| # Copyright © 2017 Amdocs, Bell Canada |
| # Modifications Copyright © 2018-2020 AT&T Intellectual Property |
| # Modifications Copyright (C) 2021-2022 Nordix Foundation. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| ################################################################# |
| # Global configuration defaults. |
| ################################################################# |
| global: |
| aafEnabled: true |
| mariadb: |
| # '&mariadbConfig' means we "store" the values for later use in the file |
| # with '*mariadbConfig' pointer. |
| config: &mariadbConfig |
| mysqlDatabase: policyadmin |
| service: &mariadbService |
| name: &policy-mariadb policy-mariadb |
| internalPort: 3306 |
| prometheusEnabled: false |
| |
| ################################################################# |
| # Secrets metaconfig |
| ################################################################# |
| secrets: |
| - uid: db-root-password |
| name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' |
| type: password |
| externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' |
| password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' |
| policy: generate |
| - uid: db-secret |
| name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' |
| type: basicAuth |
| externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' |
| login: '{{ index .Values "mariadb-galera" "db" "user" }}' |
| password: '{{ index .Values "mariadb-galera" "db" "password" }}' |
| passwordPolicy: generate |
| - uid: policy-app-user-creds |
| name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' |
| login: '{{ .Values.config.policyAppUserName }}' |
| password: '{{ .Values.config.policyAppUserPassword }}' |
| passwordPolicy: generate |
| - uid: policy-pap-user-creds |
| name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' |
| login: '{{ .Values.restServer.policyPapUserName }}' |
| password: '{{ .Values.restServer.policyPapUserPassword }}' |
| passwordPolicy: required |
| - uid: policy-api-user-creds |
| name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' |
| login: '{{ .Values.restServer.policyApiUserName }}' |
| password: '{{ .Values.restServer.policyApiUserPassword }}' |
| passwordPolicy: required |
| |
| db: &dbSecretsHook |
| credsExternalSecret: *dbSecretName |
| |
| policy-api: |
| enabled: true |
| db: *dbSecretsHook |
| restServer: |
| apiUserExternalSecret: *policyApiCredsSecret |
| policy-pap: |
| enabled: true |
| db: *dbSecretsHook |
| restServer: |
| papUserExternalSecret: *policyPapCredsSecret |
| apiUserExternalSecret: *policyApiCredsSecret |
| policy-xacml-pdp: |
| enabled: true |
| db: *dbSecretsHook |
| policy-apex-pdp: |
| enabled: true |
| db: *dbSecretsHook |
| policy-drools-pdp: |
| enabled: true |
| db: *dbSecretsHook |
| policy-distribution: |
| enabled: true |
| db: *dbSecretsHook |
| policy-clamp-be: |
| enabled: true |
| db: *dbSecretsHook |
| config: |
| appUserExternalSecret: *policyAppCredsSecret |
| policy-clamp-ac-k8s-ppnt: |
| enabled: true |
| policy-clamp-ac-pf-ppnt: |
| enabled: true |
| restServer: |
| apiUserExternalSecret: *policyApiCredsSecret |
| papUserExternalSecret: *policyPapCredsSecret |
| policy-clamp-ac-http-ppnt: |
| enabled: true |
| policy-nexus: |
| enabled: false |
| policy-clamp-runtime-acm: |
| enabled: true |
| db: *dbSecretsHook |
| config: |
| appUserExternalSecret: *policyAppCredsSecret |
| policy-gui: |
| enabled: true |
| |
| ################################################################# |
| # DB configuration defaults. |
| ################################################################# |
| |
| repository: nexus3.onap.org:10001 |
| pullPolicy: Always |
| |
| mariadb: |
| image: mariadb:10.5.8 |
| |
| dbmigrator: |
| image: onap/policy-db-migrator:2.4.2 |
| schema: policyadmin |
| policy_home: "/opt/app/policy" |
| |
| subChartsOnly: |
| enabled: true |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # default number of instances |
| replicaCount: 1 |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # probe configuration parameters |
| liveness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: true |
| |
| readiness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| |
| |
| config: |
| policyAppUserName: runtimeUser |
| |
| mariadb-galera: |
| # mariadb-galera.config and global.mariadb.config must be equals |
| db: |
| user: policy_user |
| # password: |
| externalSecret: *dbSecretName |
| name: &mysqlDbName policyadmin |
| rootUser: |
| externalSecret: *dbRootPassSecretName |
| nameOverride: *policy-mariadb |
| # mariadb-galera.service and global.mariadb.service must be equals |
| service: *mariadbService |
| replicaCount: 1 |
| persistence: |
| enabled: true |
| mountSubPath: policy/maria/data |
| serviceAccount: |
| nameOverride: *policy-mariadb |
| |
| restServer: |
| policyPapUserName: policyadmin |
| policyPapUserPassword: zb!XztG34 |
| policyApiUserName: policyadmin |
| policyApiUserPassword: zb!XztG34 |
| |
| # Resource Limit flavor -By Default using small |
| # Segregation for Different environment (small, large, or unlimited) |
| flavor: small |
| resources: |
| small: |
| limits: |
| cpu: 1 |
| memory: 4Gi |
| requests: |
| cpu: 100m |
| memory: 1Gi |
| large: |
| limits: |
| cpu: 2 |
| memory: 8Gi |
| requests: |
| cpu: 200m |
| memory: 2Gi |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: policy |
| roles: |
| - read |