1 files changed, 100 insertions, 37 deletions
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index dd80323216..3c8b1e9d90 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,4 +1,6 @@
 # Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,35 +40,73 @@ global:
   addTestingComponents: &testing false
 
   # ONAP Repository
-  # Uncomment the following to enable the use of a single docker
-  # repository but ONLY if your repository mirrors all ONAP
-  # docker images. This includes all images from dockerhub and
-  # any other repository that hosts images for ONAP components.
-  #repository: nexus3.onap.org:10001
+  # Four different repositories are used
+  # You can change individually these repositories to ones that will serve the
+  # right images. If credentials are needed for one of them, see below.
+  repository: nexus3.onap.org:10001
+  dockerHubRepository: &dockerHubRepository docker.io
+  elasticRepository: &elasticRepository docker.elastic.co
+  googleK8sRepository: k8s.gcr.io
+ 
+
+  #/!\ DEPRECATED /!\
+  # Legacy repositories which will be removed at the end of migration.
+  # Please don't use
+  loggingRepository: *elasticRepository
+  busyboxRepository: *dockerHubRepository
+
+  # Default credentials
+  # they're optional. If the target repository doesn't need them, comment them
   repositoryCred:
     user: docker
     password: docker
-  dockerHubRepository: docker.io
-
-  # readiness check - temporary repo until images migrated to nexus3
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.2.2
+  # If you want / need authentication on the repositories, please set
+  # Don't set them if the target repo is the same than others
+  # so id you've set repository to value `my.private.repo` and same for
+  # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+  # dockerHubCred.
+  # dockerHubCred:
+  #   user: myuser
+  #   password: mypassord
+  # elasticCred:
+  #   user: myuser
+  #   password: mypassord
+  # googleK8sCred:
+  #   user: myuser
+  #   password: mypassord
+
+
+  # common global images
+  # Busybox for simple shell manipulation
+  busyboxImage: busybox:1.32
 
   # curl image
   curlImage: curlimages/curl:7.69.1
 
-  # logging agent - temporary repo until images migrated to nexus3
-  loggingRepository: docker.elastic.co
+  # env substitution image
+  envsubstImage: dibi/envsubst:1
+
+  # generate htpasswd files image
+  # there's only latest image for htpasswd
+  htpasswdImage: xmartlabs/htpasswd:latest
+
+  # kubenretes client image
+  kubectlImage: bitnami/kubectl:1.19
+
+  # logging agent
+  loggingImage: beats/filebeat:5.5.0
 
-  # dockerHub main repository
-  dockerHubRepository: docker.io
+  # mariadb client image
+  mariadbImage: mariadb:10.1.48
 
-  # busybox repo and image
-  busyboxRepository: docker.io
-  busyboxImage: busybox:1.30
+  # nginx server image
+  nginxImage: bitnami/nginx:1.18-debian-10
 
-  # kubeclt image
-  kubectlImage: "bitnami/kubectl:1.15"
+  # postgreSQL client and server image
+  postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+  # readiness check image
+  readinessImage: onap/oom/readiness:3.0.1
 
   # image pull policy
   pullPolicy: Always
@@ -90,6 +130,11 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: false
 
+  # default password complexity
+  # available options: phrase, name, pin, basic, short, medium, long, maximum security
+  # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+  passwordStrength: long
+
   # configuration to set log level to all components (the one that are using
   # "common.log.level" to set this)
   # can be overrided per components by setting logConfiguration.logLevelOverride
@@ -100,8 +145,8 @@ global:
   ingress:
     enabled: false
     virtualhost:
-        enabled: true
-        baseurl: "simpledemo.onap.org"
+      enabled: true
+      baseurl: "simpledemo.onap.org"
 
   # Global Service Mesh configuration
   # POC Mode, don't use it in production
@@ -117,12 +162,12 @@ global:
 
   # Enabling CMPv2
   cmpv2Enabled: true
-  aaf:
+  platform:
     certServiceClient:
-      image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
       secret:
-        name: aaf-cert-service-client-tls-secret
-        mountPath: /etc/onap/aaf/certservice/certs/
+        name: oom-cert-service-client-tls-secret
+        mountPath: /etc/onap/oom/certservice/certs/
       envVariables:
         # Certificate related
         cmpv2Organization: "Linux-Foundation"
@@ -132,13 +177,19 @@ global:
         cmpv2Country: "US"
         # Client configuration related
         caName: "RA"
-        requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+        requestURL: "https://oom-cert-service:8443/v1/certificate/"
         requestTimeout: "30000"
-        keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+        outputType: "P12"
         keystorePassword: "secret"
-        truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
         truststorePassword: "secret"
 
+  # Indicates offline deployment build
+  # Set to true if you are rendering helm charts for offline deployment
+  # Otherwise keep it disabled
+  offlineDeploymentBuild: false
+
   # TLS
   # Set to false if you want to disable TLS for NodePorts. Be aware that this
   # will loosen your security.
@@ -150,13 +201,12 @@ global:
   # default
   centralizedLoggingEnabled: &centralizedLogging false
 
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-#   tlsOverride: false
+  # Example of specific for the components where you want to disable TLS only for
+  # it:
+  # if set this element will force or not tls even if global.serviceMesh.tls and
+  # global.tlsEnabled is set otherwise.
+  # robot:
+  #   tlsOverride: false
 
   # Global storage configuration
   #    Set to "-" for default, or with the name of the storage class
@@ -221,8 +271,6 @@ dcaegen2:
   enabled: false
 dcaemod:
   enabled: false
-pnda:
-  enabled: false
 dmaap:
   enabled: false
 esr:
@@ -289,6 +337,12 @@ so:
     openStackServiceTenantName: "service"
     openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
 
+  # in order to enable static password for so-monitoring uncomment:
+  # so-monitoring:
+  #   server:
+  #     monitoring:
+  #       password: demo123456!
+
   # configure embedded mariadb
   mariadb:
     config:
@@ -303,3 +357,12 @@ vnfsdk:
   enabled: false
 modeling:
   enabled: false
+platform:
+  enabled: false
+a1policymanagement:
+  enabled: false
+
+cert-wrapper:
+  enabled: true
+repository-wrapper:
+  enabled: true