kubernetes/contrib/components/ejbca/values.yaml

# Copyright © 2020, Nordix Foundation, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
global:
  mariadbGalera: &mariadbGalera
    #This flag allows SO to instantiate its own mariadb-galera cluster
    #When changing it to "true", also set "globalCluster: false"
    #as the dependency check will not work otherwise (Chart.yaml)
    localCluster: false
    globalCluster: true
    service: mariadb-galera
    internalPort: 3306
    nameOverride: mariadb-galera

secrets:
  - uid: ejbca-db-secret
    name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
    login: '{{ .Values.config.db.userName }}'
    password: '{{ .Values.config.db.userPassword }}'
  - uid: ejbca-server-ra-iak
    name: '{{ include "common.release" . }}-ejbca-ra-iak'
    type: password
    password: '{{ .Values.config.ejbca.raIak }}'
  - uid: ejbca-server-client-iak
    name: '{{ include "common.release" . }}-ejbca-client-iak'
    type: password
    password: '{{ .Values.config.ejbca.clientIak }}'

# application configuration
config:
  db:
    userName: ejbca
    # userPassword: password
    # userCredentialsExternalSecret: some-secret
  ejbca: {}
    # raIak: mypassword
    # clientIak: mypassword

mysqlDatabase: &dbName ejbca

#################################################################
# Application configuration defaults.
#################################################################
# application configuration
replicaCount: 1

ejbca:
  image: primekey/ejbca-ce:7.4.3.2
pullPolicy: Always

mariadb-galera:
  db:
    externalSecret: *ejbca-db-secret
    name: *dbName
  nameOverride: &ejbca-galera ejbca-galera
  service:
    name: ejbca-galera
    portName: ejbca-galera
    internalPort: 3306
  replicaCount: 1
  persistence:
    enabled: true
    mountSubPath: ejbca/maria/data
  serviceAccount:
    nameOverride: *ejbca-galera

mariadb-init:
  config:
    userCredentialsExternalSecret: *ejbca-db-secret
    mysqlDatabase: *dbName
  nameOverride: ejbca-config

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  path: /ejbca/publicweb/healthcheck/ejbcahealth
  port: 8443
  initialDelaySeconds: 180
  periodSeconds: 30

readiness:
  path: /ejbca/publicweb/healthcheck/ejbcahealth
  port: 8443
  initialDelaySeconds: 180
  periodSeconds: 30

service:
  type: ClusterIP
  both_tls_and_plain: true
  ports:
    - name: api
      port: 8443
      plain_port: 8080
      port_protocol: http

# Resource Limit flavor -By Default using small
flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
  small:
    limits:
      cpu: 1500m
      memory: 1536Mi
    requests:
      cpu: 10m
      memory: 750Mi
  large:
    limits:
      cpu: 2
      memory: 2Gi
    requests:
      cpu: 20m
      memory: 1Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: ejbca
  roles:
    - read