| # Copyright © 2020 Samsung Electronics, highstreet technologies GmbH |
| # Copyright © 2017 Amdocs, Bell Canada |
| # Copyright © 2021 Nokia |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| ################################################################# |
| # Global configuration defaults. |
| ################################################################# |
| global: |
| nodePortPrefix: 302 |
| nodePortPrefixExt: 304 |
| persistence: |
| mountPath: /dockerdata-nfs |
| centralizedLoggingEnabled: true |
| mariadbGalera: |
| #This flag allows SO to instantiate its own mariadb-galera cluster |
| #If shared instance is used, this chart assumes that DB already exists |
| localCluster: false |
| service: mariadb-galera |
| internalPort: 3306 |
| nameOverride: mariadb-galera |
| |
| ################################################################# |
| # Secrets metaconfig |
| ################################################################# |
| secrets: |
| - uid: db-root-password |
| name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password' |
| type: password |
| # If we're using shared mariadb, we need to use the secret name (second |
| # part). |
| # If not, we do the same trick than for user db secret hat allows you |
| # override this secret using external one with the same field that is used |
| # to pass this to subchart. |
| externalSecret: '{{ .Values.global.mariadbGalera.localCluster | |
| ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | |
| ternary |
| "" |
| (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)) |
| (include "common.mariadb.secret.rootPassSecretName" |
| (dict "dot" . |
| "chartName" .Values.global.mariadbGalera.nameOverride)) }}' |
| password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' |
| - uid: db-secret |
| name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' |
| type: basicAuth |
| # This is a nasty trick that allows you override this secret using external one |
| # with the same field that is used to pass this to subchart |
| externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) | |
| ternary |
| "" |
| (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}' |
| login: '{{ index .Values "mariadb-galera" "db" "user" }}' |
| password: '{{ index .Values "mariadb-galera" "db" "password" }}' |
| - uid: odl-creds |
| name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' |
| type: basicAuth |
| externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' |
| login: '{{ .Values.config.odlUser }}' |
| password: '{{ .Values.config.odlPassword }}' |
| # For now this is left hardcoded but should be revisited in a future |
| passwordPolicy: required |
| - uid: dmaap-proxy-creds |
| name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds' |
| type: basicAuth |
| externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}' |
| login: '{{ .Values.config.sdnr.dmaapProxy.user }}' |
| password: '{{ .Values.config.sdnr.dmaapProxy.password }}' |
| # For now this is left hardcoded but should be revisited in a future |
| passwordPolicy: required |
| - uid: netbox-apikey |
| type: password |
| externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' |
| password: '{{ .Values.config.netboxApikey }}' |
| passwordPolicy: required |
| - uid: aai-truststore-password |
| type: password |
| externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}' |
| password: '{{ .Values.config.aaiTruststorePassword }}' |
| passwordPolicy: required |
| - uid: ansible-truststore-password |
| type: password |
| externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}' |
| password: '{{ .Values.config.ansibleTruststorePassword }}' |
| passwordPolicy: required |
| - uid: truststore-password |
| type: password |
| externalSecret: '{{ .Values.config.truststoreExternalSecret }}' |
| password: '{{ .Values.config.truststorePassword }}' |
| passwordPolicy: required |
| - uid: keystore-password |
| type: password |
| externalSecret: '{{ .Values.config.keystoreExternalSecret }}' |
| password: '{{ .Values.config.keystorePassword }}' |
| passwordPolicy: required |
| - uid: dmaap-authkey |
| type: password |
| externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}' |
| password: '{{ .Values.config.dmaapAuthKey }}' |
| passwordPolicy: required |
| - uid: aai-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' |
| login: '{{ .Values.config.aaiUser }}' |
| password: '{{ .Values.config.aaiPassword }}' |
| passwordPolicy: required |
| - uid: so-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.soCredsExternalSecret}}' |
| login: '{{ .Values.config.soUser }}' |
| password: '{{ .Values.config.soPassword }}' |
| passwordPolicy: required |
| - uid: neng-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.nengCredsExternalSecret}}' |
| login: '{{ .Values.config.nengUser }}' |
| password: '{{ .Values.config.nengPassword }}' |
| passwordPolicy: required |
| - uid: cds-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}' |
| login: '{{ .Values.config.cdsUser }}' |
| password: '{{ .Values.config.cdsPassword }}' |
| passwordPolicy: required |
| - uid: honeycomb-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}' |
| login: '{{ .Values.config.honeycombUser }}' |
| password: '{{ .Values.config.honeycombPassword }}' |
| passwordPolicy: required |
| - uid: dmaap-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}' |
| login: '{{ .Values.config.dmaapUser }}' |
| password: '{{ .Values.config.dmaapPassword }}' |
| passwordPolicy: required |
| - uid: modeling-user-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' |
| login: '{{ .Values.config.modelingUser }}' |
| password: '{{ .Values.config.modelingPassword }}' |
| passwordPolicy: required |
| - uid: restconf-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' |
| login: '{{ .Values.config.restconfUser }}' |
| password: '{{ .Values.config.restconfPassword }}' |
| passwordPolicy: required |
| - uid: ansible-creds |
| name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' |
| type: basicAuth |
| externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' |
| login: '{{ .Values.config.ansibleUser }}' |
| password: '{{ .Values.config.ansiblePassword }}' |
| passwordPolicy: required |
| - uid: scaleout-creds |
| type: basicAuth |
| externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' |
| login: '{{ .Values.config.scaleoutUser }}' |
| password: '{{ .Values.config.scaleoutPassword }}' |
| passwordPolicy: required |
| - uid: oauth-token-secret |
| type: password |
| externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' |
| password: '{{ .Values.config.sdnr.oauth.tokenSecret }}' |
| passwordPolicy: required |
| - uid: keycloak-secret |
| type: password |
| externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' |
| password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}' |
| passwordPolicy: required |
| - uid: ves-collector-secret |
| type: basicAuth |
| login: '{{ .Values.config.sdnr.vesCollector.username }}' |
| password: '{{ .Values.config.sdnr.vesCollector.password }}' |
| ################################################################# |
| # Certificates |
| ################################################################# |
| certificates: |
| - mountPath: /var/custom-certs |
| commonName: sdnc.simpledemo.onap.org |
| dnsNames: |
| - sdnc.simpledemo.onap.org |
| keystore: |
| outputType: |
| - jks |
| passwordSecretRef: |
| create: true |
| name: sdnc-cmpv2-keystore-password |
| key: password |
| issuer: |
| group: certmanager.onap.org |
| kind: CMPv2Issuer |
| name: cmpv2-issuer-onap |
| ################################################################# |
| # Application configuration defaults. |
| ################################################################# |
| # application images |
| |
| pullPolicy: Always |
| image: onap/sdnc-image:2.5.5 |
| |
| # flag to enable debugging - application support required |
| debugEnabled: false |
| |
| # application configuration |
| config: |
| odlUid: 100 |
| odlGid: 101 |
| odlUser: admin |
| odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U |
| # odlCredsExternalSecret: some secret |
| netboxApikey: onceuponatimeiplayedwithnetbox20180814 |
| # netboxApikeyExternalSecret: some secret |
| aaiTruststorePassword: changeit |
| # aaiTruststoreExternalSecret: some secret |
| ansibleTruststorePassword: changeit |
| # ansibleTruststoreExternalSecret: some secret |
| truststorePassword: adminadmin |
| # truststoreExternalSecret: some secret |
| keystorePassword: adminadmin |
| # keystoreExternalSecret: some secret |
| aaiUser: sdnc@sdnc.onap.org |
| aaiPassword: demo123456! |
| # aaiCredsExternalSecret: some secret |
| soUser: sdncaBpmn |
| soPassword: password1$ |
| # soCredsExternalSecret: some secret |
| nengUser: ccsdkapps |
| nengPassword: ccsdkapps |
| # nengCredsExternalSecret: some secret |
| cdsUser: ccsdkapps |
| cdsPassword: ccsdkapps |
| # cdsCredsExternalSecret: some secret |
| honeycombUser: admin |
| honeycombPassword: admin |
| # honeycombCredsExternalSecret: some secret |
| dmaapUser: admin |
| dmaapPassword: admin |
| dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs=" |
| # dmaapCredsExternalSecret: some secret |
| # dmaapAuthKeyExternalSecret: some secret |
| modelingUser: ccsdkapps |
| modelingPassword: ccsdkapps |
| # modelingCredsExternalSecret: some secret |
| restconfUser: admin |
| restconfPassword: admin |
| # restconfCredsExternalSecret: some secret |
| scaleoutUser: admin |
| scaleoutPassword: admin |
| # scaleoutExternalSecret: some secret |
| ansibleUser: sdnc |
| ansiblePassword: sdnc |
| # ansibleCredsExternalSecret: some secret |
| |
| dbSdnctlDatabase: &sdncDbName sdnctl |
| enableClustering: true |
| sdncHome: /opt/onap/sdnc |
| binDir: /opt/onap/sdnc/bin |
| etcDir: /opt/onap/sdnc/data |
| geoEnabled: false |
| # if geoEnabled is set to true here, mysql.geoEnabled must be set to true |
| # if geoEnabled is set to true the following 3 values must be set to their proper values |
| myODLCluster: 127.0.0.1 |
| peerODLCluster: 127.0.0.1 |
| isPrimaryCluster: true |
| configDir: /opt/onap/sdnc/data/properties |
| ccsdkConfigDir: /opt/onap/ccsdk/data/properties |
| dmaapTopic: SUCCESS |
| dmaapPort: 3904 |
| logstashServiceName: log-ls |
| logstashPort: 5044 |
| ansibleServiceName: sdnc-ansible-server |
| ansiblePort: 8000 |
| javaHome: /opt/java/openjdk |
| |
| odl: |
| etcDir: /opt/opendaylight/etc |
| binDir: /opt/opendaylight/bin |
| gcLogDir: /opt/opendaylight/data/log |
| salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config |
| salConfigVersion: 1.10.4 |
| akka: |
| seedNodeTimeout: 15s |
| circuitBreaker: |
| maxFailures: 10 |
| callTimeout: 90s |
| resetTimeout: 30s |
| recoveryEventTimeout: 90s |
| datastore: |
| persistentActorRestartMinBackoffInSeconds: 10 |
| persistentActorRestartMaxBackoffInSeconds: 40 |
| persistentActorRestartResetBackoffInSeconds: 20 |
| shardTransactionCommitTimeoutInSeconds: 120 |
| shardIsolatedLeaderCheckIntervalInMillis: 30000 |
| operationTimeoutInSeconds: 120 |
| javaOptions: |
| maxGCPauseMillis: 100 |
| parallelGCThreads : 3 |
| numberGCLogFiles: 10 |
| minMemory: 512m |
| maxMemory: 2048m |
| gcLogOptions: "" |
| # Next line enables gc logging |
| # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" |
| # enables sdnr functionality |
| sdnr: |
| enabled: true |
| # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), |
| # mode: dm - SDNC contains sdnr device manager + ODLUX components |
| mode: dm |
| # sdnronly: true starts sdnc container with odl and sdnrwt features only |
| sdnronly: false |
| sdnrdbTrustAllCerts: true |
| mountpointRegistrarEnabled: false |
| mountpointStateProviderEnabled: false |
| netconfCallHome: |
| enabled: true |
| # |
| # enable and set dmaap-proxy for mountpointRegistrar |
| dmaapProxy: |
| enabled: false |
| usepwd: true |
| user: addUserHere |
| password: addPasswordHere |
| url: addProxyUrlHere |
| oauth: |
| enabled: false |
| tokenIssuer: ONAP SDNC |
| tokenSecret: secret |
| supportOdlusers: true |
| redirectUri: null |
| publicUrl: none |
| odluxRbac: |
| enabled: true |
| # example definition for a oauth provider |
| providersSecrets: |
| keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46 |
| providers: |
| - id: keycloak |
| type: KEYCLOAK |
| host: http://keycloak:8080 |
| clientId: odlux.app |
| secret: ${KEYCLOAK_SECRET} |
| scope: openid |
| title: ONAP Keycloak Provider |
| roleMapping: |
| mykeycloak: admin |
| vesCollector: |
| enabled: false |
| tls: |
| enabled: true |
| trustAllCertificates: false |
| username: sample1 |
| password: sample1 |
| address: dcae-ves-collector.onap |
| port: 8080 |
| version: v7 |
| reportingEntityName: ONAP SDN-R |
| eventLogMsgDetail: SHORT |
| |
| # dependency / sub-chart configuration |
| network-name-gen: |
| enabled: true |
| mariadb-galera: &mariadbGalera |
| nameOverride: &sdnc-db sdnc-db |
| config: &mariadbGaleraConfig |
| rootPasswordExternalSecret: *rootDbSecret |
| userName: &dbUser sdnctl |
| userCredentialsExternalSecret: *dbSecretName |
| rootUser: |
| externalSecret: *rootDbSecret |
| db: |
| user: *dbUser |
| externalSecret: *dbSecretName |
| service: |
| name: sdnc-dbhost |
| sdnctlPrefix: sdnc |
| persistence: |
| mountSubPath: sdnc/mariadb-galera |
| enabled: true |
| replicaCount: 1 |
| serviceAccount: |
| nameOverride: *sdnc-db |
| |
| cds: |
| enabled: false |
| |
| dmaap-listener: |
| enabled: true |
| nameOverride: sdnc-dmaap-listener |
| mariadb-galera: |
| <<: *mariadbGalera |
| config: |
| <<: *mariadbGaleraConfig |
| mysqlDatabase: *sdncDbName |
| config: |
| sdncChartName: sdnc |
| dmaapPort: 3904 |
| sdncPort: 8282 |
| configDir: /opt/onap/sdnc/data/properties |
| odlCredsExternalSecret: *odlCredsSecretName |
| |
| ueb-listener: |
| enabled: true |
| mariadb-galera: |
| <<: *mariadbGalera |
| config: |
| <<: *mariadbGaleraConfig |
| mysqlDatabase: *sdncDbName |
| nameOverride: sdnc-ueb-listener |
| config: |
| sdncPort: 8282 |
| sdncChartName: sdnc |
| configDir: /opt/onap/sdnc/data/properties |
| odlCredsExternalSecret: *odlCredsSecretName |
| |
| sdnc-ansible-server: |
| enabled: true |
| config: |
| restCredsExternalSecret: *ansibleSecretName |
| mariadb-galera: |
| <<: *mariadbGalera |
| config: |
| <<: *mariadbGaleraConfig |
| mysqlDatabase: ansible |
| service: |
| name: sdnc-ansible-server |
| internalPort: 8000 |
| |
| dgbuilder: |
| enabled: true |
| nameOverride: sdnc-dgbuilder |
| config: |
| db: |
| dbName: *sdncDbName |
| rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster | |
| ternary |
| (printf "%s-sdnc-db-root-password" (include "common.release" .)) |
| (include "common.mariadb.secret.rootPassSecretName" |
| (dict "dot" . "chartName" "mariadb-galera")) }}' |
| userCredentialsExternalSecret: *dbSecretName |
| dbPodName: mariadb-galera |
| dbServiceName: mariadb-galera |
| # This should be revisited and changed to plain text |
| dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 |
| serviceAccount: |
| nameOverride: sdnc-dgbuilder |
| mariadb-galera: |
| service: |
| name: sdnc-dgbuilder |
| ports: |
| - name: http |
| port: 3100 |
| nodePort: 03 |
| |
| ingress: |
| enabled: false |
| service: |
| - baseaddr: "sdnc-dgbuilder-ui" |
| name: "sdnc-dgbuilder" |
| port: 3100 |
| config: |
| ssl: "redirect" |
| |
| |
| |
| # local elasticsearch cluster |
| localElasticCluster: true |
| elasticsearch: |
| nameOverride: &elasticSearchName sdnrdb |
| name: sdnrdb-cluster |
| service: |
| name: *elasticSearchName |
| master: |
| replicaCount: 3 |
| # dedicatednode: "yes" |
| # working as master node only, in this case increase replicaCount for elasticsearch-data |
| # dedicatednode: "no" |
| # handles master and data node functionality |
| dedicatednode: "no" |
| nameOverride: *elasticSearchName |
| cluster_name: sdnrdb-cluster |
| |
| # enable |
| sdnc-web: |
| enabled: true |
| # default number of instances |
| replicaCount: 1 |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # probe configuration parameters |
| liveness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| # necessary to disable liveness probe when setting breakpoints |
| # in debugger so K8s doesn't restart unresponsive container |
| enabled: true |
| |
| readiness: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| |
| service: |
| type: NodePort |
| name: sdnc |
| portName: http |
| internalPort: 8181 |
| internalPort2: 8101 |
| internalPort3: 8080 |
| |
| #port |
| externalPort: 8282 |
| |
| externalPort2: 8202 |
| |
| externalPort3: 8280 |
| |
| nodePort4: 67 |
| |
| clusterPort: 2550 |
| clusterPort2: 2650 |
| clusterPort3: 2681 |
| |
| geoNodePort1: 61 |
| geoNodePort2: 62 |
| geoNodePort3: 63 |
| geoNodePort4: 64 |
| geoNodePort5: 65 |
| geoNodePort6: 66 |
| |
| callHomePort: &chport 4334 |
| callHomeNodePort: 66 |
| |
| ## Persist data to a persitent volume |
| persistence: |
| enabled: true |
| |
| ## A manually managed Persistent Volume and Claim |
| ## Requires persistence.enabled: true |
| ## If defined, PVC must be created manually before volume will be bound |
| # existingClaim: |
| volumeReclaimPolicy: Retain |
| |
| ## database data Persistent Volume Storage Class |
| ## If defined, storageClassName: <storageClass> |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning |
| ## If undefined (the default) or set to null, no storageClassName spec is |
| ## set, choosing the default provisioner. (gp2 on AWS, standard on |
| ## GKE, AWS & OpenStack) |
| accessMode: ReadWriteOnce |
| size: 1Gi |
| mountPath: /dockerdata-nfs |
| mountSubPath: sdnc/mdsal |
| mdsalPath: /opt/opendaylight/mdsal |
| daeximPath: /opt/opendaylight/mdsal/daexim |
| journalPath: /opt/opendaylight/segmented-journal |
| snapshotsPath: /opt/opendaylight/snapshots |
| |
| ingress: |
| enabled: false |
| service: |
| - baseaddr: "sdnc-api" |
| name: "sdnc" |
| port: 8282 |
| - baseaddr: "sdnc-callhome" |
| name: "sdnc-callhome" |
| port: *chport |
| protocol: tcp |
| exposedPort: *chport |
| exposedProtocol: TCP |
| config: |
| ssl: "redirect" |
| |
| serviceMesh: |
| authorizationPolicy: |
| authorizedPrincipals: |
| - serviceAccount: a1policymanagement-read |
| - serviceAccount: cds-blueprints-processor-read |
| - serviceAccount: consul-read |
| - serviceAccount: ncmp-dmi-plugin-read |
| - serviceAccount: policy-drools-pdp-read |
| - serviceAccount: robot-read |
| - serviceAccount: sdnc-ansible-server-read |
| - serviceAccount: sdnc-dmaap-listener-read |
| - serviceAccount: sdnc-prom-read |
| - serviceAccount: sdnc-ueb-listener-read |
| - serviceAccount: sdnc-web-read |
| - serviceAccount: so-sdnc-adapter-read |
| - serviceAccount: istio-ingress |
| namespace: istio-ingress |
| authorizedPrincipalsSdnHosts: |
| - serviceAccount: sdnc-read |
| |
| #Resource Limit flavor -By Default using small |
| flavor: small |
| #segregation for different envionment (Small and Large) |
| |
| resources: |
| small: |
| limits: |
| cpu: 2 |
| memory: 4Gi |
| requests: |
| cpu: 1 |
| memory: 2Gi |
| large: |
| limits: |
| cpu: 4 |
| memory: 8Gi |
| requests: |
| cpu: 2 |
| memory: 4Gi |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: sdnc |
| roles: |
| - read |
| |
| #Log configuration |
| log: |
| path: /var/log/onap |