X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fvalues.yaml;h=d1527ab6b8f83c56c255983717b64ea4dc3446fd;hp=47ced8afd8dc14ff35af82ef1f6b9e96141b594f;hb=refs%2Fheads%2Fmaster;hpb=b79671556abd980c1fe0d48dcb96ef8437173b7a diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml old mode 100755 new mode 100644 index 47ced8afd8..2f7f141fe3 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright (C) 2021-2025 Nordix Foundation. +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,34 +19,27 @@ # Global configuration defaults. ################################################################# global: - mariadb: - localCluster: true - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. - config: &mariadbConfig - mysqlDatabase: policyadmin - service: &mariadbService - name: &policy-mariadb policy-mariadb - internalPort: 3306 - prometheusEnabled: false + prometheusEnabled: true postgres: - localCluster: false + localCluster: true + # flag to enable the DB creation via pgo-operator + useOperator: false service: - name: pgset - name2: tcp-pgset-primary - name3: tcp-pgset-replica - container: - name: postgres - #Strimzi Kafka properties - useStrimziKafka: true - # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml - useStrimziKafkaPf: false - kafkaBootstrap: strimzi-kafka-bootstrap + name: &postgresName policy-postgres + name2: &postgresName2 policy-pg-primary + name3: &postgresName3 policy-pg-replica + port: &postgresPort 5432 + nameOverride: *postgresName + # (optional) if localCluster=false and an external secret is used set this variable + #userRootSecret: + kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user + useStrimziKafka: true kafkaTopics: - acRuntimeTopic: - name: policy.clamp-runtime-acm - + acRuntimeOperationTopic: + name: policy-acruntime-participant + acRuntimeSyncTopic: + name: acm-ppnt-sync ################################################################# # Secrets metaconfig ################################################################# @@ -53,15 +47,29 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' + externalSecret: '{{ .Values.global.postgres.localCluster | ternary + ( hasSuffix "policy-db-root-password" (index .Values "postgres" "config" "pgRootPasswordExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgRootPasswordExternalSecret")) .) + ) + ( not (empty (default "" .Values.global.postgres.userRootSecret)) | ternary + .Values.global.postgres.userRootSecret + (include "common.postgres.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.postgres.nameOverride) + ) + ) + }}' + password: '{{ (index .Values "postgres" "config" "pgRootPassword") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "db" "user" }}' - password: '{{ index .Values "mariadb-galera" "db" "password" }}' + externalSecret: '{{ hasSuffix "policy-db-secret" (index .Values "postgres" "config" "pgUserExternalSecret") | ternary + "" + (tpl (default "" (index .Values "postgres" "config" "pgUserExternalSecret")) .) + }}' + login: '{{ (index .Values "postgres" "config" "pgUserName") }}' + password: '{{ (index .Values "postgres" "config" "pgUserPassword") }}' passwordPolicy: generate - uid: policy-app-user-creds name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' @@ -118,6 +126,10 @@ policy-drools-pdp: db: *dbSecretsHook config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' +policy-opa-pdp: + enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-distribution: enabled: true db: *dbSecretsHook @@ -143,19 +155,6 @@ policy-nexus: enabled: false config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -policy-gui: - enabled: false - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' - -################################################################# -# DB configuration defaults. -################################################################# - -dbmigrator: - image: onap/policy-db-migrator:3.0.2 - schema: policyadmin - policy_home: "/opt/app/policy" subChartsOnly: enabled: true @@ -166,9 +165,9 @@ debugEnabled: false # default number of instances replicaCount: 1 -nodeSelector: {} +nodeSelector: { } -affinity: {} +affinity: { } # probe configuration parameters liveness: @@ -182,10 +181,8 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 - config: policyAppUserName: runtimeUser - useStrimziKafka: true policyPdpPapTopic: name: policy-pdp-pap partitions: 10 @@ -207,55 +204,35 @@ config: segmentBytes: 1073741824 consumer: groupId: policy-group + opaPdpDataTopic: + name: opa-pdp-data + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 someConfig: blah -mariadb-galera: - # mariadb-galera.config and global.mariadb.config must be equals - db: - user: policy-user - # password: - externalSecret: *dbSecretName - name: &mysqlDbName policyadmin - rootUser: - externalSecret: *dbRootPassSecretName - nameOverride: *policy-mariadb - # mariadb-galera.service and global.mariadb.service must be equals - service: *mariadbService - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - persistence: - enabled: true - mountSubPath: policy/maria/data - serviceAccount: - nameOverride: *policy-mariadb - -postgresImage: library/postgres:latest # application configuration override for postgres postgres: nameOverride: &postgresName policy-postgres service: name: *postgresName - name2: policy-pg-primary - name3: policy-pg-replica + name2: *postgresName2 + name3: *postgresName3 + internalPort: *postgresPort container: name: - primary: policy-pg-primary - replica: policy-pg-replica + primary: *postgresName2 + replica: *postgresName3 persistence: mountSubPath: policy/postgres/data mountInitPath: policy + size: 3Gi config: pgUserName: policy-user pgDatabase: policyadmin pgUserExternalSecret: *dbSecretName pgRootPasswordExternalSecret: *dbRootPassSecretName -readinessCheck: - wait_for: - - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' - restServer: policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 @@ -268,19 +245,23 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: "1" + memory: "4Gi" requests: - cpu: 100m - memory: 1Gi + cpu: "100m" + memory: "1Gi" large: limits: - cpu: 2 - memory: 8Gi + cpu: "2" + memory: "8Gi" requests: - cpu: 200m - memory: 2Gi - unlimited: {} + cpu: "200m" + memory: "2Gi" + unlimited: { } + +securityContext: + user_id: 100 + group_id: 65533 #Pods Service Account serviceAccount: