blob: 90c27da2ad2819ac0e133c68d78bc8db9c624d9c [file] [log] [blame]
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
persistence:
mountPath: /dockerdata-nfs
#This configuration will run the migration. The configurations are for backing up the data
#from DB and then restoring it to the present versions preferred DB.
migration:
enabled: false
dbHost: mariadb-galera
dbPort: 3306
dbUser: root
dbPassword: secretpassword
# dbCredsExternalSecret: some secret
msbEnabled: true
security:
aaf:
enabled: false
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
app:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
cadi:
cadiLoglevel: DEBUG
cadiKeyFile: /app/org.onap.so.keyfile
cadiTrustStore: /app/org.onap.so.trust.jks
cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
cadiLatitude: 38.4329
cadiLongitude: -90.43248
aafEnv: IST
aafApiVersion: 2.1
aafRootNs: org.onap.so
aafLocateUrl: https://aaf-locate.onap:8095
aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: db-root-pass
name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
type: password
externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
- uid: db-backup-creds
name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
type: basicAuth
externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
passwordPolicy: required
annotations:
helm.sh/hook: pre-upgrade,pre-install
helm.sh/hook-weight: "0"
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
type: basicAuth
externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
login: '{{ .Values.dbCreds.userName }}'
password: '{{ .Values.dbCreds.userPassword }}'
passwordPolicy: generate
- uid: db-admin-creds
name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
type: basicAuth
externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- uid: "so-onap-certs"
name: &so-certs '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths:
- resources/config/certificates/onap-ca.crt
- resources/config/certificates/msb-ca.crt
#################################################################
# Application configuration defaults.
#################################################################
dbSecrets: &dbSecrets
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
# unused in this, just to pass to subcharts
dbCreds:
userName: so_user
adminName: so_admin
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
containerPort: 8080
logPath: ./logs/apih/
app: api-handler-infra
service:
type: NodePort
nodePort: 77
internalPort: 8080
externalPort: 8080
portName: so-apih-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
persistence:
certificatesPath: /certificates
resources:
small:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
large:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 1000m
memory: 2Gi
unlimited: {}
livenessProbe:
path: /manage/health
scheme: HTTP
initialDelaySeconds: 600
periodSeconds: 60
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
nodeSelector: {}
affinity: {}
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
config:
mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
name: so-mariadb-galera
persistence:
mountSubPath: so/mariadb-galera/data
enabled: true
ingress:
enabled: false
service:
- baseaddr: "so"
name: "so"
port: 8080
config:
ssl: "none"
mso:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.apihPerm
noAuthn: /manage/health
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
so:
operationalEnv:
dmaap:
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
so-bpmn-infra:
certSecret: *so-certs
db:
<<: *dbSecrets
cds:
auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
aai:
auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
db:
auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
password: wLg4sjrAFUS8rfVfdvTXeQ==
po:
auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
config:
cadi:
aafId: so@so.onap.org
aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.bpmnPerm
noAuthn: /manage/health
sdnc:
password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
sniro:
auth: test:testpwd
endpoint: http://replaceme:28090/optimizationInstance/V1/create
oof:
auth: test:testpwd
so:
vnfm:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
certSecret: *so-certs
db:
<<: *dbSecrets
mso:
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.catalogDbAdapterPerm
noAuthn: /manage/health
adapters:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-monitoring:
certSecret: *so-certs
db:
<<: *dbSecrets
so-openstack-adapter:
certSecret: *so-certs
db:
<<: *dbSecrets
aaf:
auth:
encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
org:
onap:
so:
adapters:
bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
valet:
basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
basicUser: poBpmn
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.openStackAdapterPerm
noAuthn: /manage/health
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-request-db-adapter:
certSecret: *so-certs
db:
<<: *dbSecrets
mso:
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.requestDbAdapterPerm
noAuthn: /manage/health
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
certSecret: *so-certs
db:
<<: *dbSecrets
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.sdcControllerPerm
noAuthn: /manage/health
asdc:
config:
key: 566B754875657232314F5548556D3665
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
so-sdnc-adapter:
certSecret: *so-certs
db:
<<: *dbSecrets
org:
onap:
so:
adapters:
sdnc:
bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
network:
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
mso:
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.sdncAdapterPerm
noAuthn: /manage/health
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
so-ve-vnfm-adapter:
certSecret: *so-certs
so-vfc-adapter:
certSecret: *so-certs
db:
<<: *dbSecrets
mso:
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.vfcAdapterPerm
noAuthn: /manage/health
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-vnfm-adapter:
certSecret: *so-certs
aaf:
auth:
username: so@so.onap.org
password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
sdc:
username: mso
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
key: 566B754875657232314F5548556D3665
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
config:
cadi:
aafId: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
so-mariadb:
db:
rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
backupCredsExternalSecret: *dbBackupCredsSecretName
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName