blob: c223f41f795491b4de8c7c7d016a2bc26f5e0d0b [file] [log] [blame]
# Copyright © 2020, Nordix Foundation, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
global:
mariadbGalera: &mariadbGalera
#This flag allows SO to instantiate its own mariadb-galera cluster
#When changing it to "true", also set "globalCluster: false"
#as the dependency check will not work otherwise (Chart.yaml)
localCluster: false
globalCluster: true
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
secrets:
- uid: ejbca-db-secret
name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
- uid: ejbca-server-ra-iak
name: '{{ include "common.release" . }}-ejbca-ra-iak'
type: password
password: '{{ .Values.config.ejbca.raIak }}'
- uid: ejbca-server-client-iak
name: '{{ include "common.release" . }}-ejbca-client-iak'
type: password
password: '{{ .Values.config.ejbca.clientIak }}'
# application configuration
config:
db:
userName: ejbca
# userPassword: password
# userCredentialsExternalSecret: some-secret
ejbca: {}
# raIak: mypassword
# clientIak: mypassword
mysqlDatabase: &dbName ejbca
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
replicaCount: 1
ejbca:
image: primekey/ejbca-ce:7.4.3.2
pullPolicy: Always
mariadb-galera:
db:
externalSecret: *ejbca-db-secret
name: *dbName
nameOverride: &ejbca-galera ejbca-galera
service:
name: ejbca-galera
portName: ejbca-galera
internalPort: 3306
replicaCount: 1
persistence:
enabled: true
mountSubPath: ejbca/maria/data
serviceAccount:
nameOverride: *ejbca-galera
mariadb-init:
config:
userCredentialsExternalSecret: *ejbca-db-secret
mysqlDatabase: *dbName
nameOverride: ejbca-config
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
port: 8443
initialDelaySeconds: 180
periodSeconds: 30
readiness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
port: 8443
initialDelaySeconds: 180
periodSeconds: 30
service:
type: ClusterIP
both_tls_and_plain: true
ports:
- name: api
port: 8443
plain_port: 8080
port_protocol: http
# Resource Limit flavor -By Default using small
flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
cpu: 1500m
memory: 1536Mi
requests:
cpu: 10m
memory: 750Mi
large:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 20m
memory: 1Gi
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: ejbca
roles:
- read