# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs aafEnabled: true mariadbGalera: #This flag allows SO to instantiate its own mariadb-galera cluster #If shared instance is used, this chart assumes that DB already exists localCluster: false service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera # Enabling CMPv2 with CertManager CMPv2CertManagerIntegration: false ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: db-root-password name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password' type: password # If we're using shared mariadb, we need to use the secret name (second # part). # If not, we do the same trick than for user db secret hat allows you # override this secret using external one with the same field that is used # to pass this to subchart. externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' type: basicAuth # This is a nasty trick that allows you override this secret using external one # with the same field that is used to pass this to subchart externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) | ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}' login: '{{ index .Values "mariadb-galera" "db" "user" }}' password: '{{ index .Values "mariadb-galera" "db" "password" }}' - uid: odl-creds name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' type: basicAuth externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' login: '{{ .Values.config.odlUser }}' password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - uid: dmaap-proxy-creds name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds' type: basicAuth externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}' login: '{{ .Values.config.sdnr.dmaapProxy.user }}' password: '{{ .Values.config.sdnr.dmaapProxy.password }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - uid: netbox-apikey type: password externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' password: '{{ .Values.config.netboxApikey }}' passwordPolicy: required - uid: aai-truststore-password type: password externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}' password: '{{ .Values.config.aaiTruststorePassword }}' passwordPolicy: required - uid: ansible-truststore-password type: password externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}' password: '{{ .Values.config.ansibleTruststorePassword }}' passwordPolicy: required - uid: truststore-password type: password externalSecret: '{{ .Values.config.truststoreExternalSecret }}' password: '{{ .Values.config.truststorePassword }}' passwordPolicy: required - uid: keystore-password type: password externalSecret: '{{ .Values.config.keystoreExternalSecret }}' password: '{{ .Values.config.keystorePassword }}' passwordPolicy: required - uid: dmaap-authkey type: password externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}' password: '{{ .Values.config.dmaapAuthKey }}' passwordPolicy: required - uid: aai-user-creds type: basicAuth externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' login: '{{ .Values.config.aaiUser }}' password: '{{ .Values.config.aaiPassword }}' passwordPolicy: required - uid: so-user-creds type: basicAuth externalSecret: '{{ .Values.config.soCredsExternalSecret}}' login: '{{ .Values.config.soUser }}' password: '{{ .Values.config.soPassword }}' passwordPolicy: required - uid: neng-user-creds type: basicAuth externalSecret: '{{ .Values.config.nengCredsExternalSecret}}' login: '{{ .Values.config.nengUser }}' password: '{{ .Values.config.nengPassword }}' passwordPolicy: required - uid: cds-user-creds type: basicAuth externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}' login: '{{ .Values.config.cdsUser }}' password: '{{ .Values.config.cdsPassword }}' passwordPolicy: required - uid: honeycomb-user-creds type: basicAuth externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}' login: '{{ .Values.config.honeycombUser }}' password: '{{ .Values.config.honeycombPassword }}' passwordPolicy: required - uid: dmaap-user-creds type: basicAuth externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}' login: '{{ .Values.config.dmaapUser }}' password: '{{ .Values.config.dmaapPassword }}' passwordPolicy: required - uid: modeling-user-creds type: basicAuth externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' login: '{{ .Values.config.modelingUser }}' password: '{{ .Values.config.modelingPassword }}' passwordPolicy: required - uid: restconf-creds type: basicAuth externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' login: '{{ .Values.config.restconfUser }}' password: '{{ .Values.config.restconfPassword }}' passwordPolicy: required - uid: ansible-creds name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' type: basicAuth externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' login: '{{ .Values.config.ansibleUser }}' password: '{{ .Values.config.ansiblePassword }}' passwordPolicy: required - uid: scaleout-creds type: basicAuth externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required - uid: oauth-token-secret type: password externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' password: '{{ .Values.config.sdnr.oauth.tokenSecret }}' passwordPolicy: required - uid: keycloak-secret type: password externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}' passwordPolicy: required ################################################################# # Certificates ################################################################# certificates: - mountPath: /var/custom-certs commonName: sdnc.simpledemo.onap.org dnsNames: - sdnc.simpledemo.onap.org keystore: outputType: - jks passwordSecretRef: create: true name: sdnc-cmpv2-keystore-password key: password issuer: group: certmanager.onap.org kind: CMPv2Issuer name: cmpv2-issuer-onap ################################################################# # Application configuration defaults. ################################################################# # application images pullPolicy: Always image: onap/sdnc-image:2.1.6 # flag to enable debugging - application support required debugEnabled: false # application configuration config: odlUid: 100 odlGid: 101 odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U # odlCredsExternalSecret: some secret netboxApikey: onceuponatimeiplayedwithnetbox20180814 # netboxApikeyExternalSecret: some secret aaiTruststorePassword: changeit # aaiTruststoreExternalSecret: some secret ansibleTruststorePassword: changeit # ansibleTruststoreExternalSecret: some secret truststorePassword: adminadmin # truststoreExternalSecret: some secret keystorePassword: adminadmin # keystoreExternalSecret: some secret aaiUser: sdnc@sdnc.onap.org aaiPassword: demo123456! # aaiCredsExternalSecret: some secret soUser: sdncaBpmn soPassword: password1$ # soCredsExternalSecret: some secret nengUser: ccsdkapps nengPassword: ccsdkapps # nengCredsExternalSecret: some secret cdsUser: ccsdkapps cdsPassword: ccsdkapps # cdsCredsExternalSecret: some secret honeycombUser: admin honeycombPassword: admin # honeycombCredsExternalSecret: some secret dmaapUser: admin dmaapPassword: admin dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs=" # dmaapCredsExternalSecret: some secret # dmaapAuthKeyExternalSecret: some secret modelingUser: ccsdkapps modelingPassword: ccsdkapps # modelingCredsExternalSecret: some secret restconfUser: admin restconfPassword: admin # restconfCredsExternalSecret: some secret scaleoutUser: admin scaleoutPassword: admin # scaleoutExternalSecret: some secret ansibleUser: sdnc ansiblePassword: sdnc # ansibleCredsExternalSecret: some secret dbSdnctlDatabase: &sdncDbName sdnctl enableClustering: true sdncHome: /opt/onap/sdnc binDir: /opt/onap/sdnc/bin etcDir: /opt/onap/sdnc/data geoEnabled: false # if geoEnabled is set to true here, mysql.geoEnabled must be set to true # if geoEnabled is set to true the following 3 values must be set to their proper values myODLCluster: 127.0.0.1 peerODLCluster: 127.0.0.1 isPrimaryCluster: true configDir: /opt/onap/sdnc/data/properties ccsdkConfigDir: /opt/onap/ccsdk/data/properties dmaapTopic: SUCCESS dmaapPort: 3904 logstashServiceName: log-ls logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config salConfigVersion: 1.10.4 akka: seedNodeTimeout: 15s circuitBreaker: maxFailures: 10 callTimeout: 90s resetTimeout: 30s recoveryEventTimeout: 90s datastore: persistentActorRestartMinBackoffInSeconds: 10 persistentActorRestartMaxBackoffInSeconds: 40 persistentActorRestartResetBackoffInSeconds: 20 shardTransactionCommitTimeoutInSeconds: 120 shardIsolatedLeaderCheckIntervalInMillis: 30000 operationTimeoutInSeconds: 120 javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 numberGCLogFiles: 10 minMemory: 512m maxMemory: 2048m gcLogOptions: "" # Next line enables gc logging # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" # enables sdnr functionality sdnr: enabled: true # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), # mode: dm - SDNC contains sdnr device manager + ODLUX components mode: dm # sdnronly: true starts sdnc container with odl and sdnrwt features only sdnronly: false sdnrdbTrustAllCerts: true mountpointRegistrarEnabled: false mountpointStateProviderEnabled: false netconfCallHome: enabled: true # # enable and set dmaap-proxy for mountpointRegistrar dmaapProxy: enabled: false usepwd: true user: addUserHere password: addPasswordHere url: addProxyUrlHere oauth: enabled: false tokenIssuer: ONAP SDNC tokenSecret: secret supportOdlusers: true redirectUri: null publicUrl: none odluxRbac: enabled: true # example definition for a oauth provider providersSecrets: keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46 providers: - id: keycloak type: KEYCLOAK host: http://keycloak:8080 clientId: odlux.app secret: ${KEYCLOAK_SECRET} scope: openid title: ONAP Keycloak Provider roleMapping: mykeycloak: admin # dependency / sub-chart configuration certInitializer: nameOverride: sdnc-cert-initializer truststoreMountpath: /opt/onap/sdnc/data/stores fqdn: "sdnc" app_ns: "org.osaaf.aaf" fqi: "sdnc@sdnc.onap.org" fqi_namespace: org.onap.sdnc public_fqdn: "sdnc.onap.org" aafDeployFqi: "deployer@people.osaaf.org" aafDeployPass: demo123456! cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local aaf_add_config: > cd /opt/app/osaaf/local; /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 # dependency / sub-chart configuration network-name-gen: enabled: true mariadb-galera: &mariadbGalera nameOverride: &sdnc-db sdnc-db config: &mariadbGaleraConfig rootPasswordExternalSecret: *rootDbSecret userName: &dbUser sdnctl userCredentialsExternalSecret: *dbSecretName rootUser: externalSecret: *rootDbSecret db: user: *dbUser externalSecret: *dbSecretName service: name: sdnc-dbhost sdnctlPrefix: sdnc persistence: mountSubPath: sdnc/mariadb-galera enabled: true replicaCount: 1 serviceAccount: nameOverride: *sdnc-db cds: enabled: false dmaap-listener: enabled: true nameOverride: sdnc-dmaap-listener mariadb-galera: <<: *mariadbGalera config: <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName config: sdncChartName: sdnc dmaapPort: 3904 sdncPort: 8282 configDir: /opt/onap/sdnc/data/properties odlCredsExternalSecret: *odlCredsSecretName ueb-listener: enabled: true mariadb-galera: <<: *mariadbGalera config: <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: sdncPort: 8282 sdncChartName: sdnc configDir: /opt/onap/sdnc/data/properties odlCredsExternalSecret: *odlCredsSecretName sdnc-ansible-server: enabled: true config: restCredsExternalSecret: *ansibleSecretName mariadb-galera: <<: *mariadbGalera config: <<: *mariadbGaleraConfig mysqlDatabase: ansible service: name: sdnc-ansible-server internalPort: 8000 dgbuilder: enabled: true nameOverride: sdnc-dgbuilder certInitializer: nameOverride: sdnc-dgbuilder-cert-initializer config: db: dbName: *sdncDbName rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) }}' userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 serviceAccount: nameOverride: sdnc-dgbuilder mariadb-galera: service: name: sdnc-dgbuilder nodePort: "03" ingress: enabled: false service: - baseaddr: "sdnc-dgbuilder" name: "sdnc-dgbuilder" port: 3000 - baseaddr: "sdnc-web-service" name: "sdnc-web-service" port: 8443 config: ssl: "redirect" # local elasticsearch cluster localElasticCluster: true elasticsearch: nameOverride: &elasticSearchName sdnrdb name: sdnrdb-cluster certInitializer: fqdn: "sdnc" fqi_namespace: org.onap.sdnc fqi: "sdnc@sdnc.onap.org" service: name: *elasticSearchName master: replicaCount: 3 # dedicatednode: "yes" # working as master node only, in this case increase replicaCount for elasticsearch-data # dedicatednode: "no" # handles master and data node functionality dedicatednode: "no" nameOverride: *elasticSearchName cluster_name: sdnrdb-cluster # enable sdnc-web: enabled: true # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 10 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 service: type: NodePort name: sdnc portName: sdnc internalPort: 8181 internalPort2: 8101 internalPort3: 8080 internalPort4: 8443 #port externalPort: 8282 externalPort2: 8202 externalPort3: 8280 externalPort4: 8443 nodePort4: 67 clusterPort: 2550 clusterPort2: 2650 clusterPort3: 2681 geoNodePort1: 61 geoNodePort2: 62 geoNodePort3: 63 geoNodePort4: 64 geoNodePort5: 65 geoNodePort6: 66 callHomePort: 6666 callHomeNodePort: 66 ## Persist data to a persitent volume persistence: enabled: true ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: volumeReclaimPolicy: Retain ## database data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) accessMode: ReadWriteOnce size: 1Gi mountPath: /dockerdata-nfs mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/mdsal daeximPath: /opt/opendaylight/mdsal/daexim journalPath: /opt/opendaylight/journal snapshotsPath: /opt/opendaylight/snapshots certpersistence: enabled: true ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: volumeReclaimPolicy: Retain accessMode: ReadWriteOnce size: 50Mi mountPath: /dockerdata-nfs mountSubPath: sdnc/certs certPath: /opt/app/osaaf ##storageClass: "manual" ingress: enabled: false service: - baseaddr: "sdnc.api" name: "sdnc" port: 8443 config: ssl: "redirect" #Resource Limit flavor -By Default using small flavor: small #segregation for different envionment (Small and Large) resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 1 memory: 2Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {}