blob: e4ded1b0b20f8466a08bdbbdc13e3d858a557b70 [file] [log] [blame]
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# You may obtain a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
# Default values for Policy Management Service.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
persistence: {}
secrets:
- uid: controller-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
login: '{{ .Values.a1controller.user }}'
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
#################################################################
# AAF part
#################################################################
certInitializer:
nameOverride: a1p-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: a1p
fqi: a1p@a1p.onap.org
public_fqdn: a1p.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.a1p
aaf_add_config: |
echo "*** changing them into shell safe ones"
export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
cd {{ .Values.credsPath }}
keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-storepass "${cadi_keystore_password_p12}" \
-keystore {{ .Values.fqi_namespace }}.p12
keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-storepass "${cadi_truststore_password}" \
-keystore {{ .Values.fqi_namespace }}.trust.jks
echo "*** save the generated passwords"
echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
image: onap/ccsdk-oran-a1policymanagementservice:1.2.5
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1
service:
type: NodePort
name: a1policymanagement
both_tls_and_plain: true
ports:
- name: api
port: 8433
plain_port: 8081
port_protocol: http
nodePort: '94'
# SDNC Credentials are used here
a1controller:
user: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
sdncLink: https://sdnc.onap:8443
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
# Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
# Example configuration:
#rics:
# - name: ric1
# link: http://ric1url.url.com:1111/
# managedElementIds:
# - kista1
# - kista2
# - name: ric2
# link: http://ric2url.url.com:2222/
# managedElementIds:
# - kista3
# - kista4
rics:
streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
liveness:
port: api
initialDelaySeconds: 60
periodSeconds: 10
readiness:
port: api
initialDelaySeconds: 60
periodSeconds: 10
#Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
cpu: 2
memory: 300Mi
requests:
cpu: 1
memory: 150Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
cpu: 2
memory: 4Gi
unlimited: {}
## Persist data to a persistent volume
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
volumeReclaimPolicy: Retain
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
#Pods Service Account
serviceAccount:
nameOverride: a1policymanagement
roles:
- read