1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
################################################################################
# Copyright (c) 2020 Nordix Foundation. #
# Copyright © 2020 Samsung Electronics, Modifications #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# You may obtain a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
# Default values for Policy Management Service.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
persistence: {}
secrets:
- uid: controller-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
login: '{{ .Values.a1controller.user }}'
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
#################################################################
# AAF part
#################################################################
certInitializer:
nameOverride: a1p-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: a1p
fqi: a1p@a1p.onap.org
public_fqdn: a1p.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.a1p
aaf_add_config: |
echo "*** changing them into shell safe ones"
export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
cd {{ .Values.credsPath }}
keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
-storepass "${cadi_keystore_password_p12}" \
-keystore {{ .Values.fqi_namespace }}.p12
keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-storepass "${cadi_truststore_password}" \
-keystore {{ .Values.fqi_namespace }}.trust.jks
echo "*** save the generated passwords"
echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
replicaCount: 1
service:
type: NodePort
name: a1policymanagement
both_tls_and_plain: true
ports:
- name: api
port: 8433
plain_port: 8081
port_protocol: http
nodePort: '94'
# SDNC Credentials are used here
a1controller:
user: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
sdncLink: https://sdnc.onap:8443
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
# Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
# Example configuration:
#rics:
# - name: ric1
# link: http://ric1url.url.com:1111/
# managedElementIds:
# - kista1
# - kista2
# - name: ric2
# link: http://ric2url.url.com:2222/
# managedElementIds:
# - kista3
# - kista4
rics:
streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
liveness:
port: api
initialDelaySeconds: 60
periodSeconds: 10
readiness:
port: api
initialDelaySeconds: 60
periodSeconds: 10
#Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
cpu: 2
memory: 300Mi
requests:
cpu: 1
memory: 150Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
cpu: 2
memory: 4Gi
unlimited: {}
## Persist data to a persistent volume
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
volumeReclaimPolicy: Retain
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
#Pods Service Account
serviceAccount:
nameOverride: a1policymanagement
roles:
- read
|