blob: 9345edf9c3715e4a2bcd24d6a823f36afeaa7b75 [file] [log] [blame]
# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Global
global:
envsubstImage: dibi/envsubst
nodePortPrefix: 302
# Readiness image
readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
# Logging image
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# BusyBox image
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
repository: "nexus3.onap.org:10001"
# Service configuration
service:
type: ClusterIP
ports:
- name: http
port: 8443
port_protocol: http
# Deployment configuration
repository: nexus3.onap.org:10001
image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
pullPolicy: Always
replicaCount: 1
liveness:
initialDelaySeconds: 60
periodSeconds: 10
command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
readiness:
initialDelaySeconds: 30
periodSeconds: 10
command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
flavor: small
resources:
small:
limits:
cpu: 0.5
memory: 1Gi
requests:
cpu: 0.2
memory: 512Mi
large:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 0.4
memory: 1Gi
unlimited: {}
# Application configuration
cmpServers:
secret:
name: aaf-cert-service-secret
volume:
name: aaf-cert-service-volume
mountPath: /etc/onap/aaf/certservice
tls:
server:
secret:
name: aaf-cert-service-server-tls-secret
volume:
name: aaf-cert-service-server-tls-volume
mountPath: /etc/onap/aaf/certservice/certs/
client:
secret:
defaultName: aaf-cert-service-client-tls-secret
envs:
keystore:
jksName: certServiceServer-keystore.jks
p12Name: certServiceServer-keystore.p12
truststore:
jksName: truststore.jks
crtName: root.crt
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
tls:
keystorePassword: secret
truststorePassword: secret
#keystorePasswordExternalSecret:
#truststorePasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
#clientIakExternalSecret:
#clientRvExternalSecret:
#raIakExternalSecret:
#raRvExternalSecret:
client: {}
# iak: mypassword
# rv: unused
ra: {}
# iak: mypassword
# rv: unused
secrets:
- uid: keystore-password
name: '{{ include "common.release" . }}-keystore-password'
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
password: '{{ .Values.credentials.tls.keystorePassword }}'
passwordPolicy: required
- uid: truststore-password
name: '{{ include "common.release" . }}-truststore-password'
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
password: '{{ .Values.credentials.tls.truststorePassword }}'
passwordPolicy: required
# Below values are relevant only if global addTestingComponents flag is enabled
- uid: ejbca-server-client-iak
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.client.iak }}'
- uid: cmp-config-client-rv
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.client.rv }}'
- uid: ejbca-server-ra-iak
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.ra.iak }}'
- uid: cmp-config-ra-rv
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.ra.rv }}'