blob: 33602a97d00fd9ecfb84f0af23fa76392ae9f75f [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00001# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -05002# Modifications Copyright © 2018-2020 AT&T Intellectual Property
jhhd74fe9f2021-04-15 11:04:39 -05003# Modifications Copyright (C) 2021 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00004#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +000017#################################################################
18# Global configuration defaults.
19#################################################################
20global:
jhhd4258672020-08-09 12:08:08 -050021 aafEnabled: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010022 mariadb:
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010026 mysqlDatabase: policyadmin
27 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010028 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010029 internalPort: 3306
mayankg2703ced85142018-03-20 05:42:53 +000030
31#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020032# Secrets metaconfig
33#################################################################
34secrets:
35 - uid: db-root-password
36 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
37 type: password
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010038 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
39 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020040 policy: generate
41 - uid: db-secret
42 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
43 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010044 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
45 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
46 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020047 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +010048 - uid: policy-app-user-creds
49 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
50 type: basicAuth
51 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
52 login: '{{ .Values.config.policyAppUserName }}'
53 password: '{{ .Values.config.policyAppUserPassword }}'
54 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +010055 - uid: policy-pap-user-creds
56 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
57 type: basicAuth
58 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
59 login: '{{ .Values.restServer.policyPapUserName }}'
60 password: '{{ .Values.restServer.policyPapUserPassword }}'
61 passwordPolicy: required
62 - uid: policy-api-user-creds
63 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
64 type: basicAuth
65 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
66 login: '{{ .Values.restServer.policyApiUserName }}'
67 password: '{{ .Values.restServer.policyApiUserPassword }}'
68 passwordPolicy: required
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020069
jhhd4258672020-08-09 12:08:08 -050070db: &dbSecretsHook
71 credsExternalSecret: *dbSecretName
72
73policy-api:
74 enabled: true
75 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +010076 restServer:
77 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -050078policy-pap:
79 enabled: true
80 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +010081 restServer:
82 papUserExternalSecret: *policyPapCredsSecret
83 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -050084policy-xacml-pdp:
85 enabled: true
86 db: *dbSecretsHook
87policy-apex-pdp:
88 enabled: true
89 db: *dbSecretsHook
90policy-drools-pdp:
91 enabled: true
92 db: *dbSecretsHook
93policy-distribution:
94 enabled: true
95 db: *dbSecretsHook
sebdet5c449882021-01-13 11:35:56 +010096policy-clamp-be:
97 enabled: true
98 db: *dbSecretsHook
saul.gill7124a4b2021-09-09 12:02:49 +010099 config:
100 appUserExternalSecret: *policyAppCredsSecret
sebdet5c449882021-01-13 11:35:56 +0100101policy-clamp-fe:
102 enabled: true
rameshiyer2701b8cc02021-09-21 15:07:50 +0100103policy-clamp-cl-k8s-ppnt:
104 enabled: true
rameshiyer27ff176652021-09-21 15:19:05 +0100105policy-clamp-cl-pf-ppnt:
106 enabled: true
107 restServer:
108 apiUserExternalSecret: *policyApiCredsSecret
109 papUserExternalSecret: *policyPapCredsSecret
jhhd4258672020-08-09 12:08:08 -0500110policy-nexus:
jhhbf8d8a92020-09-10 14:01:49 -0500111 enabled: false
saul.gill7124a4b2021-09-09 12:02:49 +0100112policy-clamp-cl-runtime:
113 enabled: true
114 db: *dbSecretsHook
115 config:
116 appUserExternalSecret: *policyAppCredsSecret
ktimoneyb3aef7b2021-09-13 08:27:58 +0100117policy-gui:
118 enabled: true
jhhd4258672020-08-09 12:08:08 -0500119
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200120#################################################################
jhhd4258672020-08-09 12:08:08 -0500121# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000122#################################################################
jhhd4258672020-08-09 12:08:08 -0500123
mayankg2703ced85142018-03-20 05:42:53 +0000124repository: nexus3.onap.org:10001
kerenj3b697f62017-08-23 11:21:21 +0000125pullPolicy: Always
Alexis de Talhouëtdf4db0b2017-12-11 08:36:25 -0500126
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +0100127mariadb:
128 image: mariadb:10.5.8
129
jhhd74fe9f2021-04-15 11:04:39 -0500130dbmigrator:
liamfallon66c78e52021-10-14 13:15:45 +0100131 image: onap/policy-db-migrator:2.3.1
jhhd74fe9f2021-04-15 11:04:39 -0500132 schema: policyadmin
133 policy_home: "/opt/app/policy"
134
mayankg2703ced85142018-03-20 05:42:53 +0000135subChartsOnly:
136 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300137
mayankg2703ced85142018-03-20 05:42:53 +0000138# flag to enable debugging - application support required
139debugEnabled: false
140
mayankg2703ced85142018-03-20 05:42:53 +0000141# default number of instances
142replicaCount: 1
143
144nodeSelector: {}
145
146affinity: {}
147
148# probe configuration parameters
149liveness:
150 initialDelaySeconds: 10
151 periodSeconds: 10
152 # necessary to disable liveness probe when setting breakpoints
153 # in debugger so K8s doesn't restart unresponsive container
154 enabled: true
155
156readiness:
157 initialDelaySeconds: 10
158 periodSeconds: 10
159
saul.gill7124a4b2021-09-09 12:02:49 +0100160
161config:
162 policyAppUserName: runtimeUser
163
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100164mariadb-galera:
165 # mariadb-galera.config and global.mariadb.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100166 db:
167 user: policy_user
168 # password:
169 externalSecret: *dbSecretName
170 name: &mysqlDbName policyadmin
171 rootUser:
172 externalSecret: *dbRootPassSecretName
173 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100174 # mariadb-galera.service and global.mariadb.service must be equals
175 service: *mariadbService
176 replicaCount: 1
177 persistence:
178 enabled: true
179 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100180 serviceAccount:
181 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100182
rameshiyer27ff176652021-09-21 15:19:05 +0100183restServer:
184 policyPapUserName: healthcheck
185 policyPapUserPassword: zb!XztG34
186 policyApiUserName: healthcheck
187 policyApiUserPassword: zb!XztG34
188
jhhbf8d8a92020-09-10 14:01:49 -0500189# Resource Limit flavor -By Default using small
190# Segregation for Different environment (small, large, or unlimited)
191flavor: small
192resources:
193 small:
194 limits:
195 cpu: 1
196 memory: 4Gi
197 requests:
198 cpu: 100m
199 memory: 1Gi
200 large:
201 limits:
202 cpu: 2
203 memory: 8Gi
204 requests:
205 cpu: 200m
206 memory: 2Gi
207 unlimited: {}
208
farida azmyc1178372021-04-11 12:55:33 +0200209#Pods Service Account
210serviceAccount:
211 nameOverride: policy
212 roles:
213 - read