| # Copyright (c) 2019 IBM, Bell Canada |
| # Copyright (c) 2020 Samsung Electronics |
| # Modification Copyright © 2022 Nordix Foundation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| ################################################################# |
| # Global configuration defaults. |
| ################################################################# |
| global: |
| # Change to an unused port prefix range to prevent port conflicts |
| # with other instances running within the same k8s cluster |
| nodePortPrefixExt: 304 |
| |
| # image pull policy |
| pullPolicy: Always |
| |
| persistence: |
| mountPath: /dockerdata-nfs |
| |
| # This configuration specifies Service and port for SDNC OAM interface |
| sdncOamService: sdnc-oam |
| sdncOamPort: 8282 |
| |
| # This concerns CDS/AAI communication through HTTP when TLS is not being needed |
| # Port value should match the one in aai/values.yml : service.externalPlainPort |
| aaiData: |
| ExternalPlainPort: 80 # when TLS is not needed |
| ServiceName: aai # domain |
| # http://aai:80 or https://aai:443 |
| |
| #AAF is enabled by default |
| #aafEnabled: true |
| |
| #enable importCustomCerts to add custom CA to blueprint processor pod |
| #importCustomCertsEnabled: true |
| |
| #use below configmap to add custom CA certificates |
| #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod |
| #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod |
| #customCertsConfigMap: onap-cds-blueprints-processor-configmap |
| |
| ################################################################# |
| # Secrets metaconfig |
| ################################################################# |
| secrets: |
| - uid: 'cds-db-user-creds' |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}' |
| login: '{{ .Values.config.cdsDB.dbUser }}' |
| password: '{{ .Values.config.cdsDB.dbPassword }}' |
| passwordPolicy: required |
| - uid: 'sdnc-db-root-pass' |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}' |
| password: '{{ .Values.config.sdncDB.dbRootPass }}' |
| passwordPolicy: required |
| - uid: cds-kafka-secret |
| externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' |
| type: genericKV |
| envs: |
| - name: password |
| value: '{{ .Values.config.someConfig }}' |
| policy: generate |
| - uid: cps-creds |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}' |
| login: '{{ .Values.config.cps.cpsUsername }}' |
| password: '{{ .Values.config.cps.cpsPassword }}' |
| passwordPolicy: required |
| |
| ################################################################# |
| # AAF part |
| ################################################################# |
| certInitializer: |
| nameOverride: cds-blueprints-processor-cert-initializer |
| aafDeployFqi: deployer@people.osaaf.org |
| aafDeployPass: demo123456! |
| # aafDeployCredsExternalSecret: some secret |
| fqdn: sdnc-cds |
| fqi: sdnc-cds@sdnc-cds.onap.org |
| public_fqdn: sdnc-cds.onap.org |
| cadi_longitude: "0.0" |
| cadi_latitude: "0.0" |
| app_ns: org.osaaf.aaf |
| credsPath: /opt/app/osaaf/local |
| fqi_namespace: org.onap.sdnc-cds |
| #enable below if we need custom CA to be added to blueprint processor pod |
| #importCustomCertsEnabled: true |
| #truststoreMountpath: /opt/onap/cds |
| #truststoreOutputFileName: truststoreONAPall.jks |
| aaf_add_config: > |
| /opt/app/aaf_config/bin/agent.sh; |
| /opt/app/aaf_config/bin/agent.sh local showpass |
| {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop |
| |
| ################################################################# |
| # Application configuration defaults. |
| ################################################################# |
| # application image |
| image: onap/ccsdk-blueprintsprocessor:1.3.0 |
| pullPolicy: Always |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # application configuration |
| config: |
| appConfigDir: /opt/app/onap/config |
| sdncDB: |
| dbService: mariadb-galera |
| dbPort: 3306 |
| dbName: sdnctl |
| # dbRootPass: Custom root password |
| dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}' |
| cdsDB: |
| dbServer: cds-db |
| dbPort: 3306 |
| dbName: sdnctl |
| dbUser: sdnctl |
| dbPassword: sdnctl |
| # dbCredsExternalSecret: <some secret name> |
| # dbRootPassword: password |
| # dbRootPassExternalSecret |
| someConfig: blah |
| cps: |
| cpsUsername: '' |
| cpsPassword: '' |
| cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds' |
| |
| # default number of instances |
| replicaCount: 1 |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # If useStrimziKafka is true, the following also applies: |
| # strimzi will create an associated kafka user and the topics defined for Request and Audit elements below. |
| # The connection type must be kafka-scram-plain-text-auth |
| # The bootstrapServers will target the strimzi kafka cluster by default |
| useStrimziKafka: false |
| cdsKafkaUser: cds-kafka-user |
| |
| kafkaRequestConsumer: |
| enabled: false |
| type: kafka-scram-plain-text-auth |
| bootstrapServers: host:port |
| groupId: cds-consumer |
| topic: cds.blueprint-processor.self-service-api.request |
| clientId: request-receiver-client-id |
| pollMillSec: 1000 |
| kafkaRequestProducer: |
| type: kafka-scram-plain-text-auth |
| bootstrapServers: host:port |
| clientId: request-producer-client-id |
| topic: cds.blueprint-processor.self-service-api.response |
| enableIdempotence: false |
| kafkaAuditRequest: |
| enabled: false |
| type: kafka-scram-plain-text-auth |
| bootstrapServers: host:port |
| clientId: audit-request-producer-client-id |
| topic: cds.blueprint-processor.self-service-api.audit.request |
| enableIdempotence: false |
| kafkaAuditResponse: |
| type: kafka-scram-plain-text-auth |
| bootstrapServers: host:port |
| clientId: audit-response-producer-client-id |
| topic: cds.blueprint-processor.self-service-api.audit.response |
| enableIdempotence: false |
| |
| # probe configuration parameters |
| startup: |
| initialDelaySeconds: 10 |
| failureThreshold: 30 |
| periodSeconds: 10 |
| |
| liveness: |
| initialDelaySeconds: 1 |
| periodSeconds: 20 |
| timeoutSeconds: 30 |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: false |
| |
| readiness: |
| initialDelaySeconds: 120 |
| periodSeconds: 10 |
| timeoutSeconds: 20 |
| |
| service: |
| http: |
| type: ClusterIP |
| portName: http |
| internalPort: 8080 |
| externalPort: 8080 |
| grpc: |
| type: ClusterIP |
| portName: grpc |
| internalPort: 9111 |
| externalPort: 9111 |
| cluster: |
| type: ClusterIP |
| portName: tcp-cluster |
| internalPort: 5701 |
| externalPort: 5701 |
| |
| persistence: |
| volumeReclaimPolicy: Retain |
| accessMode: ReadWriteMany |
| size: 2Gi |
| enabled: true |
| mountSubPath: cds/blueprints/deploy |
| deployedBlueprint: /opt/app/onap/blueprints/deploy |
| |
| cluster: |
| # Cannot have cluster enabled if the replicaCount is not at least 3 |
| enabled: false |
| |
| clusterName: cds-cluster |
| |
| # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be |
| # between 3 and 7 only. |
| groupSize: 3 |
| |
| ingress: |
| enabled: false |
| service: |
| - baseaddr: "blueprintsprocessorhttp" |
| name: "cds-blueprints-processor-http" |
| port: 8080 |
| config: |
| ssl: "none" |
| |
| logback: |
| rootLogLevel: INFO |
| logger: |
| springframework: INFO |
| springframeworkWeb: INFO |
| springframeworkSecurityWebauthentication: INFO |
| hibernate: INFO |
| onapCcsdkCds: INFO |
| |
| flavor: small |
| |
| resources: |
| small: |
| limits: |
| cpu: 2 |
| memory: 4Gi |
| requests: |
| cpu: 1 |
| memory: 1Gi |
| large: |
| limits: |
| cpu: 4 |
| memory: 8Gi |
| requests: |
| cpu: 2 |
| memory: 4Gi |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: cds-blueprints-processor |
| roles: |
| - read |
| |
| # workflow store flag |
| workflow: |
| storeEnabled: false |