Merge "[DMAAP] DMaaP ServiceMesh compatibility"

[oom.git] / kubernetes / policy / values.yaml

diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 5204aa7..d7d556a 100755 (executable)
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,6 +27,17 @@ global:
     service: &mariadbService
       name: &policy-mariadb policy-mariadb
       internalPort: 3306
+  prometheusEnabled: false
+  postgres:
+    localCluster: false
+    service:
+      name: pgset
+      name2: tcp-pgset-primary
+      name3: tcp-pgset-replica
+    container:
+      name: postgres
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  policyKafkaUser: policy-kafka-user
 
 #################################################################
 # Secrets metaconfig
@@ -66,6 +77,19 @@ secrets:
     login: '{{ .Values.restServer.policyApiUserName }}'
     password: '{{ .Values.restServer.policyApiUserPassword }}'
     passwordPolicy: required
+  - uid: pg-root-pass
+    name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+    type: password
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+    password: '{{ .Values.postgres.config.pgRootpassword }}'
+    policy: generate
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
 
 db: &dbSecretsHook
   credsExternalSecret: *dbSecretName
@@ -75,49 +99,71 @@ policy-api:
   db: *dbSecretsHook
   restServer:
     apiUserExternalSecret: *policyApiCredsSecret
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-pap:
   enabled: true
   db: *dbSecretsHook
   restServer:
     papUserExternalSecret: *policyPapCredsSecret
     apiUserExternalSecret: *policyApiCredsSecret
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-xacml-pdp:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-apex-pdp:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-drools-pdp:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-distribution:
   enabled: true
   db: *dbSecretsHook
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-clamp-be:
   enabled: true
   db: *dbSecretsHook
   config:
     appUserExternalSecret: *policyAppCredsSecret
-policy-clamp-fe:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-k8s-ppnt:
   enabled: true
-policy-clamp-cl-k8s-ppnt:
-  enabled: true
-policy-clamp-cl-pf-ppnt:
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-pf-ppnt:
   enabled: true
   restServer:
     apiUserExternalSecret: *policyApiCredsSecret
     papUserExternalSecret: *policyPapCredsSecret
-policy-clamp-cl-http-ppnt:
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-http-ppnt:
   enabled: true
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-nexus:
   enabled: false
-policy-clamp-cl-runtime:
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-runtime-acm:
   enabled: true
   db: *dbSecretsHook
   config:
     appUserExternalSecret: *policyAppCredsSecret
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 policy-gui:
   enabled: true
+  config:
+    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
 
 #################################################################
 # DB configuration defaults.
@@ -130,7 +176,7 @@ mariadb:
   image: mariadb:10.5.8
 
 dbmigrator:
-  image: onap/policy-db-migrator:2.3.1
+  image: onap/policy-db-migrator:2.4.3
   schema: policyadmin
   policy_home: "/opt/app/policy"
 
@@ -162,6 +208,35 @@ readiness:
 
 config:
   policyAppUserName: runtimeUser
+  useStrimziKafka: true
+  acRuntimeTopic:
+    name: policy-acruntime-participant
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  policyPdpPapTopic:
+    name: policy-pdp-pap
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  policyHeartbeatTopic:
+    name: policy-heartbeat
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
+  policyNotificationTopic:
+    name: policy-notification
+    partitions: 10
+    retentionMs: 7200000
+    segmentBytes: 1073741824
+    consumer:
+      groupId: policy-group
 
 mariadb-galera:
   # mariadb-galera.config and global.mariadb.config must be equals
@@ -182,10 +257,35 @@ mariadb-galera:
   serviceAccount:
     nameOverride: *policy-mariadb
 
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+  nameOverride: &postgresName policy-postgres
+  service:
+    name: *postgresName
+    name2: policy-pg-primary
+    name3: policy-pg-replica
+  container:
+    name:
+      primary: policy-pg-primary
+      replica: policy-pg-replica
+  persistence:
+    mountSubPath: policy/postgres/data
+    mountInitPath: policy
+  config:
+    pgUserName: policy_user
+    pgDatabase: policyadmin
+    pgUserExternalSecret: *pgUserCredsSecretName
+    pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+  wait_for:
+    - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
 restServer:
-  policyPapUserName: healthcheck
+  policyPapUserName: policyadmin
   policyPapUserPassword: zb!XztG34
-  policyApiUserName: healthcheck
+  policyApiUserName: policyadmin
   policyApiUserPassword: zb!XztG34
 
 # Resource Limit flavor -By Default using small