blob: dac0be2a0782b012f52bfe4ea00ce7777dfac443 [file] [log] [blame]
# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
mariadbGalera:
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
service: mariadb-galera
# Enabling CMPv2
cmpv2Enabled: true
CMPv2CertManagerIntegration: false
platform:
certServiceClient:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
envVariables:
# Certificate related
cert_path: /var/custom-certs
cmpv2Organization: "Linux-Foundation"
cmpv2OrganizationalUnit: "ONAP"
cmpv2Location: "San-Francisco"
cmpv2Country: "US"
# Client configuration related
caName: "RA"
common_name: "sdnc.simpledemo.onap.org"
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
outputType: "P12"
keystorePassword: "secret"
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-root-password
name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password'
type: password
# If we're using shared mariadb, we need to use the secret name (second
# part).
# If not, we do the same trick than for user db secret hat allows you
# override this secret using external one with the same field that is used
# to pass this to subchart.
externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
(include "common.mariadb.secret.rootPassSecretName"
(dict "dot" .
"chartName" .Values.global.mariadbGalera.nameOverride)) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
type: basicAuth
# This is a nasty trick that allows you override this secret using external one
# with the same field that is used to pass this to subchart
externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}'
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
- uid: odl-creds
name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
type: basicAuth
externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
login: '{{ .Values.config.odlUser }}'
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- uid: dmaap-proxy-creds
name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
type: basicAuth
externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
password: '{{ .Values.config.netboxApikey }}'
passwordPolicy: required
- uid: aai-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
login: '{{ .Values.config.aaiUser }}'
password: '{{ .Values.config.aaiPassword }}'
passwordPolicy: required
- uid: modeling-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
login: '{{ .Values.config.modelingUser }}'
password: '{{ .Values.config.modelingPassword }}'
passwordPolicy: required
- uid: restconf-creds
type: basicAuth
externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
login: '{{ .Values.config.restconfUser }}'
password: '{{ .Values.config.restconfPassword }}'
passwordPolicy: required
- uid: ansible-creds
name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
type: basicAuth
externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
login: '{{ .Values.config.ansibleUser }}'
password: '{{ .Values.config.ansiblePassword }}'
passwordPolicy: required
- uid: scaleout-creds
type: basicAuth
externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
- uid: keystore-password
type: password
password: secret
passwordPolicy: required
#################################################################
# Certificates
#################################################################
certificates:
- name: onap-sdnc-certificate
secretName: onap-sdnc-certificate
commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
p12Keystore:
create: true
passwordSecretRef:
name: keystore-password
key: password
jksKeystore:
create: true
passwordSecretRef:
name: keystore-password
key: password
#################################################################
# Application configuration defaults.
#################################################################
# application images
pullPolicy: Always
image: onap/sdnc-image:2.0.4
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
config:
odlUid: 100
odlGid: 101
odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
# odlCredsExternalSecret: some secret
netboxApikey: onceuponatimeiplayedwithnetbox20180814
# netboxApikeyExternalSecret: some secret
aaiUser: sdnc@sdnc.onap.org
aaiPassword: demo123456!
# aaiCredsExternalSecret: some secret
modelingUser: ccsdkapps
modelingPassword: ccsdkapps
# modelingCredsExternalSecret: some secret
restconfUser: admin
restconfPassword: admin
# restconfCredsExternalSecret: some secret
scaleoutUser: admin
scaleoutPassword: admin
# scaleoutExternalSecret: some secret
ansibleUser: sdnc
ansiblePassword: sdnc
# ansibleCredsExternalSecret: some secret
dbSdnctlDatabase: &sdncDbName sdnctl
enableClustering: true
sdncHome: /opt/onap/sdnc
binDir: /opt/onap/sdnc/bin
etcDir: /opt/onap/sdnc/data
geoEnabled: false
# if geoEnabled is set to true here, mysql.geoEnabled must be set to true
# if geoEnabled is set to true the following 3 values must be set to their proper values
myODLCluster: 127.0.0.1
peerODLCluster: 127.0.0.1
isPrimaryCluster: true
configDir: /opt/onap/sdnc/data/properties
ccsdkConfigDir: /opt/onap/ccsdk/data/properties
dmaapTopic: SUCCESS
dmaapPort: 3904
logstashServiceName: log-ls
logstashPort: 5044
ansibleServiceName: sdnc-ansible-server
ansiblePort: 8000
javaHome: /opt/java/openjdk
odl:
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
maxFailures: 10
callTimeout: 90s
resetTimeout: 30s
recoveryEventTimeout: 90s
datastore:
persistentActorRestartMinBackoffInSeconds: 10
persistentActorRestartMaxBackoffInSeconds: 40
persistentActorRestartResetBackoffInSeconds: 20
shardTransactionCommitTimeoutInSeconds: 120
shardIsolatedLeaderCheckIntervalInMillis: 30000
operationTimeoutInSeconds: 120
javaOptions:
maxGCPauseMillis: 100
parallelGCThreads : 3
numberGCLogFiles: 10
minMemory: 512m
maxMemory: 2048m
gcLogOptions: ""
# Next line enables gc logging
# gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
# enables sdnr functionality
sdnr:
enabled: true
# mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
# mode: dm - SDNC contains sdnr device manager + ODLUX components
mode: dm
# sdnronly: true starts sdnc container with odl and sdnrwt features only
sdnronly: false
sdnrdbTrustAllCerts: true
mountpointRegistrarEnabled: false
mountpointStateProviderEnabled: false
# enable and set dmaap-proxy for mountpointRegistrar
dmaapProxy:
enabled: false
usepwd: true
user: addUserHere
password: addPasswordHere
url: addProxyUrlHere
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
fqi_namespace: org.onap.sdnc
public_fqdn: "sdnc.onap.org"
aafDeployFqi: "deployer@people.osaaf.org"
aafDeployPass: demo123456!
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
credsPath: /opt/app/osaaf/local
aaf_add_config: >
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
# dependency / sub-chart configuration
network-name-gen:
enabled: true
mariadb-galera: &mariadbGalera
nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
rootPasswordExternalSecret: *rootDbSecret
userName: &dbUser sdnctl
userCredentialsExternalSecret: *dbSecretName
rootUser:
externalSecret: *rootDbSecret
db:
user: *dbUser
externalSecret: *dbSecretName
service:
name: sdnc-dbhost
sdnctlPrefix: sdnc
persistence:
mountSubPath: sdnc/mariadb-galera
enabled: true
replicaCount: 1
serviceAccount:
nameOverride: *sdnc-db
cds:
enabled: false
dmaap-listener:
enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
config:
<<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
dmaapPort: 3904
sdncPort: 8282
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
<<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdncPort: 8282
sdncChartName: sdnc
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
sdnc-ansible-server:
enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
<<: *mariadbGalera
config:
<<: *mariadbGaleraConfig
mysqlDatabase: ansible
service:
name: sdnc-ansible-server
internalPort: 8000
dgbuilder:
enabled: true
nameOverride: sdnc-dgbuilder
certInitializer:
nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
ternary
(printf "%s-sdnc-db-root-password" (include "common.release" .))
(include "common.mariadb.secret.rootPassSecretName"
(dict "dot" . "chartName" "mariadb-galera")) }}'
userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
mariadb-galera:
service:
name: sdnc-dgbuilder
nodePort: "03"
ingress:
enabled: false
service:
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
- baseaddr: "sdnc-web-service"
name: "sdnc-web-service"
port: 8443
config:
ssl: "redirect"
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
certInitializer:
fqdn: "sdnc"
fqi_namespace: org.onap.sdnc
fqi: "sdnc@sdnc.onap.org"
service:
name: *elasticSearchName
master:
replicaCount: 3
# dedicatednode: "yes"
# working as master node only, in this case increase replicaCount for elasticsearch-data
# dedicatednode: "no"
# handles master and data node functionality
dedicatednode: "no"
nameOverride: *elasticSearchName
cluster_name: *elasticSearchName
# enable
sdnc-web:
enabled: true
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
service:
type: NodePort
name: sdnc
portName: sdnc
internalPort: 8181
internalPort2: 8101
internalPort3: 8080
internalPort4: 8443
#port
externalPort: 8282
externalPort2: 8202
externalPort3: 8280
externalPort4: 8443
nodePort4: 67
clusterPort: 2550
clusterPort2: 2650
clusterPort3: 2681
geoNodePort1: 61
geoNodePort2: 62
geoNodePort3: 63
geoNodePort4: 64
geoNodePort5: 65
geoNodePort6: 66
## Persist data to a persitent volume
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
volumeReclaimPolicy: Retain
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
accessMode: ReadWriteOnce
size: 1Gi
mountPath: /dockerdata-nfs
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
certpersistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
size: 50Mi
mountPath: /dockerdata-nfs
mountSubPath: sdnc/certs
certPath: /opt/app/osaaf
##storageClass: "manual"
ingress:
enabled: false
service:
- baseaddr: "sdnc.api"
name: "sdnc"
port: 8443
config:
ssl: "redirect"
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
resources:
small:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
cpu: 2
memory: 4Gi
unlimited: {}