vaibhav_16dec | e04b2fe | 2018-03-22 09:07:12 +0000 | [diff] [blame] | 1 | # Copyright © 2017 Amdocs, Bell Canada |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 2 | # Modifications Copyright © 2018-2020 AT&T Intellectual Property |
jhh | d74fe9f | 2021-04-15 11:04:39 -0500 | [diff] [blame] | 3 | # Modifications Copyright (C) 2021 Nordix Foundation. |
vaibhav_16dec | e04b2fe | 2018-03-22 09:07:12 +0000 | [diff] [blame] | 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 17 | ################################################################# |
| 18 | # Global configuration defaults. |
| 19 | ################################################################# |
| 20 | global: |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 21 | aafEnabled: true |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 22 | mariadb: |
| 23 | # '&mariadbConfig' means we "store" the values for later use in the file |
| 24 | # with '*mariadbConfig' pointer. |
| 25 | config: &mariadbConfig |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 26 | mysqlDatabase: policyadmin |
| 27 | service: &mariadbService |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 28 | name: &policy-mariadb policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 29 | internalPort: 3306 |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 30 | |
| 31 | ################################################################# |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 32 | # Secrets metaconfig |
| 33 | ################################################################# |
| 34 | secrets: |
| 35 | - uid: db-root-password |
| 36 | name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' |
| 37 | type: password |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 38 | externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' |
| 39 | password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 40 | policy: generate |
| 41 | - uid: db-secret |
| 42 | name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' |
| 43 | type: basicAuth |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 44 | externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' |
| 45 | login: '{{ index .Values "mariadb-galera" "db" "user" }}' |
| 46 | password: '{{ index .Values "mariadb-galera" "db" "password" }}' |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 47 | passwordPolicy: generate |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 48 | - uid: policy-app-user-creds |
| 49 | name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds' |
| 50 | type: basicAuth |
| 51 | externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}' |
| 52 | login: '{{ .Values.config.policyAppUserName }}' |
| 53 | password: '{{ .Values.config.policyAppUserPassword }}' |
| 54 | passwordPolicy: generate |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 55 | - uid: policy-pap-user-creds |
| 56 | name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' |
| 57 | type: basicAuth |
| 58 | externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' |
| 59 | login: '{{ .Values.restServer.policyPapUserName }}' |
| 60 | password: '{{ .Values.restServer.policyPapUserPassword }}' |
| 61 | passwordPolicy: required |
| 62 | - uid: policy-api-user-creds |
| 63 | name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' |
| 64 | type: basicAuth |
| 65 | externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' |
| 66 | login: '{{ .Values.restServer.policyApiUserName }}' |
| 67 | password: '{{ .Values.restServer.policyApiUserPassword }}' |
| 68 | passwordPolicy: required |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 69 | |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 70 | db: &dbSecretsHook |
| 71 | credsExternalSecret: *dbSecretName |
| 72 | |
| 73 | policy-api: |
| 74 | enabled: true |
| 75 | db: *dbSecretsHook |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 76 | restServer: |
| 77 | apiUserExternalSecret: *policyApiCredsSecret |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 78 | policy-pap: |
| 79 | enabled: true |
| 80 | db: *dbSecretsHook |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 81 | restServer: |
| 82 | papUserExternalSecret: *policyPapCredsSecret |
| 83 | apiUserExternalSecret: *policyApiCredsSecret |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 84 | policy-xacml-pdp: |
| 85 | enabled: true |
| 86 | db: *dbSecretsHook |
| 87 | policy-apex-pdp: |
| 88 | enabled: true |
| 89 | db: *dbSecretsHook |
| 90 | policy-drools-pdp: |
| 91 | enabled: true |
| 92 | db: *dbSecretsHook |
| 93 | policy-distribution: |
| 94 | enabled: true |
| 95 | db: *dbSecretsHook |
sebdet | 5c44988 | 2021-01-13 11:35:56 +0100 | [diff] [blame] | 96 | policy-clamp-be: |
| 97 | enabled: true |
| 98 | db: *dbSecretsHook |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 99 | config: |
| 100 | appUserExternalSecret: *policyAppCredsSecret |
sebdet | 5c44988 | 2021-01-13 11:35:56 +0100 | [diff] [blame] | 101 | policy-clamp-fe: |
| 102 | enabled: true |
rameshiyer27 | 01b8cc0 | 2021-09-21 15:07:50 +0100 | [diff] [blame] | 103 | policy-clamp-cl-k8s-ppnt: |
| 104 | enabled: true |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 105 | policy-clamp-cl-pf-ppnt: |
| 106 | enabled: true |
| 107 | restServer: |
| 108 | apiUserExternalSecret: *policyApiCredsSecret |
| 109 | papUserExternalSecret: *policyPapCredsSecret |
rameshiyer27 | 3c3402d | 2021-09-21 15:14:39 +0100 | [diff] [blame] | 110 | policy-clamp-cl-http-ppnt: |
| 111 | enabled: true |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 112 | policy-nexus: |
jhh | bf8d8a9 | 2020-09-10 14:01:49 -0500 | [diff] [blame] | 113 | enabled: false |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 114 | policy-clamp-cl-runtime: |
| 115 | enabled: true |
| 116 | db: *dbSecretsHook |
| 117 | config: |
| 118 | appUserExternalSecret: *policyAppCredsSecret |
ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 119 | policy-gui: |
| 120 | enabled: true |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 121 | |
Krzysztof Opasiak | 98a79cc | 2020-04-01 22:33:58 +0200 | [diff] [blame] | 122 | ################################################################# |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 123 | # DB configuration defaults. |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 124 | ################################################################# |
jhh | d425867 | 2020-08-09 12:08:08 -0500 | [diff] [blame] | 125 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 126 | repository: nexus3.onap.org:10001 |
kerenj | 3b697f6 | 2017-08-23 11:21:21 +0000 | [diff] [blame] | 127 | pullPolicy: Always |
Alexis de Talhouët | df4db0b | 2017-12-11 08:36:25 -0500 | [diff] [blame] | 128 | |
Sylvain Desbureaux | 7c8c686 | 2020-11-19 18:02:37 +0100 | [diff] [blame] | 129 | mariadb: |
| 130 | image: mariadb:10.5.8 |
| 131 | |
jhh | d74fe9f | 2021-04-15 11:04:39 -0500 | [diff] [blame] | 132 | dbmigrator: |
liamfallon | 66c78e5 | 2021-10-14 13:15:45 +0100 | [diff] [blame] | 133 | image: onap/policy-db-migrator:2.3.1 |
jhh | d74fe9f | 2021-04-15 11:04:39 -0500 | [diff] [blame] | 134 | schema: policyadmin |
| 135 | policy_home: "/opt/app/policy" |
| 136 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 137 | subChartsOnly: |
| 138 | enabled: true |
BorislavG | 5f3b619 | 2018-03-25 18:12:38 +0300 | [diff] [blame] | 139 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 140 | # flag to enable debugging - application support required |
| 141 | debugEnabled: false |
| 142 | |
mayankg2703 | ced8514 | 2018-03-20 05:42:53 +0000 | [diff] [blame] | 143 | # default number of instances |
| 144 | replicaCount: 1 |
| 145 | |
| 146 | nodeSelector: {} |
| 147 | |
| 148 | affinity: {} |
| 149 | |
| 150 | # probe configuration parameters |
| 151 | liveness: |
| 152 | initialDelaySeconds: 10 |
| 153 | periodSeconds: 10 |
| 154 | # necessary to disable liveness probe when setting breakpoints |
| 155 | # in debugger so K8s doesn't restart unresponsive container |
| 156 | enabled: true |
| 157 | |
| 158 | readiness: |
| 159 | initialDelaySeconds: 10 |
| 160 | periodSeconds: 10 |
| 161 | |
saul.gill | 7124a4b | 2021-09-09 12:02:49 +0100 | [diff] [blame] | 162 | |
| 163 | config: |
| 164 | policyAppUserName: runtimeUser |
| 165 | |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 166 | mariadb-galera: |
| 167 | # mariadb-galera.config and global.mariadb.config must be equals |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 168 | db: |
| 169 | user: policy_user |
| 170 | # password: |
| 171 | externalSecret: *dbSecretName |
| 172 | name: &mysqlDbName policyadmin |
| 173 | rootUser: |
| 174 | externalSecret: *dbRootPassSecretName |
| 175 | nameOverride: *policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 176 | # mariadb-galera.service and global.mariadb.service must be equals |
| 177 | service: *mariadbService |
| 178 | replicaCount: 1 |
| 179 | persistence: |
| 180 | enabled: true |
| 181 | mountSubPath: policy/maria/data |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 182 | serviceAccount: |
| 183 | nameOverride: *policy-mariadb |
Sylvain Desbureaux | 4898dc0 | 2019-11-14 13:35:13 +0100 | [diff] [blame] | 184 | |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 185 | restServer: |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 186 | policyPapUserName: policyadmin |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 187 | policyPapUserPassword: zb!XztG34 |
adheli.tavares | f3656cd | 2021-11-10 14:54:32 +0000 | [diff] [blame] | 188 | policyApiUserName: policyadmin |
rameshiyer27 | ff17665 | 2021-09-21 15:19:05 +0100 | [diff] [blame] | 189 | policyApiUserPassword: zb!XztG34 |
| 190 | |
jhh | bf8d8a9 | 2020-09-10 14:01:49 -0500 | [diff] [blame] | 191 | # Resource Limit flavor -By Default using small |
| 192 | # Segregation for Different environment (small, large, or unlimited) |
| 193 | flavor: small |
| 194 | resources: |
| 195 | small: |
| 196 | limits: |
| 197 | cpu: 1 |
| 198 | memory: 4Gi |
| 199 | requests: |
| 200 | cpu: 100m |
| 201 | memory: 1Gi |
| 202 | large: |
| 203 | limits: |
| 204 | cpu: 2 |
| 205 | memory: 8Gi |
| 206 | requests: |
| 207 | cpu: 200m |
| 208 | memory: 2Gi |
| 209 | unlimited: {} |
| 210 | |
farida azmy | c117837 | 2021-04-11 12:55:33 +0200 | [diff] [blame] | 211 | #Pods Service Account |
| 212 | serviceAccount: |
| 213 | nameOverride: policy |
| 214 | roles: |
| 215 | - read |