blob: 851c8957ae46e835213fc787072a7bab69555235 [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00001# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -05002# Modifications Copyright © 2018-2020 AT&T Intellectual Property
jhhd74fe9f2021-04-15 11:04:39 -05003# Modifications Copyright (C) 2021 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +00004#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +000017#################################################################
18# Global configuration defaults.
19#################################################################
20global:
jhhd4258672020-08-09 12:08:08 -050021 aafEnabled: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010022 mariadb:
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010026 mysqlDatabase: policyadmin
27 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010028 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +010029 internalPort: 3306
mayankg2703ced85142018-03-20 05:42:53 +000030
31#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020032# Secrets metaconfig
33#################################################################
34secrets:
35 - uid: db-root-password
36 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
37 type: password
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010038 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
39 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020040 policy: generate
41 - uid: db-secret
42 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
43 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +010044 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
45 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
46 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020047 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +010048 - uid: policy-app-user-creds
49 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
50 type: basicAuth
51 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
52 login: '{{ .Values.config.policyAppUserName }}'
53 password: '{{ .Values.config.policyAppUserPassword }}'
54 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +010055 - uid: policy-pap-user-creds
56 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
57 type: basicAuth
58 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
59 login: '{{ .Values.restServer.policyPapUserName }}'
60 password: '{{ .Values.restServer.policyPapUserPassword }}'
61 passwordPolicy: required
62 - uid: policy-api-user-creds
63 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
64 type: basicAuth
65 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
66 login: '{{ .Values.restServer.policyApiUserName }}'
67 password: '{{ .Values.restServer.policyApiUserPassword }}'
68 passwordPolicy: required
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +020069
jhhd4258672020-08-09 12:08:08 -050070db: &dbSecretsHook
71 credsExternalSecret: *dbSecretName
72
73policy-api:
74 enabled: true
75 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +010076 restServer:
77 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -050078policy-pap:
79 enabled: true
80 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +010081 restServer:
82 papUserExternalSecret: *policyPapCredsSecret
83 apiUserExternalSecret: *policyApiCredsSecret
jhhd4258672020-08-09 12:08:08 -050084policy-xacml-pdp:
85 enabled: true
86 db: *dbSecretsHook
87policy-apex-pdp:
88 enabled: true
89 db: *dbSecretsHook
90policy-drools-pdp:
91 enabled: true
92 db: *dbSecretsHook
93policy-distribution:
94 enabled: true
95 db: *dbSecretsHook
sebdet5c449882021-01-13 11:35:56 +010096policy-clamp-be:
97 enabled: true
98 db: *dbSecretsHook
saul.gill7124a4b2021-09-09 12:02:49 +010099 config:
100 appUserExternalSecret: *policyAppCredsSecret
sebdet5c449882021-01-13 11:35:56 +0100101policy-clamp-fe:
102 enabled: true
rameshiyer2701b8cc02021-09-21 15:07:50 +0100103policy-clamp-cl-k8s-ppnt:
104 enabled: true
rameshiyer27ff176652021-09-21 15:19:05 +0100105policy-clamp-cl-pf-ppnt:
106 enabled: true
107 restServer:
108 apiUserExternalSecret: *policyApiCredsSecret
109 papUserExternalSecret: *policyPapCredsSecret
rameshiyer273c3402d2021-09-21 15:14:39 +0100110policy-clamp-cl-http-ppnt:
111 enabled: true
jhhd4258672020-08-09 12:08:08 -0500112policy-nexus:
jhhbf8d8a92020-09-10 14:01:49 -0500113 enabled: false
saul.gill7124a4b2021-09-09 12:02:49 +0100114policy-clamp-cl-runtime:
115 enabled: true
116 db: *dbSecretsHook
117 config:
118 appUserExternalSecret: *policyAppCredsSecret
ktimoneyb3aef7b2021-09-13 08:27:58 +0100119policy-gui:
120 enabled: true
jhhd4258672020-08-09 12:08:08 -0500121
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200122#################################################################
jhhd4258672020-08-09 12:08:08 -0500123# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000124#################################################################
jhhd4258672020-08-09 12:08:08 -0500125
mayankg2703ced85142018-03-20 05:42:53 +0000126repository: nexus3.onap.org:10001
kerenj3b697f62017-08-23 11:21:21 +0000127pullPolicy: Always
Alexis de Talhouëtdf4db0b2017-12-11 08:36:25 -0500128
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +0100129mariadb:
130 image: mariadb:10.5.8
131
jhhd74fe9f2021-04-15 11:04:39 -0500132dbmigrator:
liamfallon66c78e52021-10-14 13:15:45 +0100133 image: onap/policy-db-migrator:2.3.1
jhhd74fe9f2021-04-15 11:04:39 -0500134 schema: policyadmin
135 policy_home: "/opt/app/policy"
136
mayankg2703ced85142018-03-20 05:42:53 +0000137subChartsOnly:
138 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300139
mayankg2703ced85142018-03-20 05:42:53 +0000140# flag to enable debugging - application support required
141debugEnabled: false
142
mayankg2703ced85142018-03-20 05:42:53 +0000143# default number of instances
144replicaCount: 1
145
146nodeSelector: {}
147
148affinity: {}
149
150# probe configuration parameters
151liveness:
152 initialDelaySeconds: 10
153 periodSeconds: 10
154 # necessary to disable liveness probe when setting breakpoints
155 # in debugger so K8s doesn't restart unresponsive container
156 enabled: true
157
158readiness:
159 initialDelaySeconds: 10
160 periodSeconds: 10
161
saul.gill7124a4b2021-09-09 12:02:49 +0100162
163config:
164 policyAppUserName: runtimeUser
165
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100166mariadb-galera:
167 # mariadb-galera.config and global.mariadb.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100168 db:
169 user: policy_user
170 # password:
171 externalSecret: *dbSecretName
172 name: &mysqlDbName policyadmin
173 rootUser:
174 externalSecret: *dbRootPassSecretName
175 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100176 # mariadb-galera.service and global.mariadb.service must be equals
177 service: *mariadbService
178 replicaCount: 1
179 persistence:
180 enabled: true
181 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100182 serviceAccount:
183 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100184
rameshiyer27ff176652021-09-21 15:19:05 +0100185restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000186 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100187 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000188 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100189 policyApiUserPassword: zb!XztG34
190
jhhbf8d8a92020-09-10 14:01:49 -0500191# Resource Limit flavor -By Default using small
192# Segregation for Different environment (small, large, or unlimited)
193flavor: small
194resources:
195 small:
196 limits:
197 cpu: 1
198 memory: 4Gi
199 requests:
200 cpu: 100m
201 memory: 1Gi
202 large:
203 limits:
204 cpu: 2
205 memory: 8Gi
206 requests:
207 cpu: 200m
208 memory: 2Gi
209 unlimited: {}
210
farida azmyc1178372021-04-11 12:55:33 +0200211#Pods Service Account
212serviceAccount:
213 nameOverride: policy
214 roles:
215 - read