| # Copyright © 2020, Nordix Foundation, Orange |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| global: |
| mariadbGalera: &mariadbGalera |
| #This flag allows SO to instantiate its own mariadb-galera cluster |
| #When changing it to "true", also set "globalCluster: false" |
| #as the dependency check will not work otherwise (Chart.yaml) |
| localCluster: false |
| globalCluster: true |
| service: mariadb-galera |
| internalPort: 3306 |
| nameOverride: mariadb-galera |
| |
| secrets: |
| - uid: ejbca-db-secret |
| name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' |
| type: basicAuth |
| externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' |
| login: '{{ .Values.config.db.userName }}' |
| password: '{{ .Values.config.db.userPassword }}' |
| - uid: ejbca-server-ra-iak |
| name: '{{ include "common.release" . }}-ejbca-ra-iak' |
| type: password |
| password: '{{ .Values.config.ejbca.raIak }}' |
| - uid: ejbca-server-client-iak |
| name: '{{ include "common.release" . }}-ejbca-client-iak' |
| type: password |
| password: '{{ .Values.config.ejbca.clientIak }}' |
| |
| # application configuration |
| config: |
| db: |
| userName: ejbca |
| # userPassword: password |
| # userCredentialsExternalSecret: some-secret |
| ejbca: {} |
| # raIak: mypassword |
| # clientIak: mypassword |
| |
| mysqlDatabase: &dbName ejbca |
| |
| ################################################################# |
| # Application configuration defaults. |
| ################################################################# |
| # application configuration |
| replicaCount: 1 |
| |
| ejbca: |
| image: primekey/ejbca-ce:7.4.3.2 |
| pullPolicy: Always |
| |
| mariadb-galera: |
| db: |
| externalSecret: *ejbca-db-secret |
| name: *dbName |
| nameOverride: &ejbca-galera ejbca-galera |
| service: |
| name: ejbca-galera |
| portName: ejbca-galera |
| internalPort: 3306 |
| replicaCount: 1 |
| persistence: |
| enabled: true |
| mountSubPath: ejbca/maria/data |
| serviceAccount: |
| nameOverride: *ejbca-galera |
| |
| mariadb-init: |
| config: |
| userCredentialsExternalSecret: *ejbca-db-secret |
| mysqlDatabase: *dbName |
| nameOverride: ejbca-config |
| |
| nodeSelector: {} |
| |
| affinity: {} |
| |
| # probe configuration parameters |
| liveness: |
| path: /ejbca/publicweb/healthcheck/ejbcahealth |
| port: 8443 |
| initialDelaySeconds: 180 |
| periodSeconds: 30 |
| |
| readiness: |
| path: /ejbca/publicweb/healthcheck/ejbcahealth |
| port: 8443 |
| initialDelaySeconds: 180 |
| periodSeconds: 30 |
| |
| service: |
| type: ClusterIP |
| both_tls_and_plain: true |
| ports: |
| - name: api |
| port: 8443 |
| plain_port: 8080 |
| port_protocol: http |
| |
| # Resource Limit flavor -By Default using small |
| flavor: unlimited |
| # Segregation for Different environment (Small and Large) |
| resources: |
| small: |
| limits: |
| cpu: 1500m |
| memory: 1536Mi |
| requests: |
| cpu: 10m |
| memory: 750Mi |
| large: |
| limits: |
| cpu: 2 |
| memory: 2Gi |
| requests: |
| cpu: 20m |
| memory: 1Gi |
| unlimited: {} |
| |
| #Pods Service Account |
| serviceAccount: |
| nameOverride: ejbca |
| roles: |
| - read |