################################################################################ # Copyright (c) 2020 Nordix Foundation. # # Copyright © 2020 Samsung Electronics, Modifications # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # # You may obtain a copy of the License at # # # # http://www.apache.org/licenses/LICENSE-2.0 # # # # Unless required by applicable law or agreed to in writing, software # # distributed under the License is distributed on an "AS IS" BASIS, # # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # ################################################################################ # Default values for Policy Management Service. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: nodePortPrefix: 302 persistence: {} secrets: - uid: controller-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}' login: '{{ .Values.a1controller.user }}' password: '{{ .Values.a1controller.password }}' passwordPolicy: required ################################################################# # AAF part ################################################################# certInitializer: nameOverride: a1p-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: a1p fqi: a1p@a1p.onap.org public_fqdn: a1p.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.a1p aaf_add_config: | echo "*** changing them into shell safe ones" export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks echo "*** save the generated passwords" echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 . image: onap/ccsdk-oran-a1policymanagementservice:1.3.2 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent replicaCount: 1 service: type: NodePort name: a1policymanagement both_tls_and_plain: true ports: - name: api port: 8433 plain_port: 8081 port_protocol: http nodePort: '94' # SDNC Credentials are used here a1controller: user: admin password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U sdncLink: https://sdnc.onap:8443 sdncLinkHttp: http://sdnc.onap:8282 # The information about A1-Mediator/RICs can be added here. # The A1 policy management service supports both STD & OSC versions. # Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination. # Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface # Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep # Example configuration: #rics: # - name: ric1 # link: http://ric1url.url.com:1111/ # managedElementIds: # - kista1 # - kista2 # - name: ric2 # link: http://ric2url.url.com:2222/ # managedElementIds: # - kista3 # - kista4 rics: streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100 liveness: port: api initialDelaySeconds: 60 periodSeconds: 10 readiness: port: api initialDelaySeconds: 60 periodSeconds: 10 #Resource Limit flavor -By Default using small flavor: small resources: small: limits: cpu: 2 memory: 300Mi requests: cpu: 1 memory: 150Mi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {} ## Persist data to a persistent volume persistence: enabled: true ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: volumeReclaimPolicy: Retain ## database data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs mountSubPath: nonrtric/policymanagementservice #Pods Service Account serviceAccount: nameOverride: a1policymanagement roles: - read