Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 1 | # Copyright © 2020, Nordix Foundation, Orange |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | global: |
Sylvain Desbureaux | 5ee4dd4 | 2020-11-21 22:52:46 +0100 | [diff] [blame] | 15 | mariadbGalera: &mariadbGalera |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 16 | #This flag allows EJBCA to instantiate its own mariadb-galera cluster |
| 17 | localCluster: false |
| 18 | service: mariadb-galera |
| 19 | internalPort: 3306 |
| 20 | nameOverride: mariadb-galera |
| 21 | |
| 22 | secrets: |
| 23 | - uid: ejbca-db-secret |
| 24 | name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' |
| 25 | type: basicAuth |
| 26 | externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' |
| 27 | login: '{{ .Values.config.db.userName }}' |
| 28 | password: '{{ .Values.config.db.userPassword }}' |
| 29 | - uid: ejbca-server-ra-iak |
| 30 | name: '{{ include "common.release" . }}-ejbca-ra-iak' |
| 31 | type: password |
| 32 | password: '{{ .Values.config.ejbca.raIak }}' |
| 33 | - uid: ejbca-server-client-iak |
| 34 | name: '{{ include "common.release" . }}-ejbca-client-iak' |
| 35 | type: password |
| 36 | password: '{{ .Values.config.ejbca.clientIak }}' |
| 37 | |
| 38 | # application configuration |
| 39 | config: |
| 40 | db: |
| 41 | userName: ejbca |
| 42 | # userPassword: password |
| 43 | # userCredentialsExternalSecret: some-secret |
| 44 | ejbca: {} |
| 45 | # raIak: mypassword |
| 46 | # clientIak: mypassword |
| 47 | |
| 48 | mysqlDatabase: &dbName ejbca |
| 49 | |
| 50 | ################################################################# |
| 51 | # Application configuration defaults. |
| 52 | ################################################################# |
| 53 | # application configuration |
| 54 | replicaCount: 1 |
| 55 | |
| 56 | ejbca: |
Piotr Marcinkiewicz | 983f2fa | 2021-05-11 13:07:36 +0200 | [diff] [blame] | 57 | image: primekey/ejbca-ce:7.4.3.2 |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 58 | pullPolicy: Always |
| 59 | |
| 60 | mariadb-galera: |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 61 | db: |
| 62 | externalSecret: *ejbca-db-secret |
| 63 | name: *dbName |
| 64 | nameOverride: &ejbca-galera ejbca-galera |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 65 | service: |
| 66 | name: ejbca-galera |
| 67 | portName: ejbca-galera |
| 68 | internalPort: 3306 |
| 69 | replicaCount: 1 |
| 70 | persistence: |
| 71 | enabled: true |
| 72 | mountSubPath: ejbca/maria/data |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 73 | serviceAccount: |
| 74 | nameOverride: *ejbca-galera |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 75 | |
| 76 | mariadb-init: |
Sylvain Desbureaux | 93a5b49 | 2020-11-27 11:07:42 +0100 | [diff] [blame] | 77 | config: |
| 78 | userCredentialsExternalSecret: *ejbca-db-secret |
| 79 | mysqlDatabase: *dbName |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 80 | nameOverride: ejbca-config |
| 81 | |
| 82 | nodeSelector: {} |
| 83 | |
| 84 | affinity: {} |
| 85 | |
| 86 | # probe configuration parameters |
| 87 | liveness: |
| 88 | path: /ejbca/publicweb/healthcheck/ejbcahealth |
Radoslaw Chmiel | 527662f | 2022-06-02 19:23:26 +0200 | [diff] [blame] | 89 | port: 8443 |
| 90 | initialDelaySeconds: 180 |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 91 | periodSeconds: 30 |
| 92 | |
| 93 | readiness: |
| 94 | path: /ejbca/publicweb/healthcheck/ejbcahealth |
Radoslaw Chmiel | 527662f | 2022-06-02 19:23:26 +0200 | [diff] [blame] | 95 | port: 8443 |
| 96 | initialDelaySeconds: 180 |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 97 | periodSeconds: 30 |
| 98 | |
| 99 | service: |
| 100 | type: ClusterIP |
egernug | 9903d6b | 2020-05-27 09:02:25 +0100 | [diff] [blame] | 101 | both_tls_and_plain: true |
Sylvain Desbureaux | d1ca1ee | 2020-04-07 14:52:20 +0200 | [diff] [blame] | 102 | ports: |
| 103 | - name: api |
| 104 | port: 8443 |
| 105 | plain_port: 8080 |
| 106 | port_protocol: http |
Sylvain Desbureaux | 1539273 | 2020-10-22 09:49:54 +0200 | [diff] [blame] | 107 | |
| 108 | # Resource Limit flavor -By Default using small |
Radoslaw Chmiel | 527662f | 2022-06-02 19:23:26 +0200 | [diff] [blame] | 109 | flavor: unlimited |
Sylvain Desbureaux | 1539273 | 2020-10-22 09:49:54 +0200 | [diff] [blame] | 110 | # Segregation for Different environment (Small and Large) |
| 111 | resources: |
| 112 | small: |
| 113 | limits: |
| 114 | cpu: 1500m |
| 115 | memory: 1536Mi |
| 116 | requests: |
| 117 | cpu: 10m |
| 118 | memory: 750Mi |
| 119 | large: |
| 120 | limits: |
| 121 | cpu: 2 |
| 122 | memory: 2Gi |
| 123 | requests: |
| 124 | cpu: 20m |
| 125 | memory: 1Gi |
| 126 | unlimited: {} |
farida azmy | e273f78 | 2021-10-02 16:04:52 +0200 | [diff] [blame] | 127 | |
| 128 | #Pods Service Account |
| 129 | serviceAccount: |
| 130 | nameOverride: ejbca |
| 131 | roles: |
| 132 | - read |