Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / a4275991aff6b4dafb19e57325c04ac0fb811a66 / . / kubernetes / policy / values.yaml
blob: 1ee31c2c7c98c19d6fa53cfec10bdaa0ccb8d24c [file] [log] [blame]
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]1# Copyright © 2017 Amdocs, Bell Canada
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]2# Modifications Copyright © 2018-2020 AT&T Intellectual Property
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]3# Modifications Copyright (C) 2021-2022 Nordix Foundation.
vaibhav_16dece04b2fe2018-03-22 09:07:12 +0000[diff] [blame]4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]17#################################################################
18# Global configuration defaults.
19#################################################################
20global:
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]21 aafEnabled: true
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]22 mariadb:
23 # '&mariadbConfig' means we "store" the values for later use in the file
24 # with '*mariadbConfig' pointer.
25 config: &mariadbConfig
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]26 mysqlDatabase: policyadmin
27 service: &mariadbService
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]28 name: &policy-mariadb policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]29 internalPort: 3306
Rashmi Pujarec452b52022-04-21 12:29:14 -0400[diff] [blame]30 prometheusEnabled: false
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]31 postgres:
32 localCluster: false
33 service:
34 name: pgset
35 name2: tcp-pgset-primary
36 name3: tcp-pgset-replica
37 container:
38 name: postgres
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]39 kafkaBootstrap: strimzi-kafka-bootstrap
40 policyKafkaUser: policy-kafka-user
efiacor3f7b3752022-11-28 10:38:56 +0000[diff] [blame]41 policyDistKafkaUser: policy-dist-kafka-user
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]42
43#################################################################
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]44# Secrets metaconfig
45#################################################################
46secrets:
47 - uid: db-root-password
48 name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
49 type: password
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]50 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
51 password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]52 policy: generate
53 - uid: db-secret
54 name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
55 type: basicAuth
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]56 externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
57 login: '{{ index .Values "mariadb-galera" "db" "user" }}'
58 password: '{{ index .Values "mariadb-galera" "db" "password" }}'
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]59 passwordPolicy: generate
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]60 - uid: policy-app-user-creds
61 name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
62 type: basicAuth
63 externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
64 login: '{{ .Values.config.policyAppUserName }}'
65 password: '{{ .Values.config.policyAppUserPassword }}'
66 passwordPolicy: generate
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]67 - uid: policy-pap-user-creds
68 name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
69 type: basicAuth
70 externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
71 login: '{{ .Values.restServer.policyPapUserName }}'
72 password: '{{ .Values.restServer.policyPapUserPassword }}'
73 passwordPolicy: required
74 - uid: policy-api-user-creds
75 name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
76 type: basicAuth
77 externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
78 login: '{{ .Values.restServer.policyApiUserName }}'
79 password: '{{ .Values.restServer.policyApiUserPassword }}'
80 passwordPolicy: required
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]81 - uid: pg-root-pass
82 name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
83 type: password
84 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
85 password: '{{ .Values.postgres.config.pgRootpassword }}'
86 policy: generate
87 - uid: pg-user-creds
88 name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
89 type: basicAuth
90 externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
91 login: '{{ .Values.postgres.config.pgUserName }}'
92 password: '{{ .Values.postgres.config.pgUserPassword }}'
93 passwordPolicy: generate
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]94
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]95db: &dbSecretsHook
96 credsExternalSecret: *dbSecretName
97
98policy-api:
99 enabled: true
100 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]101 restServer:
102 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]103 config:
104 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]105policy-pap:
106 enabled: true
107 db: *dbSecretsHook
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]108 restServer:
109 papUserExternalSecret: *policyPapCredsSecret
110 apiUserExternalSecret: *policyApiCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]111 config:
112 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]113policy-xacml-pdp:
114 enabled: true
115 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]116 config:
117 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]118policy-apex-pdp:
119 enabled: true
120 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]121 config:
122 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]123policy-drools-pdp:
124 enabled: true
125 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]126 config:
127 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]128policy-distribution:
129 enabled: true
130 db: *dbSecretsHook
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]131 config:
efiacor3f7b3752022-11-28 10:38:56 +0000[diff] [blame]132 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}'
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]133policy-clamp-ac-k8s-ppnt:
rameshiyer2701b8cc02021-09-21 15:07:50 +0100[diff] [blame]134 enabled: true
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]135 config:
136 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]137policy-clamp-ac-pf-ppnt:
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]138 enabled: true
139 restServer:
140 apiUserExternalSecret: *policyApiCredsSecret
141 papUserExternalSecret: *policyPapCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]142 config:
143 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]144policy-clamp-ac-http-ppnt:
rameshiyer273c3402d2021-09-21 15:14:39 +0100[diff] [blame]145 enabled: true
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]146 config:
147 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
aravind.est8d728302022-12-07 12:26:28 +0000[diff] [blame]148policy-clamp-ac-a1pms-ppnt:
149 enabled: true
150 config:
151 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]152policy-nexus:
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]153 enabled: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]154 config:
155 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
FrancescoFioraEst9c79e262022-02-22 13:12:19 +0000[diff] [blame]156policy-clamp-runtime-acm:
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]157 enabled: true
158 db: *dbSecretsHook
159 config:
160 appUserExternalSecret: *policyAppCredsSecret
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]161 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
ktimoneyb3aef7b2021-09-13 08:27:58 +0100[diff] [blame]162policy-gui:
amatthews736bf372021-12-14 16:04:15 +0000[diff] [blame]163 enabled: false
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]164 config:
165 jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]166
Krzysztof Opasiak98a79cc2020-04-01 22:33:58 +0200[diff] [blame]167#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]168# DB configuration defaults.
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]169#################################################################
jhhd4258672020-08-09 12:08:08 -0500[diff] [blame]170
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]171dbmigrator:
liamfalloncbb72812022-10-21 18:13:29 +0100[diff] [blame]172 image: onap/policy-db-migrator:2.5.1
jhhd74fe9f2021-04-15 11:04:39 -0500[diff] [blame]173 schema: policyadmin
174 policy_home: "/opt/app/policy"
175
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]176subChartsOnly:
177 enabled: true
BorislavG5f3b6192018-03-25 18:12:38 +0300[diff] [blame]178
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]179# flag to enable debugging - application support required
180debugEnabled: false
181
mayankg2703ced85142018-03-20 05:42:53 +0000[diff] [blame]182# default number of instances
183replicaCount: 1
184
185nodeSelector: {}
186
187affinity: {}
188
189# probe configuration parameters
190liveness:
191 initialDelaySeconds: 10
192 periodSeconds: 10
193 # necessary to disable liveness probe when setting breakpoints
194 # in debugger so K8s doesn't restart unresponsive container
195 enabled: true
196
197readiness:
198 initialDelaySeconds: 10
199 periodSeconds: 10
200
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]201
202config:
203 policyAppUserName: runtimeUser
Sirisha_Manchikanti73c5f002022-07-25 17:04:45 +0100[diff] [blame]204 useStrimziKafka: true
205 acRuntimeTopic:
206 name: policy-acruntime-participant
207 partitions: 10
208 retentionMs: 7200000
209 segmentBytes: 1073741824
210 consumer:
211 groupId: policy-group
212 policyPdpPapTopic:
213 name: policy-pdp-pap
214 partitions: 10
215 retentionMs: 7200000
216 segmentBytes: 1073741824
217 consumer:
218 groupId: policy-group
219 policyHeartbeatTopic:
220 name: policy-heartbeat
221 partitions: 10
222 retentionMs: 7200000
223 segmentBytes: 1073741824
224 consumer:
225 groupId: policy-group
226 policyNotificationTopic:
227 name: policy-notification
228 partitions: 10
229 retentionMs: 7200000
230 segmentBytes: 1073741824
231 consumer:
232 groupId: policy-group
Sirisha_Manchikantib402a592022-09-09 12:01:20 +0100[diff] [blame]233 someConfig: blah
saul.gill7124a4b2021-09-09 12:02:49 +0100[diff] [blame]234
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]235mariadb-galera:
236 # mariadb-galera.config and global.mariadb.config must be equals
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]237 db:
238 user: policy_user
239 # password:
240 externalSecret: *dbSecretName
241 name: &mysqlDbName policyadmin
242 rootUser:
243 externalSecret: *dbRootPassSecretName
244 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]245 # mariadb-galera.service and global.mariadb.service must be equals
246 service: *mariadbService
247 replicaCount: 1
248 persistence:
249 enabled: true
250 mountSubPath: policy/maria/data
Sylvain Desbureaux93a5b492020-11-27 11:07:42 +0100[diff] [blame]251 serviceAccount:
252 nameOverride: *policy-mariadb
Sylvain Desbureaux4898dc02019-11-14 13:35:13 +0100[diff] [blame]253
waynedunican368aced2022-02-15 08:27:57 +0000[diff] [blame]254postgresImage: library/postgres:latest
255# application configuration override for postgres
256postgres:
257 nameOverride: &postgresName policy-postgres
258 service:
259 name: *postgresName
260 name2: policy-pg-primary
261 name3: policy-pg-replica
262 container:
263 name:
264 primary: policy-pg-primary
265 replica: policy-pg-replica
266 persistence:
267 mountSubPath: policy/postgres/data
268 mountInitPath: policy
269 config:
270 pgUserName: policy_user
271 pgDatabase: policyadmin
272 pgUserExternalSecret: *pgUserCredsSecretName
273 pgRootPasswordExternalSecret: *pgRootPassSecretName
274
275readinessCheck:
276 wait_for:
277 - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
278
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]279restServer:
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]280 policyPapUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]281 policyPapUserPassword: zb!XztG34
adheli.tavaresf3656cd2021-11-10 14:54:32 +0000[diff] [blame]282 policyApiUserName: policyadmin
rameshiyer27ff176652021-09-21 15:19:05 +0100[diff] [blame]283 policyApiUserPassword: zb!XztG34
284
jhhbf8d8a92020-09-10 14:01:49 -0500[diff] [blame]285# Resource Limit flavor -By Default using small
286# Segregation for Different environment (small, large, or unlimited)
287flavor: small
288resources:
289 small:
290 limits:
291 cpu: 1
292 memory: 4Gi
293 requests:
294 cpu: 100m
295 memory: 1Gi
296 large:
297 limits:
298 cpu: 2
299 memory: 8Gi
300 requests:
301 cpu: 200m
302 memory: 2Gi
303 unlimited: {}
304
farida azmyc1178372021-04-11 12:55:33 +0200[diff] [blame]305#Pods Service Account
306serviceAccount:
307 nameOverride: policy
308 roles:
309 - read