| # Copyright © 2019 Amdocs, Bell Canada |
| # Copyright (c) 2020 Nordix Foundation, Modifications |
| # Modifications Copyright © 2020-2021 Nokia |
| # Modifications Copyright © 2023 Nordix Foundation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| ################################################################# |
| # Global configuration overrides. |
| # |
| # These overrides will affect all helm charts (ie. applications) |
| # that are listed below and are 'enabled'. |
| ################################################################# |
| global: |
| # Change to an unused port prefix range to prevent port conflicts |
| # with other instances running within the same k8s cluster |
| nodePortPrefix: 302 |
| nodePortPrefixExt: 304 |
| |
| # ONAP Repository |
| # Four different repositories are used |
| # You can change individually these repositories to ones that will serve the |
| # right images. If credentials are needed for one of them, see below. |
| repository: nexus3.onap.org:10001 |
| dockerHubRepository: &dockerHubRepository docker.io |
| elasticRepository: &elasticRepository docker.elastic.co |
| quayRepository: quay.io |
| googleK8sRepository: k8s.gcr.io |
| githubContainerRegistry: ghcr.io |
| |
| # Default credentials |
| # they're optional. If the target repository doesn't need them, comment them |
| repositoryCred: |
| user: docker |
| password: docker |
| # If you want / need authentication on the repositories, please set |
| # Don't set them if the target repo is the same than others |
| # so id you've set repository to value `my.private.repo` and same for |
| # dockerHubRepository, you'll have to configure only repository (exclusive) OR |
| # dockerHubCred. |
| # dockerHubCred: |
| # user: myuser |
| # password: mypassord |
| # elasticCred: |
| # user: myuser |
| # password: mypassord |
| # googleK8sCred: |
| # user: myuser |
| # password: mypassord |
| |
| |
| # common global images |
| # Busybox for simple shell manipulation |
| busyboxImage: busybox:1.34.1 |
| |
| # curl image |
| curlImage: curlimages/curl:7.80.0 |
| |
| # env substitution image |
| envsubstImage: dibi/envsubst:1 |
| |
| # generate htpasswd files image |
| # there's only latest image for htpasswd |
| htpasswdImage: xmartlabs/htpasswd:latest |
| |
| # kubenretes client image |
| kubectlImage: bitnami/kubectl:1.22.4 |
| |
| # logging agent |
| loggingImage: beats/filebeat:5.5.0 |
| |
| # mariadb client image |
| mariadbImage: bitnami/mariadb:10.5.8 |
| |
| # nginx server image |
| nginxImage: bitnami/nginx:1.21.4 |
| |
| # postgreSQL client and server image |
| postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 |
| |
| # readiness check image |
| readinessImage: onap/oom/readiness:3.0.1 |
| |
| # image pull policy |
| pullPolicy: Always |
| |
| # default java image |
| jreImage: onap/integration-java11:10.0.0 |
| |
| # default clusterName |
| # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} |
| clusterName: cluster.local |
| |
| # default mount path root directory referenced |
| # by persistent volumes and log files |
| persistence: |
| mountPath: /dockerdata-nfs |
| enableDefaultStorageclass: false |
| parameters: {} |
| storageclassProvisioner: kubernetes.io/no-provisioner |
| volumeReclaimPolicy: Retain |
| |
| # override default resource limit flavor for all charts |
| flavor: unlimited |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # default password complexity |
| # available options: phrase, name, pin, basic, short, medium, long, maximum security |
| # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf |
| passwordStrength: long |
| |
| # configuration to set log level to all components (the one that are using |
| # "common.log.level" to set this) |
| # can be overrided per components by setting logConfiguration.logLevelOverride |
| # to the desired value |
| # logLevel: DEBUG |
| |
| # Global ingress configuration |
| ingress: |
| # generally enable ingress for ONAP components |
| enabled: false |
| # enable all component's Ingress interfaces |
| enable_all: false |
| |
| # default Ingress base URL and preAddr- and postAddr settings |
| # Ingress URLs result: |
| # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl> |
| virtualhost: |
| # Default Ingress base URL |
| # can be overwritten in component by setting ingress.baseurlOverride |
| baseurl: "simpledemo.onap.org" |
| # prefix for baseaddr |
| # can be overwritten in component by setting ingress.preaddrOverride |
| preaddr: "" |
| # postfix for baseaddr |
| # can be overwritten in component by setting ingress.postaddrOverride |
| postaddr: "" |
| |
| # All http (port 80) requests via ingress will be redirected |
| # to port 443 on Ingress controller |
| # only valid for Istio Gateway (ServiceMesh enabled) |
| config: |
| ssl: "redirect" |
| # you can set an own Secret containing a certificate |
| # only valid for Istio Gateway (ServiceMesh enabled) |
| # tls: |
| # secret: 'my-ingress-cert' |
| |
| # optional: Namespace of the Istio IngressGateway |
| # only valid for Istio Gateway (ServiceMesh enabled) |
| namespace: istio-ingress |
| |
| # Global Service Mesh configuration |
| serviceMesh: |
| enabled: false |
| tls: true |
| # be aware that linkerd is not well tested |
| engine: "istio" # valid value: istio or linkerd |
| |
| # Global Istio Authorization Policy configuration |
| authorizationPolicies: |
| enabled: false |
| |
| # metrics part |
| # If enabled, exporters (for prometheus) will be deployed |
| # if custom resources set to yes, CRD from prometheus operartor will be |
| # created |
| # Not all components have it enabled. |
| # |
| metrics: |
| enabled: true |
| custom_resources: false |
| |
| # Disabling AAF |
| # POC Mode, only for use in development environment |
| # Keep it enabled in production |
| aafEnabled: false |
| |
| # Disabling MSB |
| # POC Mode, only for use in development environment |
| msbEnabled: true |
| |
| # default values for certificates |
| certificate: |
| default: |
| renewBefore: 720h #30 days |
| duration: 8760h #365 days |
| subject: |
| organization: "Linux-Foundation" |
| country: "US" |
| locality: "San-Francisco" |
| province: "California" |
| organizationalUnit: "ONAP" |
| issuer: |
| group: certmanager.onap.org |
| kind: CMPv2Issuer |
| name: cmpv2-issuer-onap |
| |
| # Enabling CMPv2 |
| cmpv2Enabled: false |
| platform: |
| certificates: |
| clientSecretName: oom-cert-service-client-tls-secret |
| keystoreKeyRef: keystore.jks |
| truststoreKeyRef: truststore.jks |
| keystorePasswordSecretName: oom-cert-service-certificates-password |
| keystorePasswordSecretKey: password |
| truststorePasswordSecretName: oom-cert-service-certificates-password |
| truststorePasswordSecretKey: password |
| |
| # Indicates offline deployment build |
| # Set to true if you are rendering helm charts for offline deployment |
| # Otherwise keep it disabled |
| offlineDeploymentBuild: false |
| |
| # TLS |
| # Set to false if you want to disable TLS for NodePorts. Be aware that this |
| # will loosen your security. |
| # if set this element will force or not tls even if serviceMesh.tls is set. |
| tlsEnabled: false |
| |
| # Logging |
| # Currently, centralized logging is not in best shape so it's disabled by |
| # default |
| centralizedLoggingEnabled: ¢ralizedLogging false |
| |
| # Example of specific for the components where you want to disable TLS only for |
| # it: |
| # if set this element will force or not tls even if global.serviceMesh.tls and |
| # global.tlsEnabled is set otherwise. |
| # robot: |
| # tlsOverride: false |
| |
| # Global storage configuration |
| # Set to "-" for default, or with the name of the storage class |
| # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a |
| # storageclass with RWX capabilities (or set specific configuration for these |
| # components). |
| # persistence: |
| # storageClass: "-" |
| |
| # Example of specific for the components which requires RWX: |
| # cds: |
| # cds-blueprints-processor: |
| # persistence: |
| # storageClassOverride: "My_RWX_Storage_Class" |
| # sdc: |
| # sdc-onboarding-be: |
| # persistence: |
| # storageClassOverride: "My_RWX_Storage_Class" |
| |
| ################################################################# |
| # Enable/disable and configure helm charts (ie. applications) |
| # to customize the ONAP deployment. |
| ################################################################# |
| |
| aai: |
| enabled: false |
| cassandra: |
| enabled: false |
| cds: |
| enabled: false |
| cli: |
| enabled: false |
| cps: |
| enabled: false |
| dcaegen2-services: |
| enabled: false |
| holmes: |
| enabled: false |
| dmaap: |
| enabled: false |
| message-router: |
| enabled: false |
| dmaap-bc: |
| enabled: false |
| dmaap-dr-prov: |
| enabled: false |
| dmaap-dr-node: |
| enabled: false |
| oof: |
| enabled: false |
| mariadb-galera: |
| enabled: false |
| msb: |
| enabled: false |
| multicloud: |
| enabled: false |
| nbi: |
| enabled: false |
| config: |
| # openstack configuration |
| openStackRegion: "Yolo" |
| openStackVNFTenantId: "1234" |
| policy: |
| enabled: false |
| robot: |
| enabled: false |
| config: |
| # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment |
| openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" |
| sdc: |
| enabled: false |
| sdnc: |
| enabled: false |
| |
| replicaCount: 1 |
| |
| mysql: |
| replicaCount: 1 |
| so: |
| enabled: false |
| |
| replicaCount: 1 |
| |
| liveness: |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: false |
| |
| # so server configuration |
| config: |
| # message router configuration |
| dmaapTopic: "AUTO" |
| # openstack configuration |
| openStackUserName: "vnf_user" |
| openStackRegion: "RegionOne" |
| openStackKeyStoneUrl: "http://1.2.3.4:5000" |
| openStackServiceTenantName: "service" |
| openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" |
| |
| # in order to enable static password for so-monitoring uncomment: |
| # so-monitoring: |
| # server: |
| # monitoring: |
| # password: demo123456! |
| |
| strimzi: |
| enabled: false |
| # Kafka replication & disk storage should be dimensioned |
| # according to each given system use case. |
| replicaCount: 3 |
| persistence: |
| kafka: |
| size: 10Gi |
| zookeeper: |
| size: 1Gi |
| # Strimzi kafka bridge is an optional http api towards |
| # kafka provided by https://strimzi.io/docs/bridge/latest/ |
| strimzi-kafka-bridge: |
| enabled: false |
| |
| uui: |
| enabled: false |
| vfc: |
| enabled: false |
| vnfsdk: |
| enabled: false |
| modeling: |
| enabled: false |
| platform: |
| enabled: false |
| a1policymanagement: |
| enabled: false |
| cert-wrapper: |
| enabled: true |
| repository-wrapper: |
| enabled: true |
| roles-wrapper: |
| enabled: true |