Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 53490fa3240d2c1d9b4e4948f85d2a3ef0df3746 / . / kubernetes / policy / values.yaml
blob: 9497c3c2c4f6b96a8d67b9863cb0b2e71be0c274 [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]1# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]2# Modifications Copyright © 2018-2020 AT&T Intellectual Property
efiacorab235f42023-02-15 11:51:52 +0000[diff] [blame]3# Modifications Copyright (C) 2021-2023 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]17#################################################################
18# Global configuration defaults.
19#################################################################
20global:
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]21 mariadbGalera:
22 # flag to enable the DB creation via mariadb-operator
23 useOperator: true
24 # if useOperator set to "true", set "enableServiceAccount to "false"
25 # as the SA is created by the Operator
26 enableServiceAccount: false
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]27 localCluster: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]28 # '&mariadbConfig' means we "store" the values for later use in the file
29 # with '*mariadbConfig' pointer.
30 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]31 mysqlDatabase: policyadmin
Andreas Geissler53490fa2024-04-17 09:42:16 +0200[diff] [blame^]32 service: &mariadbService policy-mariadb
33 internalPort: 3306
34 nameOverride: *mariadbService
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]35 # (optional) if localCluster=false and an external secret is used set this variable
36 #userRootSecret: <secretName>
Rashmi Pujarec452b52022-04-21 12:29:14 -0400[diff] [blame]37 prometheusEnabled: false
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]38 postgres:
39 localCluster: false
40 service:
41 name: pgset
42 name2: tcp-pgset-primary
43 name3: tcp-pgset-replica
44 container:
45 name: postgres
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]46 kafkaBootstrap: strimzi-kafka-bootstrap:9092
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]47 policyKafkaUser: policy-kafka-user
efiacor6910bbe2023-03-03 14:53:16 +0000[diff] [blame]48 kafkaTopics:
49 acRuntimeTopic:
50 name: policy.clamp-runtime-acm
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]51#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]52# Secrets metaconfig
53#################################################################
54secrets:
55 - uid: db-root-password
56 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
57 type: password
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]58 externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
59 ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
60 ternary
61 ""
62 (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
63 )
64 ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
65 ternary
66 .Values.global.mariadbGalera.userRootSecret
67 (include "common.mariadb.secret.rootPassSecretName"
68 (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
69 )
70 ) }}'
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]71 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]72 policy: generate
73 - uid: db-secret
74 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
75 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]76 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
77 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
78 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]79 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]80 - uid: policy-app-user-creds
81 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
82 type: basicAuth
83 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
84 login: '{{ .Values.config.policyAppUserName }}'
85 password: '{{ .Values.config.policyAppUserPassword }}'
86 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]87 - uid: policy-pap-user-creds
88 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
89 type: basicAuth
90 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
91 login: '{{ .Values.restServer.policyPapUserName }}'
92 password: '{{ .Values.restServer.policyPapUserPassword }}'
93 passwordPolicy: required
94 - uid: policy-api-user-creds
95 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
96 type: basicAuth
97 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
98 login: '{{ .Values.restServer.policyApiUserName }}'
99 password: '{{ .Values.restServer.policyApiUserPassword }}'
100 passwordPolicy: required
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]101
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]102db: &dbSecretsHook
103 credsExternalSecret: *dbSecretName
104
105policy-api:
106 enabled: true
107 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]108 restServer:
109 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]110 config:
111 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]112policy-pap:
113 enabled: true
114 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]115 restServer:
116 papUserExternalSecret: *policyPapCredsSecret
117 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]118 config:
119 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]120policy-xacml-pdp:
121 enabled: true
122 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]123 config:
124 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]125policy-apex-pdp:
126 enabled: true
127 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]128 config:
129 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]130policy-drools-pdp:
rameshiyer27bc8a6a42024-03-11 17:18:11 +0000[diff] [blame]131 enabled: false
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]132 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]133 config:
134 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]135policy-distribution:
136 enabled: true
137 db: *dbSecretsHook
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]138policy-clamp-ac-k8s-ppnt:
rameshiyer2701b8cc02021-09-21 15:07:50 +0100[diff] [blame]139 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]140policy-clamp-ac-pf-ppnt:
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]141 enabled: true
142 restServer:
143 apiUserExternalSecret: *policyApiCredsSecret
144 papUserExternalSecret: *policyPapCredsSecret
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]145policy-clamp-ac-http-ppnt:
rameshiyer273c3402d2021-09-21 15:14:39 +0100[diff] [blame]146 enabled: true
aravind.est8d728302022-12-07 12:26:28 +0000[diff] [blame]147policy-clamp-ac-a1pms-ppnt:
148 enabled: true
aravind.est0879dfc2023-02-22 09:05:50 +0000[diff] [blame]149policy-clamp-ac-kserve-ppnt:
150 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]151policy-clamp-runtime-acm:
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]152 enabled: true
153 db: *dbSecretsHook
154 config:
155 appUserExternalSecret: *policyAppCredsSecret
efiacor6910bbe2023-03-03 14:53:16 +0000[diff] [blame]156policy-nexus:
157 enabled: false
158 config:
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]159 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
ktimoneyb3aef7b2021-09-13 08:27:58 +0100[diff] [blame]160policy-gui:
amatthews736bf372021-12-14 16:04:15 +0000[diff] [blame]161 enabled: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]162 config:
163 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]164
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]165#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]166# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]167#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]168
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]169dbmigrator:
saul.gill99649272023-12-12 16:14:52 +0000[diff] [blame]170 image: onap/policy-db-migrator:3.1.0
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]171 schema: policyadmin
172 policy_home: "/opt/app/policy"
173
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]174subChartsOnly:
175 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300[diff] [blame]176
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]177# flag to enable debugging - application support required
178debugEnabled: false
179
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]180# default number of instances
181replicaCount: 1
182
183nodeSelector: {}
184
185affinity: {}
186
187# probe configuration parameters
188liveness:
189 initialDelaySeconds: 10
190 periodSeconds: 10
191 # necessary to disable liveness probe when setting breakpoints
192 # in debugger so K8s doesn't restart unresponsive container
193 enabled: true
194
195readiness:
196 initialDelaySeconds: 10
197 periodSeconds: 10
198
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]199
200config:
201 policyAppUserName: runtimeUser
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]202 policyPdpPapTopic:
203 name: policy-pdp-pap
204 partitions: 10
205 retentionMs: 7200000
206 segmentBytes: 1073741824
207 consumer:
208 groupId: policy-group
209 policyHeartbeatTopic:
210 name: policy-heartbeat
211 partitions: 10
212 retentionMs: 7200000
213 segmentBytes: 1073741824
214 consumer:
215 groupId: policy-group
216 policyNotificationTopic:
217 name: policy-notification
218 partitions: 10
219 retentionMs: 7200000
220 segmentBytes: 1073741824
221 consumer:
222 groupId: policy-group
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]223 someConfig: blah
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]224
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]225mariadb-galera:
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]226 # mariadb-galera.config and global.mariadbGalera.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]227 db:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]228 user: policy-user
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]229 # password:
230 externalSecret: *dbSecretName
231 name: &mysqlDbName policyadmin
232 rootUser:
233 externalSecret: *dbRootPassSecretName
Andreas Geissler53490fa2024-04-17 09:42:16 +0200[diff] [blame^]234 nameOverride: *mariadbService
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]235 # mariadb-galera.service and global.mariadbGalera.service must be equals
Andreas Geissler53490fa2024-04-17 09:42:16 +0200[diff] [blame^]236 service:
237 name: *mariadbService
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]238 replicaCount: 1
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]239 mariadbOperator:
240 galera:
241 enabled: false
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]242 persistence:
243 enabled: true
244 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]245 serviceAccount:
Andreas Geissler53490fa2024-04-17 09:42:16 +0200[diff] [blame^]246 nameOverride: *mariadbService
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]247
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]248postgresImage: library/postgres:latest
249# application configuration override for postgres
250postgres:
251 nameOverride: &postgresName policy-postgres
252 service:
253 name: *postgresName
254 name2: policy-pg-primary
255 name3: policy-pg-replica
256 container:
257 name:
258 primary: policy-pg-primary
259 replica: policy-pg-replica
260 persistence:
261 mountSubPath: policy/postgres/data
262 mountInitPath: policy
263 config:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]264 pgUserName: policy-user
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]265 pgDatabase: policyadmin
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]266 pgUserExternalSecret: *dbSecretName
267 pgRootPasswordExternalSecret: *dbRootPassSecretName
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]268
269readinessCheck:
Andreas Geissleree119102024-04-11 13:53:39 +0200[diff] [blame]270 wait_for_postgres:
271 services:
272 - '{{ .Values.global.postgres.service.name2 }}'
273 wait_for_mariadb:
274 services:
275 - '{{ include "common.mariadbService" . }}'
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]276
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]277restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]278 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]279 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]280 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]281 policyApiUserPassword: zb!XztG34
282
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]283# Resource Limit flavor -By Default using small
284# Segregation for Different environment (small, large, or unlimited)
285flavor: small
286resources:
287 small:
288 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]289 cpu: "1"
290 memory: "4Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]291 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]292 cpu: "100m"
293 memory: "1Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]294 large:
295 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]296 cpu: "2"
297 memory: "8Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]298 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]299 cpu: "200m"
300 memory: "2Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]301 unlimited: {}
302
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]303#Pods Service Account
304serviceAccount:
305 nameOverride: policy
306 roles:
307 - read