blob: ee3beffd7f3c8b240d7936eec1eba23d1f4fa901 [file] [log] [blame]
EmmettCoxbca68e02020-02-27 14:20:52 +00001# Copyright © 2020, Nokia
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +02002# Modifications Copyright © 2020, Nordix Foundation, Orange
EmmettCoxbca68e02020-02-27 14:20:52 +00003#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16# Global
17global:
18 envsubstImage: dibi/envsubst
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +020019 nodePortPrefix: 302
20 # Readiness image
21 readinessRepository: oomk8s
22 readinessImage: readiness-check:2.0.2
23 # Ubuntu Init image
24 ubuntuInitRepository: registry.hub.docker.com
25 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
26 # Logging image
27 loggingRepository: docker.elastic.co
28 loggingImage: beats/filebeat:5.5.0
29 # BusyBox image
30 busyboxRepository: registry.hub.docker.com
31 busyboxImage: library/busybox:1.31
32 persistence:
33 enabled: true
34 # Standard OOM
35 pullPolicy: "Always"
36 repository: "nexus3.onap.org:10001"
37
EmmettCoxbca68e02020-02-27 14:20:52 +000038
39# Service configuration
40service:
41 type: ClusterIP
42 ports:
43 - name: http
44 port: 8443
45 port_protocol: http
46
47
48# Deployment configuration
49repository: nexus3.onap.org:10001
Piotr Marcinkiewicz1dd76392020-07-20 16:22:52 +020050image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
EmmettCoxbca68e02020-02-27 14:20:52 +000051pullPolicy: Always
52replicaCount: 1
53
54liveness:
55 initialDelaySeconds: 60
56 periodSeconds: 10
57 command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
58readiness:
59 initialDelaySeconds: 30
60 periodSeconds: 10
61 command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
62
63flavor: small
64resources:
65 small:
66 limits:
67 cpu: 0.5
68 memory: 1Gi
69 requests:
70 cpu: 0.2
71 memory: 512Mi
72 large:
73 limits:
74 cpu: 1
75 memory: 2Gi
76 requests:
77 cpu: 0.4
78 memory: 1Gi
79 unlimited: {}
80
81
82# Application configuration
83cmpServers:
84 secret:
85 name: aaf-cert-service-secret
86 volume:
87 name: aaf-cert-service-volume
88 mountPath: /etc/onap/aaf/certservice
89
90tls:
91 server:
92 secret:
93 name: aaf-cert-service-server-tls-secret
94 volume:
95 name: aaf-cert-service-server-tls-volume
96 mountPath: /etc/onap/aaf/certservice/certs/
97 client:
98 secret:
99 defaultName: aaf-cert-service-client-tls-secret
100
101envs:
102 keystore:
103 jksName: certServiceServer-keystore.jks
104 p12Name: certServiceServer-keystore.p12
105 truststore:
106 jksName: truststore.jks
107 crtName: root.crt
108 httpsPort: 8443
109
110# External secrets with credentials can be provided to override default credentials defined below,
111# by uncommenting and filling appropriate *ExternalSecret value
112credentials:
113 tls:
114 keystorePassword: secret
115 truststorePassword: secret
116 #keystorePasswordExternalSecret:
117 #truststorePasswordExternalSecret:
118 # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
119 cmp:
120 #clientIakExternalSecret:
121 #clientRvExternalSecret:
122 #raIakExternalSecret:
123 #raRvExternalSecret:
124 client: {}
125 # iak: mypassword
126 # rv: unused
127 ra: {}
128 # iak: mypassword
129 # rv: unused
130
131secrets:
132 - uid: keystore-password
133 name: '{{ include "common.release" . }}-keystore-password'
134 type: password
135 externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
136 password: '{{ .Values.credentials.tls.keystorePassword }}'
137 passwordPolicy: required
138 - uid: truststore-password
139 name: '{{ include "common.release" . }}-truststore-password'
140 type: password
141 externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
142 password: '{{ .Values.credentials.tls.truststorePassword }}'
143 passwordPolicy: required
144 # Below values are relevant only if global addTestingComponents flag is enabled
145 - uid: ejbca-server-client-iak
146 type: password
147 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
148 password: '{{ .Values.credentials.cmp.client.iak }}'
149 - uid: cmp-config-client-rv
150 type: password
151 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
152 password: '{{ .Values.credentials.cmp.client.rv }}'
153 - uid: ejbca-server-ra-iak
154 type: password
155 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
156 password: '{{ .Values.credentials.cmp.ra.iak }}'
157 - uid: cmp-config-ra-rv
158 type: password
159 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
160 password: '{{ .Values.credentials.cmp.ra.rv }}'