Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 368aced4fe43867012206eaad4560d11b1b86672 / . / kubernetes / policy / values.yaml
blob: a315bc251c22efe7180a00755661db6277b534dc [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]1# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]2# Modifications Copyright © 2018-2020 AT&T Intellectual Property
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]3# Modifications Copyright (C) 2021-2022 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]17#################################################################
18# Global configuration defaults.
19#################################################################
20global:
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]21 aafEnabled: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]22 mariadb:
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]26 mysqlDatabase: policyadmin
27 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]28 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]29 internalPort: 3306
Rashmi Pujarec452b52022-04-21 12:29:14 -0400[diff] [blame]30 prometheusEnabled: false
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame^]31 postgres:
32 localCluster: false
33 service:
34 name: pgset
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
37 container:
38 name: postgres
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]39
40#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]41# Secrets metaconfig
42#################################################################
43secrets:
44 - uid: db-root-password
45 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
46 type: password
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]47 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
48 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]49 policy: generate
50 - uid: db-secret
51 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
52 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]53 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
54 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
55 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]56 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]57 - uid: policy-app-user-creds
58 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
59 type: basicAuth
60 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
61 login: '{{ .Values.config.policyAppUserName }}'
62 password: '{{ .Values.config.policyAppUserPassword }}'
63 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]64 - uid: policy-pap-user-creds
65 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
66 type: basicAuth
67 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
68 login: '{{ .Values.restServer.policyPapUserName }}'
69 password: '{{ .Values.restServer.policyPapUserPassword }}'
70 passwordPolicy: required
71 - uid: policy-api-user-creds
72 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
73 type: basicAuth
74 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
75 login: '{{ .Values.restServer.policyApiUserName }}'
76 password: '{{ .Values.restServer.policyApiUserPassword }}'
77 passwordPolicy: required
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame^]78 - uid: pg-root-pass
79 name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
80 type: password
81 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
82 password: '{{ .Values.postgres.config.pgRootpassword }}'
83 policy: generate
84 - uid: pg-user-creds
85 name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
86 type: basicAuth
87 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
88 login: '{{ .Values.postgres.config.pgUserName }}'
89 password: '{{ .Values.postgres.config.pgUserPassword }}'
90 passwordPolicy: generate
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]91
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]92db: &dbSecretsHook
93 credsExternalSecret: *dbSecretName
94
95policy-api:
96 enabled: true
97 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]98 restServer:
99 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]100policy-pap:
101 enabled: true
102 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]103 restServer:
104 papUserExternalSecret: *policyPapCredsSecret
105 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]106policy-xacml-pdp:
107 enabled: true
108 db: *dbSecretsHook
109policy-apex-pdp:
110 enabled: true
111 db: *dbSecretsHook
112policy-drools-pdp:
113 enabled: true
114 db: *dbSecretsHook
115policy-distribution:
116 enabled: true
117 db: *dbSecretsHook
sebdet5c449882021-01-13 11:35:56 +0100[diff] [blame]118policy-clamp-be:
119 enabled: true
120 db: *dbSecretsHook
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]121 config:
122 appUserExternalSecret: *policyAppCredsSecret
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]123policy-clamp-ac-k8s-ppnt:
rameshiyer2701b8cc02021-09-21 15:07:50 +0100[diff] [blame]124 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]125policy-clamp-ac-pf-ppnt:
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]126 enabled: true
127 restServer:
128 apiUserExternalSecret: *policyApiCredsSecret
129 papUserExternalSecret: *policyPapCredsSecret
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]130policy-clamp-ac-http-ppnt:
rameshiyer273c3402d2021-09-21 15:14:39 +0100[diff] [blame]131 enabled: true
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]132policy-nexus:
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]133 enabled: false
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]134policy-clamp-runtime-acm:
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]135 enabled: true
136 db: *dbSecretsHook
137 config:
138 appUserExternalSecret: *policyAppCredsSecret
ktimoneyb3aef7b2021-09-13 08:27:58 +0100[diff] [blame]139policy-gui:
140 enabled: true
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]141
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]142#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]143# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]144#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]145
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]146repository: nexus3.onap.org:10001
kerenj3b697f62017-08-23 11:21:21 +0000[diff] [blame]147pullPolicy: Always
Alexis de Talhouëtdf4db0b2017-12-11 08:36:25 -0500[diff] [blame]148
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +0100[diff] [blame]149mariadb:
150 image: mariadb:10.5.8
151
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]152dbmigrator:
jhh8f95be22022-04-13 11:56:40 -0500[diff] [blame]153 image: onap/policy-db-migrator:2.4.2
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]154 schema: policyadmin
155 policy_home: "/opt/app/policy"
156
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]157subChartsOnly:
158 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300[diff] [blame]159
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]160# flag to enable debugging - application support required
161debugEnabled: false
162
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]163# default number of instances
164replicaCount: 1
165
166nodeSelector: {}
167
168affinity: {}
169
170# probe configuration parameters
171liveness:
172 initialDelaySeconds: 10
173 periodSeconds: 10
174 # necessary to disable liveness probe when setting breakpoints
175 # in debugger so K8s doesn't restart unresponsive container
176 enabled: true
177
178readiness:
179 initialDelaySeconds: 10
180 periodSeconds: 10
181
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]182
183config:
184 policyAppUserName: runtimeUser
185
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]186mariadb-galera:
187 # mariadb-galera.config and global.mariadb.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]188 db:
189 user: policy_user
190 # password:
191 externalSecret: *dbSecretName
192 name: &mysqlDbName policyadmin
193 rootUser:
194 externalSecret: *dbRootPassSecretName
195 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]196 # mariadb-galera.service and global.mariadb.service must be equals
197 service: *mariadbService
198 replicaCount: 1
199 persistence:
200 enabled: true
201 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]202 serviceAccount:
203 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]204
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame^]205postgresImage: library/postgres:latest
206# application configuration override for postgres
207postgres:
208 nameOverride: &postgresName policy-postgres
209 service:
210 name: *postgresName
211 name2: policy-pg-primary
212 name3: policy-pg-replica
213 container:
214 name:
215 primary: policy-pg-primary
216 replica: policy-pg-replica
217 persistence:
218 mountSubPath: policy/postgres/data
219 mountInitPath: policy
220 config:
221 pgUserName: policy_user
222 pgDatabase: policyadmin
223 pgUserExternalSecret: *pgUserCredsSecretName
224 pgRootPasswordExternalSecret: *pgRootPassSecretName
225
226readinessCheck:
227 wait_for:
228 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
229
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]230restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]231 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]232 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]233 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]234 policyApiUserPassword: zb!XztG34
235
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]236# Resource Limit flavor -By Default using small
237# Segregation for Different environment (small, large, or unlimited)
238flavor: small
239resources:
240 small:
241 limits:
242 cpu: 1
243 memory: 4Gi
244 requests:
245 cpu: 100m
246 memory: 1Gi
247 large:
248 limits:
249 cpu: 2
250 memory: 8Gi
251 requests:
252 cpu: 200m
253 memory: 2Gi
254 unlimited: {}
255
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]256#Pods Service Account
257serviceAccount:
258 nameOverride: policy
259 roles:
260 - read