Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 1 | # Copyright (c) 2019 IBM, Bell Canada |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 2 | # Copyright (c) 2020 Samsung Electronics |
efiacor | ecbae13 | 2022-03-04 15:01:30 +0000 | [diff] [blame] | 3 | # Modification Copyright © 2022 Nordix Foundation |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 4 | # |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | |
| 17 | ################################################################# |
| 18 | # Global configuration defaults. |
| 19 | ################################################################# |
| 20 | global: |
| 21 | # Change to an unused port prefix range to prevent port conflicts |
| 22 | # with other instances running within the same k8s cluster |
Oleg Mitsura | 0197bf1 | 2019-05-03 15:03:55 -0400 | [diff] [blame] | 23 | nodePortPrefixExt: 304 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 24 | |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 25 | # image pull policy |
| 26 | pullPolicy: Always |
| 27 | |
| 28 | persistence: |
| 29 | mountPath: /dockerdata-nfs |
| 30 | |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 31 | # This configuration specifies Service and port for SDNC OAM interface |
Konrad Bańka | e332b24 | 2020-04-06 13:30:06 +0200 | [diff] [blame] | 32 | sdncOamService: sdnc-oam |
| 33 | sdncOamPort: 8282 |
| 34 | |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 35 | # This concerns CDS/AAI communication through HTTP when TLS is not being needed |
| 36 | # Port value should match the one in aai/values.yml : service.externalPlainPort |
| 37 | aaiData: |
| 38 | ExternalPlainPort: 80 # when TLS is not needed |
| 39 | ServiceName: aai # domain |
| 40 | # http://aai:80 or https://aai:443 |
| 41 | |
Abdelmuhaimen Seaudi | 2b55c44 | 2021-09-19 09:02:22 +0000 | [diff] [blame] | 42 | #AAF is enabled by default |
| 43 | #aafEnabled: true |
| 44 | |
| 45 | #enable importCustomCerts to add custom CA to blueprint processor pod |
| 46 | #importCustomCertsEnabled: true |
| 47 | |
| 48 | #use below configmap to add custom CA certificates |
| 49 | #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod |
| 50 | #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod |
| 51 | #customCertsConfigMap: onap-cds-blueprints-processor-configmap |
| 52 | |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 53 | ################################################################# |
| 54 | # Secrets metaconfig |
| 55 | ################################################################# |
| 56 | secrets: |
| 57 | - uid: 'cds-db-user-creds' |
| 58 | type: basicAuth |
| 59 | externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}' |
| 60 | login: '{{ .Values.config.cdsDB.dbUser }}' |
| 61 | password: '{{ .Values.config.cdsDB.dbPassword }}' |
| 62 | passwordPolicy: required |
Konrad Bańka | 031bdb7 | 2020-05-14 16:56:39 +0200 | [diff] [blame] | 63 | - uid: 'sdnc-db-root-pass' |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 64 | type: password |
Konrad Bańka | 031bdb7 | 2020-05-14 16:56:39 +0200 | [diff] [blame] | 65 | externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}' |
| 66 | password: '{{ .Values.config.sdncDB.dbRootPass }}' |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 67 | passwordPolicy: required |
efiacor | ecbae13 | 2022-03-04 15:01:30 +0000 | [diff] [blame] | 68 | - uid: cds-kafka-secret |
| 69 | externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' |
| 70 | type: genericKV |
| 71 | envs: |
| 72 | - name: password |
| 73 | value: '{{ .Values.config.someConfig }}' |
| 74 | policy: generate |
Michal Jagiello | 2cef564 | 2022-06-27 10:08:41 +0000 | [diff] [blame] | 75 | - uid: cps-creds |
| 76 | type: basicAuth |
| 77 | externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}' |
| 78 | login: '{{ .Values.config.cps.cpsUsername }}' |
| 79 | password: '{{ .Values.config.cps.cpsPassword }}' |
| 80 | passwordPolicy: required |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 81 | |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 82 | ################################################################# |
Abdelmuhaimen Seaudi | 822eb09 | 2021-09-04 11:08:36 +0200 | [diff] [blame] | 83 | # AAF part |
| 84 | ################################################################# |
| 85 | certInitializer: |
Abdelmuhaimen Seaudi | 2b55c44 | 2021-09-19 09:02:22 +0000 | [diff] [blame] | 86 | nameOverride: cds-blueprints-processor-cert-initializer |
Abdelmuhaimen Seaudi | 822eb09 | 2021-09-04 11:08:36 +0200 | [diff] [blame] | 87 | aafDeployFqi: deployer@people.osaaf.org |
| 88 | aafDeployPass: demo123456! |
| 89 | # aafDeployCredsExternalSecret: some secret |
| 90 | fqdn: sdnc-cds |
| 91 | fqi: sdnc-cds@sdnc-cds.onap.org |
| 92 | public_fqdn: sdnc-cds.onap.org |
| 93 | cadi_longitude: "0.0" |
| 94 | cadi_latitude: "0.0" |
| 95 | app_ns: org.osaaf.aaf |
| 96 | credsPath: /opt/app/osaaf/local |
| 97 | fqi_namespace: org.onap.sdnc-cds |
Abdelmuhaimen Seaudi | 2b55c44 | 2021-09-19 09:02:22 +0000 | [diff] [blame] | 98 | #enable below if we need custom CA to be added to blueprint processor pod |
| 99 | #importCustomCertsEnabled: true |
| 100 | #truststoreMountpath: /opt/onap/cds |
| 101 | #truststoreOutputFileName: truststoreONAPall.jks |
Abdelmuhaimen Seaudi | 822eb09 | 2021-09-04 11:08:36 +0200 | [diff] [blame] | 102 | aaf_add_config: > |
| 103 | /opt/app/aaf_config/bin/agent.sh; |
| 104 | /opt/app/aaf_config/bin/agent.sh local showpass |
| 105 | {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop |
| 106 | |
| 107 | ################################################################# |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 108 | # Application configuration defaults. |
| 109 | ################################################################# |
| 110 | # application image |
Timoney, Dan (dt5972) | 473cf94 | 2022-10-28 11:46:35 -0400 | [diff] [blame] | 111 | image: onap/ccsdk-blueprintsprocessor:1.4.1 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 112 | pullPolicy: Always |
| 113 | |
| 114 | # flag to enable debugging - application support required |
| 115 | debugEnabled: false |
| 116 | |
| 117 | # application configuration |
| 118 | config: |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 119 | appConfigDir: /opt/app/onap/config |
Konrad Bańka | 031bdb7 | 2020-05-14 16:56:39 +0200 | [diff] [blame] | 120 | sdncDB: |
| 121 | dbService: mariadb-galera |
| 122 | dbPort: 3306 |
| 123 | dbName: sdnctl |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 124 | # dbRootPass: Custom root password |
Konrad Bańka | 031bdb7 | 2020-05-14 16:56:39 +0200 | [diff] [blame] | 125 | dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}' |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 126 | cdsDB: |
| 127 | dbServer: cds-db |
| 128 | dbPort: 3306 |
| 129 | dbName: sdnctl |
Sylvain Desbureaux | 503b229 | 2020-11-21 22:29:17 +0100 | [diff] [blame] | 130 | dbUser: sdnctl |
| 131 | dbPassword: sdnctl |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 132 | # dbCredsExternalSecret: <some secret name> |
| 133 | # dbRootPassword: password |
| 134 | # dbRootPassExternalSecret |
efiacor | ecbae13 | 2022-03-04 15:01:30 +0000 | [diff] [blame] | 135 | someConfig: blah |
Michal Jagiello | 2cef564 | 2022-06-27 10:08:41 +0000 | [diff] [blame] | 136 | cps: |
| 137 | cpsUsername: '' |
| 138 | cpsPassword: '' |
| 139 | cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds' |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 140 | |
| 141 | # default number of instances |
Jozsef Csongvai | 08515b7 | 2021-04-28 17:04:57 -0400 | [diff] [blame] | 142 | replicaCount: 1 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 143 | |
| 144 | nodeSelector: {} |
| 145 | |
| 146 | affinity: {} |
| 147 | |
efiacor | ecbae13 | 2022-03-04 15:01:30 +0000 | [diff] [blame] | 148 | # If useStrimziKafka is true, the following also applies: |
| 149 | # strimzi will create an associated kafka user and the topics defined for Request and Audit elements below. |
| 150 | # The connection type must be kafka-scram-plain-text-auth |
| 151 | # The bootstrapServers will target the strimzi kafka cluster by default |
| 152 | useStrimziKafka: false |
| 153 | cdsKafkaUser: cds-kafka-user |
Prathamesh Morde | 93da127 | 2019-06-24 10:36:15 -0400 | [diff] [blame] | 154 | |
efiacor | ecbae13 | 2022-03-04 15:01:30 +0000 | [diff] [blame] | 155 | kafkaRequestConsumer: |
| 156 | enabled: false |
| 157 | type: kafka-scram-plain-text-auth |
| 158 | bootstrapServers: host:port |
| 159 | groupId: cds-consumer |
| 160 | topic: cds.blueprint-processor.self-service-api.request |
| 161 | clientId: request-receiver-client-id |
| 162 | pollMillSec: 1000 |
| 163 | kafkaRequestProducer: |
| 164 | type: kafka-scram-plain-text-auth |
| 165 | bootstrapServers: host:port |
| 166 | clientId: request-producer-client-id |
| 167 | topic: cds.blueprint-processor.self-service-api.response |
| 168 | enableIdempotence: false |
| 169 | kafkaAuditRequest: |
| 170 | enabled: false |
| 171 | type: kafka-scram-plain-text-auth |
| 172 | bootstrapServers: host:port |
| 173 | clientId: audit-request-producer-client-id |
| 174 | topic: cds.blueprint-processor.self-service-api.audit.request |
| 175 | enableIdempotence: false |
| 176 | kafkaAuditResponse: |
| 177 | type: kafka-scram-plain-text-auth |
| 178 | bootstrapServers: host:port |
| 179 | clientId: audit-response-producer-client-id |
| 180 | topic: cds.blueprint-processor.self-service-api.audit.response |
| 181 | enableIdempotence: false |
Krzysztof Opasiak | 32f9aaa | 2020-02-06 23:05:15 +0100 | [diff] [blame] | 182 | |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 183 | # probe configuration parameters |
Jozsef Csongvai | 08515b7 | 2021-04-28 17:04:57 -0400 | [diff] [blame] | 184 | startup: |
| 185 | initialDelaySeconds: 10 |
| 186 | failureThreshold: 30 |
| 187 | periodSeconds: 10 |
| 188 | |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 189 | liveness: |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 190 | initialDelaySeconds: 1 |
Oleg Mitsura | 3a62118 | 2019-10-09 12:40:11 -0400 | [diff] [blame] | 191 | periodSeconds: 20 |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 192 | timeoutSeconds: 30 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 193 | # necessary to disable liveness probe when setting breakpoints |
| 194 | # in debugger so K8s doesn't restart unresponsive container |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 195 | enabled: false |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 196 | |
| 197 | readiness: |
Yang Xu | 435062b | 2019-06-17 01:19:37 -0400 | [diff] [blame] | 198 | initialDelaySeconds: 120 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 199 | periodSeconds: 10 |
Oleg Mitsura | 3a62118 | 2019-10-09 12:40:11 -0400 | [diff] [blame] | 200 | timeoutSeconds: 20 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 201 | |
| 202 | service: |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 203 | http: |
gummar | c7bd0e2 | 2020-03-05 18:57:12 +0000 | [diff] [blame] | 204 | type: ClusterIP |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 205 | portName: http |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 206 | internalPort: 8080 |
| 207 | externalPort: 8080 |
| 208 | grpc: |
Oleg Mitsura | 0197bf1 | 2019-05-03 15:03:55 -0400 | [diff] [blame] | 209 | type: ClusterIP |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 210 | portName: grpc |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 211 | internalPort: 9111 |
| 212 | externalPort: 9111 |
Sebastien Premont-Tendland | b679d7b | 2020-02-17 11:32:15 -0500 | [diff] [blame] | 213 | cluster: |
| 214 | type: ClusterIP |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 215 | portName: tcp-cluster |
Sebastien Premont-Tendland | b679d7b | 2020-02-17 11:32:15 -0500 | [diff] [blame] | 216 | internalPort: 5701 |
| 217 | externalPort: 5701 |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 218 | |
| 219 | persistence: |
Alexis de Talhouët | 108e28f | 2019-04-14 18:54:56 -0400 | [diff] [blame] | 220 | volumeReclaimPolicy: Retain |
| 221 | accessMode: ReadWriteMany |
| 222 | size: 2Gi |
| 223 | enabled: true |
| 224 | mountSubPath: cds/blueprints/deploy |
| 225 | deployedBlueprint: /opt/app/onap/blueprints/deploy |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 226 | |
Sebastien Premont-Tendland | b679d7b | 2020-02-17 11:32:15 -0500 | [diff] [blame] | 227 | cluster: |
| 228 | # Cannot have cluster enabled if the replicaCount is not at least 3 |
Jozsef Csongvai | 08515b7 | 2021-04-28 17:04:57 -0400 | [diff] [blame] | 229 | enabled: false |
Sebastien Premont-Tendland | b679d7b | 2020-02-17 11:32:15 -0500 | [diff] [blame] | 230 | |
| 231 | clusterName: cds-cluster |
| 232 | |
| 233 | # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be |
| 234 | # between 3 and 7 only. |
| 235 | groupSize: 3 |
| 236 | |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 237 | ingress: |
| 238 | enabled: false |
Lucjan Bryndza | 33315d4 | 2019-11-27 14:07:58 +0100 | [diff] [blame] | 239 | service: |
Andreas Geissler | 51900a9 | 2022-08-03 13:10:35 +0200 | [diff] [blame] | 240 | - baseaddr: "cds-blueprintsprocessor-api" |
Lucjan Bryndza | 6174db4 | 2020-07-09 09:00:20 +0000 | [diff] [blame] | 241 | name: "cds-blueprints-processor-http" |
Lucjan Bryndza | 33315d4 | 2019-11-27 14:07:58 +0100 | [diff] [blame] | 242 | port: 8080 |
Andreas Geissler | 4ee97a9 | 2022-04-29 13:01:14 +0200 | [diff] [blame] | 243 | config: |
| 244 | ssl: "none" |
Steve Alphonse Siani | a1b6b0e | 2019-01-25 15:23:58 -0500 | [diff] [blame] | 245 | |
Dominik Mizyn | dd285d3 | 2020-08-21 13:10:11 +0200 | [diff] [blame] | 246 | logback: |
| 247 | rootLogLevel: INFO |
| 248 | logger: |
| 249 | springframework: INFO |
| 250 | springframeworkWeb: INFO |
| 251 | springframeworkSecurityWebauthentication: INFO |
| 252 | hibernate: INFO |
| 253 | onapCcsdkCds: INFO |
| 254 | |
Dan Timoney | 6cc07e0 | 2020-09-23 08:52:47 -0400 | [diff] [blame] | 255 | flavor: small |
| 256 | |
| 257 | resources: |
| 258 | small: |
| 259 | limits: |
| 260 | cpu: 2 |
| 261 | memory: 4Gi |
| 262 | requests: |
| 263 | cpu: 1 |
| 264 | memory: 1Gi |
| 265 | large: |
| 266 | limits: |
| 267 | cpu: 4 |
| 268 | memory: 8Gi |
| 269 | requests: |
| 270 | cpu: 2 |
| 271 | memory: 4Gi |
| 272 | unlimited: {} |
farida azmy | ffad032 | 2021-04-09 14:18:14 +0200 | [diff] [blame] | 273 | |
| 274 | #Pods Service Account |
| 275 | serviceAccount: |
| 276 | nameOverride: cds-blueprints-processor |
| 277 | roles: |
| 278 | - read |
Kavitha P | 1a78f2f | 2021-08-25 16:40:38 +0530 | [diff] [blame] | 279 | |
| 280 | # workflow store flag |
| 281 | workflow: |
| 282 | storeEnabled: false |