blob: 0fbee4c07ffcb69269a08d3f51bccdebc94419aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefix: 302
secrets:
- uid: pg-root-pass
name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
type: password
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
type: basicAuth
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
#################################################################
# AAF part
#################################################################
certInitializer:
nameOverride: refrepo-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
fqdn: refrepo
fqi: refrepo@refrepo.onap.org
fqi_namespace: org.onap.refrepo
public_fqdn: refrepo.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
aaf_add_config: |
echo "*** transform AAF certs into pem files"
mkdir -p {{ .Values.credsPath }}/certs
echo "keystore password: $$cadi_keystore_password_p12"
openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
-nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
-passin pass:$cadi_keystore_password_p12 \
-passout pass:$cadi_keystore_password_p12
echo "*** copy key"
cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
{{ .Values.credsPath }}/certs/cert.key
echo "*** change ownership of certificates to targeted user"
chown -R 999 {{ .Values.credsPath }}/certs
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/vnfsdk/refrepo:1.6.3
pullPolicy: Always
# application configuration override for postgres
postgres:
nameOverride: vnfsdk-postgres
service:
name: vnfsdk-dbset
name2: vnfsdk-dbpri
name3: vnfsdk-dbrep
container:
name:
primary: vnfsdk-dbpri
replica: vnfsdk-dbrep
persistence:
mountSubPath: vnfsdk/data
mountInitPath: vnfsdk
config:
pgUserName: postgres
pgDatabase: postgres
pgUserExternalSecret: *pgUserCredsSecretName
pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false
nodeSelector: {}
affinity: {}
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
large:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 1000m
memory: 2Gi
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 60
periodSeconds: 30
service:
type: NodePort
name: refrepo
portName: https
nodePort: 97
internalPort: 8703
ingress:
enabled: false
service:
- baseaddr: "refrepo"
name: "refrepo"
port: 8703
config:
ssl: "redirect"
|
