--- /dev/null
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###################################################################
+# This override file enables helm charts for all ONAP applications.
+###################################################################
+#ingress virtualhost based configuration
+global:
+ ingress:
+ enabled: true
+ # All http requests via ingress will be redirected
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ namespace: istio-ingress
+ # don't need ejbca server
+ addTestingComponents: &testing false
+ centralizedLoggingEnabled: ¢ralizedLogging false
+ # Disabling CMPv2
+ cmpv2Enabled: false
+
+cassandra:
+ enabled: true
+mariadb-galera:
+ enabled: true
+postgres:
+ enabled: true
+aaf:
+ enabled: false
+ aaf-sms:
+ cps:
+ # you must always set the same values as value set in cps.enabled
+ enabled: true
+aai:
+ enabled: true
+appc:
+ enabled: false
+cds:
+ enabled: true
+cli:
+ enabled: true
+# Today, "contrib" chart that hosting these components must also be enabled
+# in order to make it work. So `contrib.enabled` must have the same value than
+# addTestingComponents
+contrib:
+ enabled: *testing
+consul:
+ enabled: true
+cps:
+ enabled: true
+dcaegen2:
+ enabled: true
+dcaegen2-services:
+ enabled: true
+ dcae-datafile-collector:
+ enabled: true
+ dcae-datalake-admin-ui:
+ enabled: true
+ dcae-datalake-des:
+ enabled: true
+ dcae-datalake-feeder:
+ enabled: true
+ dcae-heartbeat:
+ enabled: true
+ dcae-hv-ves-collector:
+ enabled: true
+ dcae-kpi-ms:
+ enabled: true
+ dcae-ms-healthcheck:
+ enabled: true
+ dcae-pm-mapper:
+ enabled: true
+ dcae-pmsh:
+ enabled: true
+ dcae-prh:
+ enabled: true
+ dcae-restconf-collector:
+ enabled: true
+ dcae-slice-analysis-ms:
+ enabled: true
+ dcae-snmptrap-collector:
+ enabled: true
+ dcae-son-handler:
+ enabled: true
+ dcae-tcagen2:
+ enabled: true
+ dcae-ves-collector:
+ enabled: true
+ dcae-ves-mapper:
+ enabled: true
+ dcae-ves-openapi-manager:
+ enabled: true
+dcaemod:
+ enabled: true
+holmes:
+ enabled: true
+dmaap:
+ enabled: true
+oof:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: true
+nbi:
+ enabled: true
+policy:
+ enabled: true
+portal:
+ enabled: false
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: true
+so:
+ enabled: true
+strimzi:
+ enabled: true
+uui:
+ enabled: true
+vfc:
+ enabled: true
+vid:
+ enabled: false
+vnfsdk:
+ enabled: true
+modeling:
+ enabled: true
+platform:
+ enabled: true
+a1policymanagement:
+ enabled: true
# limitations under the License.
*/}}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
+{{- end -}}
+
+{{- if (include "common.onServiceMesh" .) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ingress-ca-certificate
+ namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
+spec:
+ isCA: true
+ commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
+ secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
+ usages:
+ - server auth
+ - client auth
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ issuerRef:
+ name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
+ kind: Issuer
+ group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ingress-selfsigned-certificate
+ namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
+spec:
+ secretName: ingress-tls-secret
+ privateKey:
+ rotationPolicy: Always
+ algorithm: RSA
+ encoding: PKCS1
+ size: 4096
+ duration: 9000h0m0s # 1 Year
+ renewBefore: 4000h0m0s #9 months
+ commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+# usages:
+# - server auth
+# - client auth
+ dnsNames:
+ - {{ .Values.global.ingress.virtualhost.baseurl }}
+ - "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ - "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ - "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ issuerRef:
+ name: {{ .Values.tls.issuer.ingressCa.name }}
+ kind: Issuer
+ group: cert-manager.io
+{{- end -}}
# limitations under the License.
*/}}
+{{- if .Values.global.cmpv2Enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
namespace: {{ include "common.namespace" . }}
spec:
ca:
- secretName: {{ .Values.tls.issuer.ca.secret.name }}
\ No newline at end of file
+ secretName: {{ .Values.tls.issuer.ca.secret.name }}
+{{- end -}}
+
+{{- if (include "common.onServiceMesh" .) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
+ namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ingressCa.name }}
+ namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
+spec:
+ ca:
+ secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
+{{- end -}}
\ No newline at end of file
# Standard OOM
pullPolicy: "Always"
repository: "nexus3.onap.org:10001"
+ ingress:
+ enabled: true
+ # All http requests via ingress will be redirected
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ namespace: &ingressNamespace istio-ingress
# Service configuration
name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
+ ingressSelfsigned:
+ name: ingress-selfsigned-issuer
+ namespace: *ingressNamespace
+ ingressCa:
+ name: ingress-ca-issuer
+ namespace: *ingressNamespace
+ secret:
+ name: ingress-ca-key-pair
server:
secret:
name: &serverSecret oom-cert-service-server-tls-secret
Code Review / oom.git / commitdiff