Netcracker · kannann1 · Sep 15, 2025 · Sep 15, 2025 · Sep 15, 2025 · Sep 16, 2025
@@ -10,9 +10,9 @@
       - [ParameterSet (in Template repository)](#parameterset-in-template-repository)
       - [Resource Profile Override (in Template)](#resource-profile-override-in-template)
       - [Composite Structure Template](#composite-structure-template)
-      - [BG Domain Template](#bg-domain-template)
       - [Registry Definition Template](#registry-definition-template)
       - [Application Definition Template](#application-definition-template)
+      - [BG Domain Template](#bg-domain-template)
     - [System Credentials File (in Template repository)](#system-credentials-file-in-template-repository)
   - [Instance Repository Objects](#instance-repository-objects)
     - [Environment Instance Objects](#environment-instance-objects)
@@ -102,17 +102,21 @@ cloud:
   # See details in https://github.com/Netcracker/qubership-envgene/blob/main/docs/template-inheritance.md
   overrides-parent:
     profile:
-      override-profile-name: string
-      parent-profile-name: string
-      baseline-profile-name: string
-      merge-with-parent: string
-    deployParameters: hashmap
-    e2eParameters: hashmap
-    technicalConfigurationParameters: hashmap
-    deployParameterSets: list
-    e2eParameterSets: list
-    technicalConfigurationParameterSets: list
-composite_structure: string
+      override-profile-name: <resource-profile-override-name>
+      parent-profile-name: <resource-profile-override-name>
+      baseline-profile-name: <resource-profile-baseline-name>
+      merge-with-parent: <boolean>
+    deployParameters: <hashmap-with-parameters>
+    e2eParameters: <hashmap-with-parameters>
+    technicalConfigurationParameters: <hashmap-with-parameters>
+    deployParameterSets: <list-with-parameter-sets>
+    e2eParameterSets: <list-with-parameter-sets>
+    technicalConfigurationParameterSets: <list-with-parameter-sets>
+# Optional
+composite_structure: <path-to-the-composite-structure-template-file>
+# Optional
+bg_domain: <path-to-the-bg-domain-template-file>
+# Optional
 namespaces:
   - # Optional
     # Path to the namespace template file
@@ -309,14 +313,6 @@ satellites:
     type: "namespace"
 ```
 
-#### BG Domain Template
-
-This is a Jinja template file used to render the [BG Domain](#bg-domain) object for environments that use Blue-Green Domain (BGD) support.
-
-**Location:** `/templates/env-templates/{Group name}/bg-domain.yml.j2`
-
-[Macros](/docs/template-macros.md) are available for use when developing the template.
-
 #### Registry Definition Template
 
 This is a Jinja template file used to render the [Registry Definition](#registry-definition) object.
@@ -374,6 +370,30 @@ artifactId: "application-1"
 groupId: "org.qubership"
 ```
 
+#### BG Domain Template
+
+This is a Jinja template file used to render the [BG Domain](#bg-domain) object for environments that use Blue-Green Domain (BGD) support.
+
+**Location:** `/templates/env_templates/*/bg-domain.yml.j2`
+
+**Example:**
+
+```yaml
+name: {{ current_env.environmentName ~ '-bg-domain' }}
+type: bgdomain
+originNamespace:
+  name: {{ current_env.get('additionalTemplateVariables', {}).get('ns_overrides', {}).get('origin-ns', current_env.environmentName ~ '-origin') }}
+  type: namespace
+peerNamespace:
+  name: {{ current_env.get('additionalTemplateVariables', {}).get('ns_overrides', {}).get('peer-ns', current_env.environmentName ~ '-peer') }}
+  type: namespace
+controllerNamespace:
+  name: {{ current_env.get('additionalTemplateVariables', {}).get('ns_overrides', {}).get('controller-ns', current_env.environmentName ~ '-controller') }}
+  type: namespace
+  credentials: controller-cred
+  url: https://controller-{{ current_env.get('additionalTemplateVariables', {}).get('ns_overrides', {}).get('controller-ns', current_env.environmentName ~ '-controller') }}.{{ current_env.cloud_passport.cloud.CLOUD_PUBLIC_HOST}}
+```
+
 ### System Credentials File (in Template repository)
 
 This file contains [Credential](#credential) objects used by EnvGene to integrate with external systems like artifact registries, GitLab, GitHub, and others.
@@ -631,7 +651,7 @@ satellites:
 
 #### BG Domain
 
-The BG Domain object defines the Blue-Green Domain structure and namespace mappings for environments that use BGD support. This object is used for alias resolution in the `NS_BUILD_FILTER` parameter and BGD lifecycle management.
+The BG Domain object defines the Blue-Green Domain structure and namespace mappings for environments that use BGD support. This object is used for alias resolution in the [`NS_BUILD_FILTER`](/docs/instance-pipeline-parameters.md#ns_build_filter) parameter and BGD lifecycle management.
 
 The BG Domain object is generated during Environment Instance generation based on:
 
@@ -651,7 +671,7 @@ type: bgdomain
 # Mandatory
 # Origin namespace definition
 # Used to define the currently active BGD namespace
-origin:
+originNamespace:
   # Mandatory
   # The name of the origin namespace
   # Used for BGD alias resolution and lifecycle operations
@@ -663,7 +683,7 @@ origin:
 # Mandatory
 # Peer namespace definition
 # Used to define the standby BGD namespace
-peer:
+peerNamespace:
   # Mandatory
   # The name of the peer namespace
   # Used for BGD alias resolution and lifecycle operations
@@ -675,7 +695,7 @@ peer:
 # Mandatory
 # Controller namespace definition
 # Used for BGD lifecycle management and coordination
-controller:
+controllerNamespace:
   # Mandatory
   # The name of the controller namespace
   # Used by BGD operations for lifecycle coordination
@@ -687,18 +707,42 @@ controller:
   # Mandatory
   # Credentials for accessing the BGD controller
   # Used for authentication with BG-Operator
-  credentialsIs: <bgd-controller-credentials>
+  credentials: <bgd-controller-credentials>
   # Mandatory
   # URL of the BG-Operator service
   # Used for BGD lifecycle operations
   url: <bg-operator-url>
 ```
 
+When generating an Environment Instance that includes a BG Domain object, a [Credential](#credential) object with `usernamePassword` type is also generated in the [Environment Credentials File](#environment-credentials-file). The ID of the Credential uses the value `bg_domain.controllerNamespace.credentials`.  
+The [`inventory.config.updateCredIdsWithEnvName`](/docs/envgene-configs.md#env_definitionyml) mechanism works for this Credential as well as for all other Credentials.
+
+**Location:** `/environments/<cluster-name>/<env-name>/bg-domain.yml`
+
+**Example:**
+
+```yaml
+bg_domain:
+  name: env-1-bg-domain
+  type: bgdomain
+  originNamespace:
+    name: env-1-bss-origin
+    type: namespace
+  peerNamespace:
+    name: env-1-bss-peer
+    type: namespace
+  controllerNamespace:
+    name: env-1-controller
+    credentials: controller-cred
+    type: namespace
+    url: https://controller-env-1-controller.qubership.org
+```
+
 **BGD Alias Resolution:** Used by `NS_BUILD_FILTER` parameter to resolve BGD aliases:
 
-- `${controller}` → controller namespace
-- `${origin}` → origin namespaces
-- `${peer}` → peer namespaces
+- `@controller` → controller namespace
+- `@origin` → origin namespaces
+- `@peer` → peer namespaces
 
 ### Solution Descriptor
 

@@ -48,6 +48,7 @@
         - [\[Version 2.0\]\[Topology Context\] `k8s_tokens` Example](#version-20topology-context-k8s_tokens-example)
         - [\[Version 2.0\]\[Topology Context\] `environments` Example](#version-20topology-context-environments-example)
         - [\[Version 2.0\]\[Topology Context\] `cluster` Example](#version-20topology-context-cluster-example)
+        - [\[Version 2.0\]\[Topology Context\] `bg_domain` Example](#version-20topology-context-bg_domain-example)
       - [\[Version 2.0\] Runtime Parameter Context](#version-20-runtime-parameter-context)
         - [\[Version 2.0\]\[Runtime Parameter Context\] `parameters.yaml`](#version-20runtime-parameter-context-parametersyaml)
         - [\[Version 2.0\]\[Runtime Parameter Context\] `credentials.yaml`](#version-20runtime-parameter-context-credentialsyaml)
@@ -1007,6 +1008,7 @@ This context only contains parameters generated by EnvGene:
 | **k8s_tokens** | Mandatory | Contains deployment tokens for each namespace in the Environment Instance. The value is derived from the `data.secret` property of the Credential specified via `defaultCredentialsId` attribute in the corresponding `Namespace` or parent `Cloud`. If the attribute is not defined at the `Namespace` level, it is inherited from the parent `Cloud`. If defined at both levels, the `Namespace` value takes precedence. Either the `Cloud` or `Namespace` must define `defaultCredentialsId`. This variable is located in `credentials.yaml` | None | [example](#version-20topology-context-k8s_tokens-example) |
 | **environments** | Mandatory | Contains **all** repository Environments, not just the one for which the Effective Set calculation was run. For each Environment, it includes the names of its contained namespaces. For each namespace, it provides a deploy postfix. The `deployPostfix` is taken from the Environment Instance's namespace folder name (a child of `Namespace` and parent of namespace.yml), which also acts as the namespace template name. This variable is located in `parameters.yaml` | None | [example](#version-20topology-context-environments-example) |
 | **cluster** | Mandatory | Contains information about the cluster where the Environment Instance is deployed. Includes cluster name, type, and other cluster-specific metadata taken from the [Cloud](/docs/envgene-objects.md#cloud) object. This variable is located in `parameters.yaml` | `{}` | [example](#version-20topology-context-cluster-example) |
+| **bg_domain** | Mandatory | Contains the [BG Domain](/docs/envgene-objects.md#bg-domain) object from the Environment Instance for which the Effective Set is generated. Additionally, Calculator CLI adds two extra sensitive attribute `bg_domain.controllerNamespace.username` and `bg_domain.controllerNamespace.password` whose value is taken from the [Credential](/docs/envgene-objects.md#credential) with `usernamePassword` type  and the ID from the `bg_domain.controllerNamespace.credentials` attribute. Non-sensitive parts of this variable are stored in `parameters.yaml`, while sensitive parts are stored in `credentials.yaml`. | `{}` | [example](#version-20topology-context-bg_domain-example) |
 
 ##### \[Version 2.0][Topology Context] `composite_structure` Example
 
@@ -1065,15 +1067,45 @@ environments:
 ```yaml
 cluster:
   # Taken from the `apiUrl` attribute of the Cloud
-  api_url: "api.cl-03.managed.qubership.cloud"
+  api_url: "api.cl-03.managed.qubership.org"
   # Taken from the `apiPort` attribute of the Cloud
   api_port: "6443"
   # Taken from the `publicUrl` attribute of the Cloud
-  public_url: "apps.cl-03.managed.qubership.cloud"
+  public_url: "apps.cl-03.managed.qubership.org"
   # Taken from the `protocol` attribute of the Cloud
   protocol: "https"
 ```
 
+##### \[Version 2.0][Topology Context] `bg_domain` Example
+
+**`parameters.yaml`**
+
+```yaml
+bg_domain:
+  name: env-1-bg-domain
+  type: bgdomain
+  originNamespace:
+    name: env-1-bss-origin
+    type: namespace
+  peerNamespace:
+    name: env-1-bss-peer
+    type: namespace
+  controllerNamespace:
+    name: env-1-controller
+    type: namespace
+    credentials: controller-cred
+    url: https://controller-env-1-controller.qubership.org
+```
+
+**`credentials.yaml`**
+
+```yaml
+bg_domain:
+  controllerNamespace:
+    username: user
+    password: glpat-qzypHtKK
+```
+
 #### [Version 2.0] Runtime Parameter Context
 
 This file's parameters define a **distinct** context for managing application behavior without redeployment. These parameters can be applied without redeploying the application.

@@ -16,9 +16,9 @@ You can set the value of `NS_BUILD_FILTER` in two ways:
 
 You can use BG Domain role aliases as namespace selectors:
 
-- `${controller}` - controller namespace
-- `${origin}` - origin namespace  
-- `${peer}` - peer namespace
+- `@controller` - controller namespace
+- `@origin` - origin namespace  
+- `@peer` - peer namespace
 
 EnvGene resolves these aliases using the [BG Domain](/docs/envgene-objects.md#bg-domain) object. To use aliases, the BG Domain object must exist in the Environment.
 
@@ -40,15 +40,15 @@ The following operators are available:
 ### Update all except the peer NS
 
 ```yaml
-NS_BUILD_FILTER: "! ${peer}"
+NS_BUILD_FILTER: "! @peer"
 # or
 NS_BUILD_FILTER: "! env-name-peer"
 ```
 
 ### Update only the peer NS
 
 ```yaml
-NS_BUILD_FILTER: "${peer}"
+NS_BUILD_FILTER: "@peer"
 # or
 NS_BUILD_FILTER: "env-name-peer"
 ```
@@ -65,10 +65,10 @@ NS_BUILD_FILTER is not provided
 
 ```yaml
 # Update controller and origin
-NS_BUILD_FILTER: "${peer},${origin}"
+NS_BUILD_FILTER: "@peer,@origin"
 
 # Update all except peer and controller
-NS_BUILD_FILTER: "! ${peer},${controller}"
+NS_BUILD_FILTER: "! @peer,@controller"
 
 # Update specific namespaces by name
 NS_BUILD_FILTER: "env-name-api,env-name-frontend"