summaryrefslogtreecommitdiffstats
path: root/kubernetes/onap/values.yaml
blob: a8b44e3773771c2002113cd71942881288d643cd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020-2021 Nokia
# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
  # Change to an unused port prefix range to prevent port conflicts
  # with other instances running within the same k8s cluster
  nodePortPrefix: 302
  nodePortPrefixExt: 304


  # Install test components
  # test components are out of the scope of ONAP but allow to have a entire
  # environment to test the different features of ONAP
  # Current tests environments provided:
  #  - netbox (needed for CDS IPAM)
  #  - AWX (needed for XXX)
  #  - EJBCA Server (needed for CMPv2 tests)
  # Today, "contrib" chart that hosting these components must also be enabled
  # in order to make it work. So `contrib.enabled` must have the same value than
  # addTestingComponents
  addTestingComponents: &testing false

  # ONAP Repository
  # Four different repositories are used
  # You can change individually these repositories to ones that will serve the
  # right images. If credentials are needed for one of them, see below.
  repository: nexus3.onap.org:10001
  dockerHubRepository: &dockerHubRepository docker.io
  elasticRepository: &elasticRepository docker.elastic.co
  quayRepository: quay.io
  googleK8sRepository: k8s.gcr.io
  githubContainerRegistry: ghcr.io

  #/!\ DEPRECATED /!\
  # Legacy repositories which will be removed at the end of migration.
  # Please don't use
  loggingRepository: *elasticRepository
  busyboxRepository: *dockerHubRepository

  # Default credentials
  # they're optional. If the target repository doesn't need them, comment them
  repositoryCred:
    user: docker
    password: docker
  # If you want / need authentication on the repositories, please set
  # Don't set them if the target repo is the same than others
  # so id you've set repository to value `my.private.repo` and same for
  # dockerHubRepository, you'll have to configure only repository (exclusive) OR
  # dockerHubCred.
  # dockerHubCred:
  #   user: myuser
  #   password: mypassord
  # elasticCred:
  #   user: myuser
  #   password: mypassord
  # googleK8sCred:
  #   user: myuser
  #   password: mypassord


  # common global images
  # Busybox for simple shell manipulation
  busyboxImage: busybox:1.34.1

  # curl image
  curlImage: curlimages/curl:7.80.0

  # env substitution image
  envsubstImage: dibi/envsubst:1

  # generate htpasswd files image
  # there's only latest image for htpasswd
  htpasswdImage: xmartlabs/htpasswd:latest

  # kubenretes client image
  kubectlImage: bitnami/kubectl:1.22.4

  # logging agent
  loggingImage: beats/filebeat:5.5.0

  # mariadb client image
  mariadbImage: bitnami/mariadb:10.5.8

  # nginx server image
  nginxImage: bitnami/nginx:1.21.4

  # postgreSQL client and server image
  postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1

  # readiness check image
  readinessImage: onap/oom/readiness:3.0.1

  # image pull policy
  pullPolicy: Always

  # default java image
  jreImage: onap/integration-java11:10.0.0

  # default clusterName
  # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
  clusterName: cluster.local

  # default mount path root directory referenced
  # by persistent volumes and log files
  persistence:
    mountPath: /dockerdata-nfs
    enableDefaultStorageclass: false
    parameters: {}
    storageclassProvisioner: kubernetes.io/no-provisioner
    volumeReclaimPolicy: Retain

  # override default resource limit flavor for all charts
  flavor: unlimited

  # flag to enable debugging - application support required
  debugEnabled: false

  # default password complexity
  # available options: phrase, name, pin, basic, short, medium, long, maximum security
  # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
  passwordStrength: long

  # configuration to set log level to all components (the one that are using
  # "common.log.level" to set this)
  # can be overrided per components by setting logConfiguration.logLevelOverride
  # to the desired value
  # logLevel: DEBUG

  # Global ingress configuration
  ingress:
    # generally enable ingress for ONAP components
    enabled: false
    # enable all component's Ingress interfaces
    enable_all: false

    # default Ingress base URL and preAddr- and postAddr settings
    # Ingress URLs result:
    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
    virtualhost:
      # Default Ingress base URL
      # can be overwritten in component by setting ingress.baseurlOverride
      baseurl: "simpledemo.onap.org"
      # prefix for baseaddr
      # can be overwritten in component by setting ingress.preaddrOverride
      preaddr: ""
      # postfix for baseaddr
      # can be overwritten in component by setting ingress.postaddrOverride
      postaddr: ""

    # All http (port 80) requests via ingress will be redirected
    # to port 443 on Ingress controller
    # only valid for Istio Gateway (ServiceMesh enabled)
    config:
      ssl: "redirect"
    # you can set an own Secret containing a certificate
    # only valid for Istio Gateway (ServiceMesh enabled)
    #  tls:
    #    secret: 'my-ingress-cert'

    # optional: Namespace of the Istio IngressGateway
    # only valid for Istio Gateway (ServiceMesh enabled)
    namespace: istio-ingress

  # Global Service Mesh configuration
  # POC Mode, don't use it in production
  serviceMesh:
    enabled: false
    tls: true
    # be aware that linkerd is not well tested
    engine: "istio" # valid value: istio or linkerd

  # Global Istio Authorization Policy configuration
  authorizationPolicies:
    enabled: false

  # metrics part
  # If enabled, exporters (for prometheus) will be deployed
  # if custom resources set to yes, CRD from prometheus operartor will be
  # created
  # Not all components have it enabled.
  #
  metrics:
    enabled: true
    custom_resources: false

  # Disabling AAF
  # POC Mode, only for use in development environment
  # Keep it enabled in production
  aafEnabled: false
  aafAgentImage: onap/aaf/aaf_agent:2.1.20

  # Disabling MSB
  # POC Mode, only for use in development environment
  msbEnabled: true

  # default values for certificates
  certificate:
    default:
      renewBefore: 720h #30 days
      duration:    8760h #365 days
      subject:
        organization: "Linux-Foundation"
        country: "US"
        locality: "San-Francisco"
        province: "California"
        organizationalUnit: "ONAP"
      issuer:
        group: certmanager.onap.org
        kind: CMPv2Issuer
        name: cmpv2-issuer-onap

  # Enabling CMPv2
  cmpv2Enabled: false
  platform:
    certificates:
      clientSecretName: oom-cert-service-client-tls-secret
      keystoreKeyRef: keystore.jks
      truststoreKeyRef: truststore.jks
      keystorePasswordSecretName: oom-cert-service-certificates-password
      keystorePasswordSecretKey: password
      truststorePasswordSecretName: oom-cert-service-certificates-password
      truststorePasswordSecretKey: password

  # Indicates offline deployment build
  # Set to true if you are rendering helm charts for offline deployment
  # Otherwise keep it disabled
  offlineDeploymentBuild: false

  # TLS
  # Set to false if you want to disable TLS for NodePorts. Be aware that this
  # will loosen your security.
  # if set this element will force or not tls even if serviceMesh.tls is set.
  tlsEnabled: false

  # Logging
  # Currently, centralized logging is not in best shape so it's disabled by
  # default
  centralizedLoggingEnabled: &centralizedLogging false

  # Example of specific for the components where you want to disable TLS only for
  # it:
  # if set this element will force or not tls even if global.serviceMesh.tls and
  # global.tlsEnabled is set otherwise.
  # robot:
  #   tlsOverride: false

  # Global storage configuration
  #    Set to "-" for default, or with the name of the storage class
  #    Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
  #    storageclass with RWX capabilities (or set specific configuration for these
  #    components).
  # persistence:
  #   storageClass: "-"

# Example of specific for the components which requires RWX:
# aaf:
#   persistence:
#     storageClassOverride: "My_RWX_Storage_Class"
# contrib:
#   netbox:
#     netbox-app:
#       persistence:
#         storageClassOverride: "My_RWX_Storage_Class"
# cds:
#   cds-blueprints-processor:
#     persistence:
#       storageClassOverride: "My_RWX_Storage_Class"
# sdc:
#   sdc-onboarding-be:
#     persistence:
#       storageClassOverride: "My_RWX_Storage_Class"

#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################

aaf:
  enabled: false
  aaf-sms:
    cps:
      # you must always set the same values as value set in cps.enabled
      enabled: false
aai:
  enabled: false
cassandra:
  enabled: false
cds:
  enabled: false
clamp:
  enabled: false
cli:
  enabled: false
consul:
  enabled: false
# Today, "contrib" chart that hosting these components must also be enabled
# in order to make it work. So `contrib.enabled` must have the same value than
# addTestingComponents
contrib:
  enabled: *testing
cps:
  enabled: false
dcaegen2-services:
  enabled: false
holmes:
  enabled: false
dmaap:
  enabled: false
  message-router:
    enabled: false
  dmaap-bc:
    enabled: false
  dmaap-dr-prov:
    enabled: false
  dmaap-dr-node:
    enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
# value as centralizedLoggingEnabled
log:
  enabled: *centralizedLogging
sniro-emulator:
  enabled: false
oof:
  enabled: false
mariadb-galera:
  enabled: false
msb:
  enabled: false
multicloud:
  enabled: false
nbi:
  enabled: false
  config:
    # openstack configuration
    openStackRegion: "Yolo"
    openStackVNFTenantId: "1234"
policy:
  enabled: false
pomba:
  enabled: false
portal:
  enabled: false
robot:
  enabled: false
  config:
    # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
    openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
sdc:
  enabled: false
sdnc:
  enabled: false

  replicaCount: 1

  mysql:
    replicaCount: 1
so:
  enabled: false

  replicaCount: 1

  liveness:
    # necessary to disable liveness probe when setting breakpoints
    # in debugger so K8s doesn't restart unresponsive container
    enabled: false

  # so server configuration
  config:
    # message router configuration
    dmaapTopic: "AUTO"
    # openstack configuration
    openStackUserName: "vnf_user"
    openStackRegion: "RegionOne"
    openStackKeyStoneUrl: "http://1.2.3.4:5000"
    openStackServiceTenantName: "service"
    openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"

  # in order to enable static password for so-monitoring uncomment:
  # so-monitoring:
  #   server:
  #     monitoring:
  #       password: demo123456!

strimzi:
  enabled: false
  # Kafka replication & disk storage should be dimensioned
  # according to each given system use case.
  replicaCount: 3
  persistence:
    kafka:
      size: 10Gi
    zookeeper:
      size: 1Gi
  # Strimzi kafka bridge is an optional http api towards
  # kafka provided by https://strimzi.io/docs/bridge/latest/
  strimzi-kafka-bridge:
    enabled: false

uui:
  enabled: false
vfc:
  enabled: false
vnfsdk:
  enabled: false
modeling:
  enabled: false
platform:
  enabled: false
a1policymanagement:
  enabled: false
cert-wrapper:
  enabled: true
repository-wrapper:
  enabled: true
roles-wrapper:
  enabled: true