id: 100
+ group_id: 65533
#Pods Service Account
serviceAccount:
Code Review / oom.git / blobdiff