blob: 023bf4917b3e35c7e9c9425c0914320b781982a7 [file] [log] [blame]
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefixExt: 304
# image pull policy
pullPolicy: Always
persistence:
mountPath: /dockerdata-nfs
# This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
# This concerns CDS/AAI communication through HTTP when TLS is not being needed
# Port value should match the one in aai/values.yml : service.externalPlainPort
aaiData:
ExternalPlainPort: 80 # when TLS is not needed
ServiceName: aai # domain
# http://aai:80 or https://aai:443
#AAF is enabled by default
#aafEnabled: true
#enable importCustomCerts to add custom CA to blueprint processor pod
#importCustomCertsEnabled: true
#use below configmap to add custom CA certificates
#certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod
#certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod
#customCertsConfigMap: onap-cds-blueprints-processor-configmap
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: 'cds-db-user-creds'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
login: '{{ .Values.config.cdsDB.dbUser }}'
password: '{{ .Values.config.cdsDB.dbPassword }}'
passwordPolicy: required
- uid: 'sdnc-db-root-pass'
type: password
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
- uid: cds-kafka-secret
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
envs:
- name: password
value: '{{ .Values.config.someConfig }}'
policy: generate
- uid: cps-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}'
login: '{{ .Values.config.cps.cpsUsername }}'
password: '{{ .Values.config.cps.cpsPassword }}'
passwordPolicy: required
#################################################################
# AAF part
#################################################################
certInitializer:
nameOverride: cds-blueprints-processor-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: sdnc-cds
fqi: sdnc-cds@sdnc-cds.onap.org
public_fqdn: sdnc-cds.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.sdnc-cds
#enable below if we need custom CA to be added to blueprint processor pod
#importCustomCertsEnabled: true
#truststoreMountpath: /opt/onap/cds
#truststoreOutputFileName: truststoreONAPall.jks
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh;
/opt/app/aaf_config/bin/agent.sh local showpass
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/ccsdk-blueprintsprocessor:1.3.0
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
config:
appConfigDir: /opt/app/onap/config
sdncDB:
dbService: mariadb-galera
dbPort: 3306
dbName: sdnctl
# dbRootPass: Custom root password
dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
dbPort: 3306
dbName: sdnctl
dbUser: sdnctl
dbPassword: sdnctl
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
someConfig: blah
cps:
cpsUsername: ''
cpsPassword: ''
cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds'
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# If useStrimziKafka is true, the following also applies:
# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
# The connection type must be kafka-scram-plain-text-auth
# The bootstrapServers will target the strimzi kafka cluster by default
useStrimziKafka: false
cdsKafkaUser: cds-kafka-user
kafkaRequestConsumer:
enabled: false
type: kafka-scram-plain-text-auth
bootstrapServers: host:port
groupId: cds-consumer
topic: cds.blueprint-processor.self-service-api.request
clientId: request-receiver-client-id
pollMillSec: 1000
kafkaRequestProducer:
type: kafka-scram-plain-text-auth
bootstrapServers: host:port
clientId: request-producer-client-id
topic: cds.blueprint-processor.self-service-api.response
enableIdempotence: false
kafkaAuditRequest:
enabled: false
type: kafka-scram-plain-text-auth
bootstrapServers: host:port
clientId: audit-request-producer-client-id
topic: cds.blueprint-processor.self-service-api.audit.request
enableIdempotence: false
kafkaAuditResponse:
type: kafka-scram-plain-text-auth
bootstrapServers: host:port
clientId: audit-response-producer-client-id
topic: cds.blueprint-processor.self-service-api.audit.response
enableIdempotence: false
# probe configuration parameters
startup:
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
liveness:
initialDelaySeconds: 1
periodSeconds: 20
timeoutSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: false
readiness:
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 20
service:
http:
type: ClusterIP
portName: http
internalPort: 8080
externalPort: 8080
grpc:
type: ClusterIP
portName: grpc
internalPort: 9111
externalPort: 9111
cluster:
type: ClusterIP
portName: tcp-cluster
internalPort: 5701
externalPort: 5701
persistence:
volumeReclaimPolicy: Retain
accessMode: ReadWriteMany
size: 2Gi
enabled: true
mountSubPath: cds/blueprints/deploy
deployedBlueprint: /opt/app/onap/blueprints/deploy
cluster:
# Cannot have cluster enabled if the replicaCount is not at least 3
enabled: false
clusterName: cds-cluster
# Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
# between 3 and 7 only.
groupSize: 3
ingress:
enabled: false
service:
- baseaddr: "blueprintsprocessorhttp"
name: "cds-blueprints-processor-http"
port: 8080
config:
ssl: "none"
logback:
rootLogLevel: INFO
logger:
springframework: INFO
springframeworkWeb: INFO
springframeworkSecurityWebauthentication: INFO
hibernate: INFO
onapCcsdkCds: INFO
flavor: small
resources:
small:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
cpu: 2
memory: 4Gi
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: cds-blueprints-processor
roles:
- read
# workflow store flag
workflow:
storeEnabled: false