| # Copyright © 2020, Nokia |
| # Modifications Copyright © 2020, Nordix Foundation, Orange |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Global |
| global: |
| envsubstImage: dibi/envsubst |
| nodePortPrefix: 302 |
| # Readiness image |
| readinessImage: onap/oom/readiness:3.0.1 |
| # Ubuntu Init image |
| ubuntuInitRepository: registry.hub.docker.com |
| ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 |
| # Logging image |
| loggingRepository: docker.elastic.co |
| loggingImage: beats/filebeat:5.5.0 |
| # BusyBox image |
| busyboxRepository: registry.hub.docker.com |
| busyboxImage: library/busybox:1.31 |
| persistence: |
| enabled: true |
| # Standard OOM |
| pullPolicy: "Always" |
| repository: "nexus3.onap.org:10001" |
| |
| |
| # Service configuration |
| service: |
| type: ClusterIP |
| ports: |
| - name: http |
| port: 8443 |
| port_protocol: http |
| |
| |
| # Deployment configuration |
| repository: nexus3.onap.org:10001 |
| image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0 |
| pullPolicy: Always |
| replicaCount: 1 |
| |
| liveness: |
| initialDelaySeconds: 60 |
| periodSeconds: 10 |
| command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD |
| readiness: |
| initialDelaySeconds: 30 |
| periodSeconds: 10 |
| command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD |
| |
| flavor: small |
| resources: |
| small: |
| limits: |
| cpu: 0.5 |
| memory: 1Gi |
| requests: |
| cpu: 0.2 |
| memory: 512Mi |
| large: |
| limits: |
| cpu: 1 |
| memory: 2Gi |
| requests: |
| cpu: 0.4 |
| memory: 1Gi |
| unlimited: {} |
| |
| |
| # Application configuration |
| cmpServers: |
| secret: |
| name: aaf-cert-service-secret |
| volume: |
| name: aaf-cert-service-volume |
| mountPath: /etc/onap/aaf/certservice |
| |
| tls: |
| server: |
| secret: |
| name: aaf-cert-service-server-tls-secret |
| volume: |
| name: aaf-cert-service-server-tls-volume |
| mountPath: /etc/onap/aaf/certservice/certs/ |
| client: |
| secret: |
| defaultName: aaf-cert-service-client-tls-secret |
| |
| envs: |
| keystore: |
| jksName: certServiceServer-keystore.jks |
| p12Name: certServiceServer-keystore.p12 |
| truststore: |
| jksName: truststore.jks |
| crtName: root.crt |
| httpsPort: 8443 |
| |
| # External secrets with credentials can be provided to override default credentials defined below, |
| # by uncommenting and filling appropriate *ExternalSecret value |
| credentials: |
| tls: |
| keystorePassword: secret |
| truststorePassword: secret |
| #keystorePasswordExternalSecret: |
| #truststorePasswordExternalSecret: |
| # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled |
| cmp: |
| #clientIakExternalSecret: |
| #clientRvExternalSecret: |
| #raIakExternalSecret: |
| #raRvExternalSecret: |
| client: {} |
| # iak: mypassword |
| # rv: unused |
| ra: {} |
| # iak: mypassword |
| # rv: unused |
| |
| secrets: |
| - uid: keystore-password |
| name: '{{ include "common.release" . }}-keystore-password' |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' |
| password: '{{ .Values.credentials.tls.keystorePassword }}' |
| passwordPolicy: required |
| - uid: truststore-password |
| name: '{{ include "common.release" . }}-truststore-password' |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' |
| password: '{{ .Values.credentials.tls.truststorePassword }}' |
| passwordPolicy: required |
| # Below values are relevant only if global addTestingComponents flag is enabled |
| - uid: ejbca-server-client-iak |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' |
| password: '{{ .Values.credentials.cmp.client.iak }}' |
| - uid: cmp-config-client-rv |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' |
| password: '{{ .Values.credentials.cmp.client.rv }}' |
| - uid: ejbca-server-ra-iak |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' |
| password: '{{ .Values.credentials.cmp.ra.iak }}' |
| - uid: cmp-config-ra-rv |
| type: password |
| externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' |
| password: '{{ .Values.credentials.cmp.ra.rv }}' |