| ################################################################################ |
| # Copyright (c) 2020 Nordix Foundation. # |
| # Copyright © 2020 Samsung Electronics, Modifications # |
| # # |
| # Licensed under the Apache License, Version 2.0 (the "License"); # |
| # you may not use this file except in compliance with the License. # |
| # You may obtain a copy of the License at # |
| # # |
| # http://www.apache.org/licenses/LICENSE-2.0 # |
| # # |
| # Unless required by applicable law or agreed to in writing, software # |
| # distributed under the License is distributed on an "AS IS" BASIS, # |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
| # See the License for the specific language governing permissions and # |
| # limitations under the License. # |
| ################################################################################ |
| # Default values for Policy Management Service. |
| # This is a YAML-formatted file. |
| # Declare variables to be passed into your templates. |
| |
| global: |
| nodePortPrefix: 302 |
| persistence: {} |
| |
| secrets: |
| - uid: controller-secret |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}' |
| login: '{{ .Values.a1controller.user }}' |
| password: '{{ .Values.a1controller.password }}' |
| passwordPolicy: required |
| |
| ################################################################# |
| # AAF part |
| ################################################################# |
| certInitializer: |
| nameOverride: a1p-cert-initializer |
| aafDeployFqi: deployer@people.osaaf.org |
| aafDeployPass: demo123456! |
| # aafDeployCredsExternalSecret: some secret |
| fqdn: a1p |
| fqi: a1p@a1p.onap.org |
| public_fqdn: a1p.onap.org |
| cadi_longitude: "0.0" |
| cadi_latitude: "0.0" |
| app_ns: org.osaaf.aaf |
| credsPath: /opt/app/osaaf/local |
| fqi_namespace: org.onap.a1p |
| aaf_add_config: | |
| echo "*** changing them into shell safe ones" |
| export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) |
| cd {{ .Values.credsPath }} |
| keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ |
| -storepass "${cadi_keystore_password_p12}" \ |
| -keystore {{ .Values.fqi_namespace }}.p12 |
| keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ |
| -storepass "${cadi_truststore_password}" \ |
| -keystore {{ .Values.fqi_namespace }}.trust.jks |
| echo "*** save the generated passwords" |
| echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop |
| echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop |
| echo "*** change ownership of certificates to targeted user" |
| chown -R 1000 . |
| |
| image: onap/ccsdk-oran-a1policymanagementservice:1.2.5 |
| userID: 1000 #Should match with image-defined user ID |
| groupID: 999 #Should match with image-defined group ID |
| pullPolicy: IfNotPresent |
| replicaCount: 1 |
| |
| service: |
| type: NodePort |
| name: a1policymanagement |
| both_tls_and_plain: true |
| ports: |
| - name: api |
| port: 8433 |
| plain_port: 8081 |
| port_protocol: http |
| nodePort: '94' |
| |
| # SDNC Credentials are used here |
| a1controller: |
| user: admin |
| password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U |
| |
| sdncLink: https://sdnc.onap:8443 |
| # The information about A1-Mediator/RICs can be added here. |
| # The A1 policy management service supports both STD & OSC versions. |
| # Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination. |
| # Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface |
| # Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep |
| # Example configuration: |
| #rics: |
| # - name: ric1 |
| # link: http://ric1url.url.com:1111/ |
| # managedElementIds: |
| # - kista1 |
| # - kista2 |
| # - name: ric2 |
| # link: http://ric2url.url.com:2222/ |
| # managedElementIds: |
| # - kista3 |
| # - kista4 |
| rics: |
| streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE |
| streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100 |
| |
| liveness: |
| port: api |
| initialDelaySeconds: 60 |
| periodSeconds: 10 |
| readiness: |
| port: api |
| initialDelaySeconds: 60 |
| periodSeconds: 10 |
| |
| #Resource Limit flavor -By Default using small |
| flavor: small |
| |
| resources: |
| small: |
| limits: |
| cpu: 2 |
| memory: 300Mi |
| requests: |
| cpu: 1 |
| memory: 150Mi |
| large: |
| limits: |
| cpu: 4 |
| memory: 8Gi |
| requests: |
| cpu: 2 |
| memory: 4Gi |
| unlimited: {} |
| |
| ## Persist data to a persistent volume |
| persistence: |
| enabled: true |
| |
| ## A manually managed Persistent Volume and Claim |
| ## Requires persistence.enabled: true |
| ## If defined, PVC must be created manually before volume will be bound |
| # existingClaim: |
| volumeReclaimPolicy: Retain |
| |
| ## database data Persistent Volume Storage Class |
| ## If defined, storageClassName: <storageClass> |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning |
| ## If undefined (the default) or set to null, no storageClassName spec is |
| ## set, choosing the default provisioner. (gp2 on AWS, standard on |
| ## GKE, AWS & OpenStack) |
| ## |
| # storageClass: "-" |
| accessMode: ReadWriteOnce |
| size: 2Gi |
| mountPath: /dockerdata-nfs |
| mountSubPath: nonrtric/policymanagementservice |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: a1policymanagement |
| roles: |
| - read |