kubernetes/policy/values.yaml

# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  mariadb:
    # '&mariadbConfig' means we "store" the values for  later use in the file
    # with '*mariadbConfig' pointer.
    config: &mariadbConfig
      mysqlDatabase: policyadmin
    service: &mariadbService
      name: &policy-mariadb policy-mariadb
      internalPort: 3306
  prometheusEnabled: false
  postgres:
    localCluster: false
    service:
      name: pgset
      name2: tcp-pgset-primary
      name3: tcp-pgset-replica
    container:
      name: postgres
  #Strimzi Kafka properties
  useStrimziKafka: true
  kafkaBootstrap: strimzi-kafka-bootstrap
  policyKafkaUser: policy-kafka-user
  kafkaTopics:
    acRuntimeTopic:
      name: policy.clamp-runtime-acm

#################################################################
# Secrets metaconfig
#################################################################
secrets:
  - uid: db-root-password
    name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
    type: password
    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
    password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
    policy: generate
  - uid: db-secret
    name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret'
    type: basicAuth
    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
    login: '{{ index .Values "mariadb-galera" "db" "user" }}'
    password: '{{ index .Values "mariadb-galera" "db" "password" }}'
    passwordPolicy: generate
  - uid: policy-app-user-creds
    name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
    login: '{{ .Values.config.policyAppUserName }}'
    password: '{{ .Values.config.policyAppUserPassword }}'
    passwordPolicy: generate
  - uid: policy-pap-user-creds
    name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}'
    login: '{{ .Values.restServer.policyPapUserName }}'
    password: '{{ .Values.restServer.policyPapUserPassword }}'
    passwordPolicy: required
  - uid: policy-api-user-creds
    name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}'
    login: '{{ .Values.restServer.policyApiUserName }}'
    password: '{{ .Values.restServer.policyApiUserPassword }}'
    passwordPolicy: required
  - uid: pg-root-pass
    name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
    type: password
    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
    password: '{{ .Values.postgres.config.pgRootpassword }}'
    policy: generate
  - uid: pg-user-creds
    name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
    type: basicAuth
    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
    login: '{{ .Values.postgres.config.pgUserName }}'
    password: '{{ .Values.postgres.config.pgUserPassword }}'
    passwordPolicy: generate

db: &dbSecretsHook
  credsExternalSecret: *dbSecretName

policy-api:
  enabled: true
  db: *dbSecretsHook
  restServer:
    apiUserExternalSecret: *policyApiCredsSecret
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-pap:
  enabled: true
  db: *dbSecretsHook
  restServer:
    papUserExternalSecret: *policyPapCredsSecret
    apiUserExternalSecret: *policyApiCredsSecret
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-xacml-pdp:
  enabled: true
  db: *dbSecretsHook
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-apex-pdp:
  enabled: true
  db: *dbSecretsHook
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
  enabled: true
  db: *dbSecretsHook
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-distribution:
  enabled: true
  db: *dbSecretsHook
policy-clamp-ac-k8s-ppnt:
  enabled: true
policy-clamp-ac-pf-ppnt:
  enabled: true
  restServer:
    apiUserExternalSecret: *policyApiCredsSecret
    papUserExternalSecret: *policyPapCredsSecret
policy-clamp-ac-http-ppnt:
  enabled: true
policy-clamp-ac-a1pms-ppnt:
  enabled: true
policy-clamp-ac-kserve-ppnt:
  enabled: true
policy-clamp-runtime-acm:
  enabled: true
  db: *dbSecretsHook
  config:
    appUserExternalSecret: *policyAppCredsSecret
policy-nexus:
  enabled: false
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
  enabled: false
  config:
    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'

#################################################################
# DB configuration defaults.
#################################################################

dbmigrator:
  image: onap/policy-db-migrator:2.6.1
  schema: policyadmin
  policy_home: "/opt/app/policy"

subChartsOnly:
  enabled: true

# flag to enable debugging - application support required
debugEnabled: false

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 10
  periodSeconds: 10


config:
  policyAppUserName: runtimeUser
  useStrimziKafka: true
  policyPdpPapTopic:
    name: policy-pdp-pap
    partitions: 10
    retentionMs: 7200000
    segmentBytes: 1073741824
    consumer:
      groupId: policy-group
  policyHeartbeatTopic:
    name: policy-heartbeat
    partitions: 10
    retentionMs: 7200000
    segmentBytes: 1073741824
    consumer:
      groupId: policy-group
  policyNotificationTopic:
    name: policy-notification
    partitions: 10
    retentionMs: 7200000
    segmentBytes: 1073741824
    consumer:
      groupId: policy-group
  someConfig: blah

mariadb-galera:
  # mariadb-galera.config and global.mariadb.config must be equals
  db:
    user: policy_user
    # password:
    externalSecret: *dbSecretName
    name: &mysqlDbName policyadmin
  rootUser:
    externalSecret: *dbRootPassSecretName
  nameOverride: *policy-mariadb
  # mariadb-galera.service and global.mariadb.service must be equals
  service: *mariadbService
  replicaCount: 1
  persistence:
    enabled: true
    mountSubPath: policy/maria/data
  serviceAccount:
    nameOverride: *policy-mariadb

postgresImage: library/postgres:latest
# application configuration override for postgres
postgres:
  nameOverride: &postgresName policy-postgres
  service:
    name: *postgresName
    name2: policy-pg-primary
    name3: policy-pg-replica
  container:
    name:
      primary: policy-pg-primary
      replica: policy-pg-replica
  persistence:
    mountSubPath: policy/postgres/data
    mountInitPath: policy
  config:
    pgUserName: policy_user
    pgDatabase: policyadmin
    pgUserExternalSecret: *pgUserCredsSecretName
    pgRootPasswordExternalSecret: *pgRootPassSecretName

readinessCheck:
  wait_for:
    - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'

restServer:
  policyPapUserName: policyadmin
  policyPapUserPassword: zb!XztG34
  policyApiUserName: policyadmin
  policyApiUserPassword: zb!XztG34

# Resource Limit flavor -By Default using small
# Segregation for Different environment (small, large, or unlimited)
flavor: small
resources:
  small:
    limits:
      cpu: 1
      memory: 4Gi
    requests:
      cpu: 100m
      memory: 1Gi
  large:
    limits:
      cpu: 2
      memory: 8Gi
    requests:
      cpu: 200m
      memory: 2Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: policy
  roles:
    - read