Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 5fa1a05b3142c1f70757d5ce5b4519e574f6f5b2 / . / kubernetes / policy / values.yaml
blob: 9d08080cf7a52e1ce41e21b6c831ab30548b9d9e [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]1# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]2# Modifications Copyright © 2018-2020 AT&T Intellectual Property
efiacorab235f42023-02-15 11:51:52 +0000[diff] [blame]3# Modifications Copyright (C) 2021-2023 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]17#################################################################
18# Global configuration defaults.
19#################################################################
20global:
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]21 mariadbGalera:
22 # flag to enable the DB creation via mariadb-operator
23 useOperator: true
24 # if useOperator set to "true", set "enableServiceAccount to "false"
25 # as the SA is created by the Operator
26 enableServiceAccount: false
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]27 localCluster: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]28 # '&mariadbConfig' means we "store" the values for later use in the file
29 # with '*mariadbConfig' pointer.
30 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]31 mysqlDatabase: policyadmin
32 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]33 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]34 internalPort: 3306
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]35 nameOverride: *policy-mariadb
36 # (optional) if localCluster=false and an external secret is used set this variable
37 #userRootSecret: <secretName>
Rashmi Pujarec452b52022-04-21 12:29:14 -0400[diff] [blame]38 prometheusEnabled: false
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]39 postgres:
40 localCluster: false
41 service:
42 name: pgset
43 name2: tcp-pgset-primary
44 name3: tcp-pgset-replica
45 container:
46 name: postgres
efiacor6910bbe2023-03-03 14:53:16 +0000[diff] [blame]47 #Strimzi Kafka properties
48 useStrimziKafka: true
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]49 # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
50 useStrimziKafkaPf: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]51 kafkaBootstrap: strimzi-kafka-bootstrap
52 policyKafkaUser: policy-kafka-user
efiacor6910bbe2023-03-03 14:53:16 +0000[diff] [blame]53 kafkaTopics:
54 acRuntimeTopic:
55 name: policy.clamp-runtime-acm
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]56
57#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]58# Secrets metaconfig
59#################################################################
60secrets:
61 - uid: db-root-password
62 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
63 type: password
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]64 externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
65 ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
66 ternary
67 ""
68 (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
69 )
70 ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
71 ternary
72 .Values.global.mariadbGalera.userRootSecret
73 (include "common.mariadb.secret.rootPassSecretName"
74 (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
75 )
76 ) }}'
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]77 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]78 policy: generate
79 - uid: db-secret
80 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
81 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]82 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
83 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
84 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]85 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]86 - uid: policy-app-user-creds
87 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
88 type: basicAuth
89 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
90 login: '{{ .Values.config.policyAppUserName }}'
91 password: '{{ .Values.config.policyAppUserPassword }}'
92 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]93 - uid: policy-pap-user-creds
94 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
95 type: basicAuth
96 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
97 login: '{{ .Values.restServer.policyPapUserName }}'
98 password: '{{ .Values.restServer.policyPapUserPassword }}'
99 passwordPolicy: required
100 - uid: policy-api-user-creds
101 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
102 type: basicAuth
103 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
104 login: '{{ .Values.restServer.policyApiUserName }}'
105 password: '{{ .Values.restServer.policyApiUserPassword }}'
106 passwordPolicy: required
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]107
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]108db: &dbSecretsHook
109 credsExternalSecret: *dbSecretName
110
111policy-api:
112 enabled: true
113 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]114 restServer:
115 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]116 config:
117 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]118policy-pap:
119 enabled: true
120 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]121 restServer:
122 papUserExternalSecret: *policyPapCredsSecret
123 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]124 config:
125 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]126policy-xacml-pdp:
127 enabled: true
128 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]129 config:
130 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]131policy-apex-pdp:
132 enabled: true
133 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]134 config:
135 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]136policy-drools-pdp:
137 enabled: true
138 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]139 config:
140 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]141policy-distribution:
142 enabled: true
143 db: *dbSecretsHook
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]144policy-clamp-ac-k8s-ppnt:
rameshiyer2701b8cc02021-09-21 15:07:50 +0100[diff] [blame]145 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]146policy-clamp-ac-pf-ppnt:
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]147 enabled: true
148 restServer:
149 apiUserExternalSecret: *policyApiCredsSecret
150 papUserExternalSecret: *policyPapCredsSecret
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]151policy-clamp-ac-http-ppnt:
rameshiyer273c3402d2021-09-21 15:14:39 +0100[diff] [blame]152 enabled: true
aravind.est8d728302022-12-07 12:26:28 +0000[diff] [blame]153policy-clamp-ac-a1pms-ppnt:
154 enabled: true
aravind.est0879dfc2023-02-22 09:05:50 +0000[diff] [blame]155policy-clamp-ac-kserve-ppnt:
156 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]157policy-clamp-runtime-acm:
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]158 enabled: true
159 db: *dbSecretsHook
160 config:
161 appUserExternalSecret: *policyAppCredsSecret
efiacor6910bbe2023-03-03 14:53:16 +0000[diff] [blame]162policy-nexus:
163 enabled: false
164 config:
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]165 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
ktimoneyb3aef7b2021-09-13 08:27:58 +0100[diff] [blame]166policy-gui:
amatthews736bf372021-12-14 16:04:15 +0000[diff] [blame]167 enabled: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]168 config:
169 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]170
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]171#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]172# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]173#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]174
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]175dbmigrator:
saul.gill99649272023-12-12 16:14:52 +0000[diff] [blame]176 image: onap/policy-db-migrator:3.1.0
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]177 schema: policyadmin
178 policy_home: "/opt/app/policy"
179
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]180subChartsOnly:
181 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300[diff] [blame]182
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]183# flag to enable debugging - application support required
184debugEnabled: false
185
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]186# default number of instances
187replicaCount: 1
188
189nodeSelector: {}
190
191affinity: {}
192
193# probe configuration parameters
194liveness:
195 initialDelaySeconds: 10
196 periodSeconds: 10
197 # necessary to disable liveness probe when setting breakpoints
198 # in debugger so K8s doesn't restart unresponsive container
199 enabled: true
200
201readiness:
202 initialDelaySeconds: 10
203 periodSeconds: 10
204
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]205
206config:
207 policyAppUserName: runtimeUser
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]208 useStrimziKafka: true
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]209 policyPdpPapTopic:
210 name: policy-pdp-pap
211 partitions: 10
212 retentionMs: 7200000
213 segmentBytes: 1073741824
214 consumer:
215 groupId: policy-group
216 policyHeartbeatTopic:
217 name: policy-heartbeat
218 partitions: 10
219 retentionMs: 7200000
220 segmentBytes: 1073741824
221 consumer:
222 groupId: policy-group
223 policyNotificationTopic:
224 name: policy-notification
225 partitions: 10
226 retentionMs: 7200000
227 segmentBytes: 1073741824
228 consumer:
229 groupId: policy-group
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]230 someConfig: blah
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]231
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]232mariadb-galera:
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]233 # mariadb-galera.config and global.mariadbGalera.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]234 db:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]235 user: policy-user
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]236 # password:
237 externalSecret: *dbSecretName
238 name: &mysqlDbName policyadmin
239 rootUser:
240 externalSecret: *dbRootPassSecretName
241 nameOverride: *policy-mariadb
Andreas Geisslerfd5b5962024-01-23 11:26:47 +0100[diff] [blame]242 # mariadb-galera.service and global.mariadbGalera.service must be equals
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]243 service: *mariadbService
244 replicaCount: 1
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]245 mariadbOperator:
246 galera:
247 enabled: false
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]248 persistence:
249 enabled: true
250 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]251 serviceAccount:
252 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]253
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]254postgresImage: library/postgres:latest
255# application configuration override for postgres
256postgres:
257 nameOverride: &postgresName policy-postgres
258 service:
259 name: *postgresName
260 name2: policy-pg-primary
261 name3: policy-pg-replica
262 container:
263 name:
264 primary: policy-pg-primary
265 replica: policy-pg-replica
266 persistence:
267 mountSubPath: policy/postgres/data
268 mountInitPath: policy
269 config:
Andreas Geisslercfd84342023-08-16 17:18:49 +0200[diff] [blame]270 pgUserName: policy-user
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]271 pgDatabase: policyadmin
saul.gillef208b02023-04-26 16:16:05 +0100[diff] [blame]272 pgUserExternalSecret: *dbSecretName
273 pgRootPasswordExternalSecret: *dbRootPassSecretName
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]274
275readinessCheck:
276 wait_for:
277 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
Andreas Geissler060bc372024-03-11 17:26:53 +0100[diff] [blame]278 wait_for_global_operator:
279 pods:
280 - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
281 wait_for_local_operator:
282 pods:
283 - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
284 wait_for_global:
285 apps:
286 - '{{ include "common.mariadbAppName" . }}'
287 wait_for_local:
288 apps:
289 - '{{ include "common.mariadbAppName" . }}'
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]290
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]291restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]292 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]293 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]294 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]295 policyApiUserPassword: zb!XztG34
296
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]297# Resource Limit flavor -By Default using small
298# Segregation for Different environment (small, large, or unlimited)
299flavor: small
300resources:
301 small:
302 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]303 cpu: "1"
304 memory: "4Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]305 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]306 cpu: "100m"
307 memory: "1Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]308 large:
309 limits:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]310 cpu: "2"
311 memory: "8Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]312 requests:
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]313 cpu: "200m"
314 memory: "2Gi"
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]315 unlimited: {}
316
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]317#Pods Service Account
318serviceAccount:
319 nameOverride: policy
320 roles:
321 - read