vaibhav_16dec | e04b2fe | 2018-03-22 09:07:12 +0000 | [diff] [blame] | 1 | # Copyright © 2017 Amdocs, Bell Canada |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 2 | # Modifications Copyright © 2018-2020 AT&T Intellectual Property |
efiacor | ab235f4 | 2023-02-15 11:51:52 +0000 | [diff] [blame] | 3 | # Modifications Copyright (C) 2021-2023 Nordix Foundation. |
vaibhav_16dec | e04b2fe | 2018-03-22 09:07:12 +0000 | [diff] [blame] | 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 17 | ################################################################# |
| 18 | # Global configuration defaults. |
| 19 | ################################################################# |
| 20 | global: |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 21 | mariadb: |
saul.gill | ef208b0 | 2023-04-26 16:16:05 +0100 | [diff] [blame] | 22 | localCluster: true |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 23 | # '&mariadbConfig' means we "store" the values for later use in the file |
| 24 | # with '*mariadbConfig' pointer. |
| 25 | config: &mariadbConfig |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 26 | mysqlDatabase: policyadmin |
| 27 | service: &mariadbService |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 28 | name: &policy-mariadb policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 29 | internalPort: 3306 |
Rashmi Pujar | ec452b5 | 2022-04-21 12:29:14 -0400 | [diff] [blame] | 30 | prometheusEnabled: false |
waynedunican | 368aced | 2022-02-15 08:27:57 +0000 | [diff] [blame] | 31 | postgres: |
| 32 | localCluster: false |
| 33 | service: |
| 34 | name: pgset |
| 35 | name2: tcp-pgset-primary |
| 36 | name3: tcp-pgset-replica |
| 37 | container: |
| 38 | name: postgres |
efiacor | 6910bbe | 2023-03-03 14:53:16 +0000 | [diff] [blame] | 39 | #Strimzi Kafka properties |
| 40 | useStrimziKafka: true |
saul.gill | ef208b0 | 2023-04-26 16:16:05 +0100 | [diff] [blame] | 41 | # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml |
| 42 | useStrimziKafkaPf: false |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 43 | kafkaBootstrap: strimzi-kafka-bootstrap |
| 44 | policyKafkaUser: policy-kafka-user |
efiacor | 6910bbe | 2023-03-03 14:53:16 +0000 | [diff] [blame] | 45 | kafkaTopics: |
| 46 | acRuntimeTopic: |
| 47 | name: policy.clamp-runtime-acm |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 48 | |
| 49 | ################################################################# |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 50 | # Secrets metaconfig |
| 51 | ################################################################# |
| 52 | secrets: |
| 53 | - uid: db-root-password |
| 54 | name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' |
| 55 | type: password |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 56 | externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' |
| 57 | password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 58 | policy: generate |
| 59 | - uid: db-secret |
| 60 | name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' |
| 61 | type: basicAuth |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 62 | externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' |
| 63 | login: '{{ index .Values "mariadb-galera" "db" "user" }}' |
| 64 | password: '{{ index .Values "mariadb-galera" "db" "password" }}' |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 65 | passwordPolicy: generate |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 66 | - uid: policy-app-user-creds |
| 67 | name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' |
| 68 | type: basicAuth |
| 69 | externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' |
| 70 | login: '{{ .Values.config.policyAppUserName }}' |
| 71 | password: '{{ .Values.config.policyAppUserPassword }}' |
| 72 | passwordPolicy: generate |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 73 | - uid: policy-pap-user-creds |
| 74 | name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' |
| 75 | type: basicAuth |
| 76 | externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' |
| 77 | login: '{{ .Values.restServer.policyPapUserName }}' |
| 78 | password: '{{ .Values.restServer.policyPapUserPassword }}' |
| 79 | passwordPolicy: required |
| 80 | - uid: policy-api-user-creds |
| 81 | name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' |
| 82 | type: basicAuth |
| 83 | externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' |
| 84 | login: '{{ .Values.restServer.policyApiUserName }}' |
| 85 | password: '{{ .Values.restServer.policyApiUserPassword }}' |
| 86 | passwordPolicy: required |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 87 | |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 88 | db: &dbSecretsHook |
| 89 | credsExternalSecret: *dbSecretName |
| 90 | |
| 91 | policy-api: |
| 92 | enabled: true |
| 93 | db: *dbSecretsHook |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 94 | restServer: |
| 95 | apiUserExternalSecret: *policyApiCredsSecret |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 96 | config: |
| 97 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 98 | policy-pap: |
| 99 | enabled: true |
| 100 | db: *dbSecretsHook |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 101 | restServer: |
| 102 | papUserExternalSecret: *policyPapCredsSecret |
| 103 | apiUserExternalSecret: *policyApiCredsSecret |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 104 | config: |
| 105 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 106 | policy-xacml-pdp: |
| 107 | enabled: true |
| 108 | db: *dbSecretsHook |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 109 | config: |
| 110 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 111 | policy-apex-pdp: |
| 112 | enabled: true |
| 113 | db: *dbSecretsHook |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 114 | config: |
| 115 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 116 | policy-drools-pdp: |
| 117 | enabled: true |
| 118 | db: *dbSecretsHook |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 119 | config: |
| 120 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 121 | policy-distribution: |
| 122 | enabled: true |
| 123 | db: *dbSecretsHook |
FrancescoFioraEst | 9c79e26 | 2022-02-22 13:12:19 +0000 | [diff] [blame] | 124 | policy-clamp-ac-k8s-ppnt: |
rameshiyer27 | 01b8cc0 | 2021-09-21 15:07:50 +0100 | [diff] [blame] | 125 | enabled: true |
FrancescoFioraEst | 9c79e26 | 2022-02-22 13:12:19 +0000 | [diff] [blame] | 126 | policy-clamp-ac-pf-ppnt: |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 127 | enabled: true |
| 128 | restServer: |
| 129 | apiUserExternalSecret: *policyApiCredsSecret |
| 130 | papUserExternalSecret: *policyPapCredsSecret |
FrancescoFioraEst | 9c79e26 | 2022-02-22 13:12:19 +0000 | [diff] [blame] | 131 | policy-clamp-ac-http-ppnt: |
rameshiyer27 | 3c3402d | 2021-09-21 15:14:39 +0100 | [diff] [blame] | 132 | enabled: true |
aravind.est | 8d72830 | 2022-12-07 12:26:28 +0000 | [diff] [blame] | 133 | policy-clamp-ac-a1pms-ppnt: |
| 134 | enabled: true |
aravind.est | 0879dfc | 2023-02-22 09:05:50 +0000 | [diff] [blame] | 135 | policy-clamp-ac-kserve-ppnt: |
| 136 | enabled: true |
FrancescoFioraEst | 9c79e26 | 2022-02-22 13:12:19 +0000 | [diff] [blame] | 137 | policy-clamp-runtime-acm: |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 138 | enabled: true |
| 139 | db: *dbSecretsHook |
| 140 | config: |
| 141 | appUserExternalSecret: *policyAppCredsSecret |
efiacor | 6910bbe | 2023-03-03 14:53:16 +0000 | [diff] [blame] | 142 | policy-nexus: |
| 143 | enabled: false |
| 144 | config: |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 145 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 146 | policy-gui: |
amatthews | 736bf37 | 2021-12-14 16:04:15 +0000 | [diff] [blame] | 147 | enabled: false |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 148 | config: |
| 149 | jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 150 | |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 151 | ################################################################# |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 152 | # DB configuration defaults. |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 153 | ################################################################# |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 154 | |
jhh | d74fe9f | 2021-04-15 11:04:39 -0500 | [diff] [blame] | 155 | dbmigrator: |
saul.gill | ef208b0 | 2023-04-26 16:16:05 +0100 | [diff] [blame] | 156 | image: onap/policy-db-migrator:2.6.2 |
jhh | d74fe9f | 2021-04-15 11:04:39 -0500 | [diff] [blame] | 157 | schema: policyadmin |
| 158 | policy_home: "/opt/app/policy" |
| 159 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 160 | subChartsOnly: |
| 161 | enabled: true |
BorislavG | 5f3b619 | 2018-03-25 18:12:38 +0300 | [diff] [blame] | 162 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 163 | # flag to enable debugging - application support required |
| 164 | debugEnabled: false |
| 165 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 166 | # default number of instances |
| 167 | replicaCount: 1 |
| 168 | |
| 169 | nodeSelector: {} |
| 170 | |
| 171 | affinity: {} |
| 172 | |
| 173 | # probe configuration parameters |
| 174 | liveness: |
| 175 | initialDelaySeconds: 10 |
| 176 | periodSeconds: 10 |
| 177 | # necessary to disable liveness probe when setting breakpoints |
| 178 | # in debugger so K8s doesn't restart unresponsive container |
| 179 | enabled: true |
| 180 | |
| 181 | readiness: |
| 182 | initialDelaySeconds: 10 |
| 183 | periodSeconds: 10 |
| 184 | |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 185 | |
| 186 | config: |
| 187 | policyAppUserName: runtimeUser |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 188 | useStrimziKafka: true |
Sirisha_Manchikanti | 73c5f00 | 2022-07-25 17:04:45 +0100 | [diff] [blame] | 189 | policyPdpPapTopic: |
| 190 | name: policy-pdp-pap |
| 191 | partitions: 10 |
| 192 | retentionMs: 7200000 |
| 193 | segmentBytes: 1073741824 |
| 194 | consumer: |
| 195 | groupId: policy-group |
| 196 | policyHeartbeatTopic: |
| 197 | name: policy-heartbeat |
| 198 | partitions: 10 |
| 199 | retentionMs: 7200000 |
| 200 | segmentBytes: 1073741824 |
| 201 | consumer: |
| 202 | groupId: policy-group |
| 203 | policyNotificationTopic: |
| 204 | name: policy-notification |
| 205 | partitions: 10 |
| 206 | retentionMs: 7200000 |
| 207 | segmentBytes: 1073741824 |
| 208 | consumer: |
| 209 | groupId: policy-group |
Sirisha_Manchikanti | b402a59 | 2022-09-09 12:01:20 +0100 | [diff] [blame] | 210 | someConfig: blah |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 211 | |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 212 | mariadb-galera: |
| 213 | # mariadb-galera.config and global.mariadb.config must be equals |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 214 | db: |
| 215 | user: policy_user |
| 216 | # password: |
| 217 | externalSecret: *dbSecretName |
| 218 | name: &mysqlDbName policyadmin |
| 219 | rootUser: |
| 220 | externalSecret: *dbRootPassSecretName |
| 221 | nameOverride: *policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 222 | # mariadb-galera.service and global.mariadb.service must be equals |
| 223 | service: *mariadbService |
| 224 | replicaCount: 1 |
| 225 | persistence: |
| 226 | enabled: true |
| 227 | mountSubPath: policy/maria/data |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 228 | serviceAccount: |
| 229 | nameOverride: *policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 230 | |
waynedunican | 368aced | 2022-02-15 08:27:57 +0000 | [diff] [blame] | 231 | postgresImage: library/postgres:latest |
| 232 | # application configuration override for postgres |
| 233 | postgres: |
| 234 | nameOverride: &postgresName policy-postgres |
| 235 | service: |
| 236 | name: *postgresName |
| 237 | name2: policy-pg-primary |
| 238 | name3: policy-pg-replica |
| 239 | container: |
| 240 | name: |
| 241 | primary: policy-pg-primary |
| 242 | replica: policy-pg-replica |
| 243 | persistence: |
| 244 | mountSubPath: policy/postgres/data |
| 245 | mountInitPath: policy |
| 246 | config: |
| 247 | pgUserName: policy_user |
| 248 | pgDatabase: policyadmin |
saul.gill | ef208b0 | 2023-04-26 16:16:05 +0100 | [diff] [blame] | 249 | pgUserExternalSecret: *dbSecretName |
| 250 | pgRootPasswordExternalSecret: *dbRootPassSecretName |
waynedunican | 368aced | 2022-02-15 08:27:57 +0000 | [diff] [blame] | 251 | |
| 252 | readinessCheck: |
| 253 | wait_for: |
| 254 | - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' |
| 255 | |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 256 | restServer: |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 257 | policyPapUserName: policyadmin |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 258 | policyPapUserPassword: zb!XztG34 |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 259 | policyApiUserName: policyadmin |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 260 | policyApiUserPassword: zb!XztG34 |
| 261 | |
jhh | bf8d8a9 | 2020-09-10 14:01:49 -0500 | [diff] [blame] | 262 | # Resource Limit flavor -By Default using small |
| 263 | # Segregation for Different environment (small, large, or unlimited) |
| 264 | flavor: small |
| 265 | resources: |
| 266 | small: |
| 267 | limits: |
| 268 | cpu: 1 |
| 269 | memory: 4Gi |
| 270 | requests: |
| 271 | cpu: 100m |
| 272 | memory: 1Gi |
| 273 | large: |
| 274 | limits: |
| 275 | cpu: 2 |
| 276 | memory: 8Gi |
| 277 | requests: |
| 278 | cpu: 200m |
| 279 | memory: 2Gi |
| 280 | unlimited: {} |
| 281 | |
farida azmy | c117837 | 2021-04-11 12:55:33 +0200 | [diff] [blame] | 282 | #Pods Service Account |
| 283 | serviceAccount: |
| 284 | nameOverride: policy |
| 285 | roles: |
| 286 | - read |