Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 1a0ff537f9a01edbe92acfdaa7a670c78a07118c / . / kubernetes / aaf / components / aaf-cert-service / values.yaml
blob: 9345edf9c3715e4a2bcd24d6a823f36afeaa7b75 [file] [log] [blame]
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]1# Copyright © 2020, Nokia
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]2# Modifications Copyright © 2020, Nordix Foundation, Orange
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16# Global
17global:
18 envsubstImage: dibi/envsubst
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]19 nodePortPrefix: 302
20 # Readiness image
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +0200[diff] [blame]21 readinessImage: onap/oom/readiness:3.0.1
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]22 # Ubuntu Init image
23 ubuntuInitRepository: registry.hub.docker.com
24 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
25 # Logging image
26 loggingRepository: docker.elastic.co
27 loggingImage: beats/filebeat:5.5.0
28 # BusyBox image
29 busyboxRepository: registry.hub.docker.com
30 busyboxImage: library/busybox:1.31
31 persistence:
32 enabled: true
33 # Standard OOM
34 pullPolicy: "Always"
35 repository: "nexus3.onap.org:10001"
36
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]37
38# Service configuration
39service:
40 type: ClusterIP
41 ports:
42 - name: http
43 port: 8443
44 port_protocol: http
45
46
47# Deployment configuration
48repository: nexus3.onap.org:10001
Piotr Marcinkiewicz1dd76392020-07-20 16:22:52 +0200[diff] [blame]49image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]50pullPolicy: Always
51replicaCount: 1
52
53liveness:
54 initialDelaySeconds: 60
55 periodSeconds: 10
56 command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
57readiness:
58 initialDelaySeconds: 30
59 periodSeconds: 10
60 command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
61
62flavor: small
63resources:
64 small:
65 limits:
66 cpu: 0.5
67 memory: 1Gi
68 requests:
69 cpu: 0.2
70 memory: 512Mi
71 large:
72 limits:
73 cpu: 1
74 memory: 2Gi
75 requests:
76 cpu: 0.4
77 memory: 1Gi
78 unlimited: {}
79
80
81# Application configuration
82cmpServers:
83 secret:
84 name: aaf-cert-service-secret
85 volume:
86 name: aaf-cert-service-volume
87 mountPath: /etc/onap/aaf/certservice
88
89tls:
90 server:
91 secret:
92 name: aaf-cert-service-server-tls-secret
93 volume:
94 name: aaf-cert-service-server-tls-volume
95 mountPath: /etc/onap/aaf/certservice/certs/
96 client:
97 secret:
98 defaultName: aaf-cert-service-client-tls-secret
99
100envs:
101 keystore:
102 jksName: certServiceServer-keystore.jks
103 p12Name: certServiceServer-keystore.p12
104 truststore:
105 jksName: truststore.jks
106 crtName: root.crt
107 httpsPort: 8443
108
109# External secrets with credentials can be provided to override default credentials defined below,
110# by uncommenting and filling appropriate *ExternalSecret value
111credentials:
112 tls:
113 keystorePassword: secret
114 truststorePassword: secret
115 #keystorePasswordExternalSecret:
116 #truststorePasswordExternalSecret:
117 # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
118 cmp:
119 #clientIakExternalSecret:
120 #clientRvExternalSecret:
121 #raIakExternalSecret:
122 #raRvExternalSecret:
123 client: {}
124 # iak: mypassword
125 # rv: unused
126 ra: {}
127 # iak: mypassword
128 # rv: unused
129
130secrets:
131 - uid: keystore-password
132 name: '{{ include "common.release" . }}-keystore-password'
133 type: password
134 externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
135 password: '{{ .Values.credentials.tls.keystorePassword }}'
136 passwordPolicy: required
137 - uid: truststore-password
138 name: '{{ include "common.release" . }}-truststore-password'
139 type: password
140 externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
141 password: '{{ .Values.credentials.tls.truststorePassword }}'
142 passwordPolicy: required
143 # Below values are relevant only if global addTestingComponents flag is enabled
144 - uid: ejbca-server-client-iak
145 type: password
146 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
147 password: '{{ .Values.credentials.cmp.client.iak }}'
148 - uid: cmp-config-client-rv
149 type: password
150 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
151 password: '{{ .Values.credentials.cmp.client.rv }}'
152 - uid: ejbca-server-ra-iak
153 type: password
154 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
155 password: '{{ .Values.credentials.cmp.ra.iak }}'
156 - uid: cmp-config-ra-rv
157 type: password
158 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
159 password: '{{ .Values.credentials.cmp.ra.rv }}'