blob: 9027e490f05f202e6e1b6bf9e7ad84df0db2360e [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00001# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -05002# Modifications Copyright © 2018-2020 AT&T Intellectual Property
efiacorab235f42023-02-15 11:51:52 +00003# Modifications Copyright (C) 2021-2023 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00004#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +000017#################################################################
18# Global configuration defaults.
19#################################################################
20global:
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010021 mariadb:
saul.gillef208b02023-04-26 16:16:05 +010022 localCluster: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010023 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010026 mysqlDatabase: policyadmin
27 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010028 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010029 internalPort: 3306
Rashmi Pujarec452b52022-04-21 12:29:14 -040030 prometheusEnabled: false
waynedunican368aced2022-02-15 08:27:57 +000031 postgres:
32 localCluster: false
33 service:
34 name: pgset
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
37 container:
38 name: postgres
efiacor6910bbe2023-03-03 14:53:16 +000039 #Strimzi Kafka properties
40 useStrimziKafka: true
saul.gillef208b02023-04-26 16:16:05 +010041 # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
42 useStrimziKafkaPf: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +010043 kafkaBootstrap: strimzi-kafka-bootstrap
44 policyKafkaUser: policy-kafka-user
efiacor6910bbe2023-03-03 14:53:16 +000045 kafkaTopics:
46 acRuntimeTopic:
47 name: policy.clamp-runtime-acm
mayankg2703ced85142018-03-20 05:42:53 +000048
49#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020050# Secrets metaconfig
51#################################################################
52secrets:
53 - uid: db-root-password
54 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
55 type: password
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010056 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
57 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020058 policy: generate
59 - uid: db-secret
60 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
61 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010062 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
63 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
64 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020065 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +010066 - uid: policy-app-user-creds
67 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
68 type: basicAuth
69 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
70 login: '{{ .Values.config.policyAppUserName }}'
71 password: '{{ .Values.config.policyAppUserPassword }}'
72 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +010073 - uid: policy-pap-user-creds
74 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
75 type: basicAuth
76 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
77 login: '{{ .Values.restServer.policyPapUserName }}'
78 password: '{{ .Values.restServer.policyPapUserPassword }}'
79 passwordPolicy: required
80 - uid: policy-api-user-creds
81 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
82 type: basicAuth
83 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
84 login: '{{ .Values.restServer.policyApiUserName }}'
85 password: '{{ .Values.restServer.policyApiUserPassword }}'
86 passwordPolicy: required
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020087
jhhd4258672020-08-09 12:08:08 -050088db: &dbSecretsHook
89 credsExternalSecret: *dbSecretName
90
91policy-api:
92 enabled: true
93 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +010094 restServer:
95 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +010096 config:
97 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -050098policy-pap:
99 enabled: true
100 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100101 restServer:
102 papUserExternalSecret: *policyPapCredsSecret
103 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100104 config:
105 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500106policy-xacml-pdp:
107 enabled: true
108 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100109 config:
110 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500111policy-apex-pdp:
112 enabled: true
113 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100114 config:
115 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500116policy-drools-pdp:
117 enabled: true
118 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100119 config:
120 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500121policy-distribution:
122 enabled: true
123 db: *dbSecretsHook
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000124policy-clamp-ac-k8s-ppnt:
rameshiyer2701b8cc02021-09-21 15:07:50 +0100125 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000126policy-clamp-ac-pf-ppnt:
rameshiyer27ff176652021-09-21 15:19:05 +0100127 enabled: true
128 restServer:
129 apiUserExternalSecret: *policyApiCredsSecret
130 papUserExternalSecret: *policyPapCredsSecret
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000131policy-clamp-ac-http-ppnt:
rameshiyer273c3402d2021-09-21 15:14:39 +0100132 enabled: true
aravind.est8d728302022-12-07 12:26:28 +0000133policy-clamp-ac-a1pms-ppnt:
134 enabled: true
aravind.est0879dfc2023-02-22 09:05:50 +0000135policy-clamp-ac-kserve-ppnt:
136 enabled: true
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000137policy-clamp-runtime-acm:
saul.gill7124a4b2021-09-09 12:02:49 +0100138 enabled: true
139 db: *dbSecretsHook
140 config:
141 appUserExternalSecret: *policyAppCredsSecret
efiacor6910bbe2023-03-03 14:53:16 +0000142policy-nexus:
143 enabled: false
144 config:
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100145 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
ktimoneyb3aef7b2021-09-13 08:27:58 +0100146policy-gui:
amatthews736bf372021-12-14 16:04:15 +0000147 enabled: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100148 config:
149 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500150
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200151#################################################################
jhhd4258672020-08-09 12:08:08 -0500152# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000153#################################################################
jhhd4258672020-08-09 12:08:08 -0500154
jhhd74fe9f2021-04-15 11:04:39 -0500155dbmigrator:
saul.gillef208b02023-04-26 16:16:05 +0100156 image: onap/policy-db-migrator:2.6.2
jhhd74fe9f2021-04-15 11:04:39 -0500157 schema: policyadmin
158 policy_home: "/opt/app/policy"
159
mayankg2703ced85142018-03-20 05:42:53 +0000160subChartsOnly:
161 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300162
mayankg2703ced85142018-03-20 05:42:53 +0000163# flag to enable debugging - application support required
164debugEnabled: false
165
mayankg2703ced85142018-03-20 05:42:53 +0000166# default number of instances
167replicaCount: 1
168
169nodeSelector: {}
170
171affinity: {}
172
173# probe configuration parameters
174liveness:
175 initialDelaySeconds: 10
176 periodSeconds: 10
177 # necessary to disable liveness probe when setting breakpoints
178 # in debugger so K8s doesn't restart unresponsive container
179 enabled: true
180
181readiness:
182 initialDelaySeconds: 10
183 periodSeconds: 10
184
saul.gill7124a4b2021-09-09 12:02:49 +0100185
186config:
187 policyAppUserName: runtimeUser
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100188 useStrimziKafka: true
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100189 policyPdpPapTopic:
190 name: policy-pdp-pap
191 partitions: 10
192 retentionMs: 7200000
193 segmentBytes: 1073741824
194 consumer:
195 groupId: policy-group
196 policyHeartbeatTopic:
197 name: policy-heartbeat
198 partitions: 10
199 retentionMs: 7200000
200 segmentBytes: 1073741824
201 consumer:
202 groupId: policy-group
203 policyNotificationTopic:
204 name: policy-notification
205 partitions: 10
206 retentionMs: 7200000
207 segmentBytes: 1073741824
208 consumer:
209 groupId: policy-group
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100210 someConfig: blah
saul.gill7124a4b2021-09-09 12:02:49 +0100211
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100212mariadb-galera:
213 # mariadb-galera.config and global.mariadb.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100214 db:
215 user: policy_user
216 # password:
217 externalSecret: *dbSecretName
218 name: &mysqlDbName policyadmin
219 rootUser:
220 externalSecret: *dbRootPassSecretName
221 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100222 # mariadb-galera.service and global.mariadb.service must be equals
223 service: *mariadbService
224 replicaCount: 1
225 persistence:
226 enabled: true
227 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100228 serviceAccount:
229 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100230
waynedunican368aced2022-02-15 08:27:57 +0000231postgresImage: library/postgres:latest
232# application configuration override for postgres
233postgres:
234 nameOverride: &postgresName policy-postgres
235 service:
236 name: *postgresName
237 name2: policy-pg-primary
238 name3: policy-pg-replica
239 container:
240 name:
241 primary: policy-pg-primary
242 replica: policy-pg-replica
243 persistence:
244 mountSubPath: policy/postgres/data
245 mountInitPath: policy
246 config:
247 pgUserName: policy_user
248 pgDatabase: policyadmin
saul.gillef208b02023-04-26 16:16:05 +0100249 pgUserExternalSecret: *dbSecretName
250 pgRootPasswordExternalSecret: *dbRootPassSecretName
waynedunican368aced2022-02-15 08:27:57 +0000251
252readinessCheck:
253 wait_for:
254 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
255
rameshiyer27ff176652021-09-21 15:19:05 +0100256restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000257 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100258 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000259 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100260 policyApiUserPassword: zb!XztG34
261
jhhbf8d8a92020-09-10 14:01:49 -0500262# Resource Limit flavor -By Default using small
263# Segregation for Different environment (small, large, or unlimited)
264flavor: small
265resources:
266 small:
267 limits:
268 cpu: 1
269 memory: 4Gi
270 requests:
271 cpu: 100m
272 memory: 1Gi
273 large:
274 limits:
275 cpu: 2
276 memory: 8Gi
277 requests:
278 cpu: 200m
279 memory: 2Gi
280 unlimited: {}
281
farida azmyc1178372021-04-11 12:55:33 +0200282#Pods Service Account
283serviceAccount:
284 nameOverride: policy
285 roles:
286 - read