Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / d8e1c6c974e5df6a7b34e1fa04b64f40d8bbcbab / . / kubernetes / platform / components / oom-cert-service / values.yaml
blob: 537b025fb053564a7fa414dcae08c8264e8b20d7 [file] [log] [blame]
Joanna Jeremicz5b03f952021-01-27 13:15:16 +0100[diff] [blame]1# Copyright © 2020-2021, Nokia
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]2# Modifications Copyright © 2020, Nordix Foundation, Orange
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]3# Modifications Copyright © 2020 Nokia
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17# Global
18global:
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]19 nodePortPrefix: 302
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]20 persistence:
21 enabled: true
22 # Standard OOM
23 pullPolicy: "Always"
Adam Wudzinski11eafc52020-10-28 11:45:20 +0100[diff] [blame]24 repository: "nexus3.onap.org:10001"
25 offlineDeploymentBuild: false
Sylvain Desbureaux0de302a2020-06-05 15:19:22 +0200[diff] [blame]26
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]27
28# Service configuration
29service:
30 type: ClusterIP
31 ports:
32 - name: http
33 port: 8443
34 port_protocol: http
35
Adam Wudzinski11eafc52020-10-28 11:45:20 +0100[diff] [blame]36# Certificates generation configuration
Jan Malkiewicz741fb0b2020-11-18 11:31:06 +0100[diff] [blame]37certificateGenerationImage: onap/integration-java11:7.2.0
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]38
39# Deployment configuration
Adam Wudzinski11eafc52020-10-28 11:45:20 +0100[diff] [blame]40repository: "nexus3.onap.org:10001"
Joanna Jeremicz5b03f952021-01-27 13:15:16 +0100[diff] [blame]41image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]42pullPolicy: Always
43replicaCount: 1
44
45liveness:
46 initialDelaySeconds: 60
47 periodSeconds: 10
48 command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
49readiness:
50 initialDelaySeconds: 30
51 periodSeconds: 10
52 command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
53
54flavor: small
55resources:
56 small:
57 limits:
58 cpu: 0.5
59 memory: 1Gi
60 requests:
61 cpu: 0.2
62 memory: 512Mi
63 large:
64 limits:
65 cpu: 1
66 memory: 2Gi
67 requests:
68 cpu: 0.4
69 memory: 1Gi
70 unlimited: {}
71
72
73# Application configuration
74cmpServers:
75 secret:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]76 name: oom-cert-service-secret
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]77 volume:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]78 name: oom-cert-service-volume
79 mountPath: /etc/onap/oom/certservice
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]80
81tls:
82 server:
83 secret:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]84 name: oom-cert-service-server-tls-secret
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]85 volume:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]86 name: oom-cert-service-server-tls-volume
87 mountPath: /etc/onap/oom/certservice/certs/
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]88 client:
89 secret:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]90 defaultName: oom-cert-service-client-tls-secret
Jan Malkiewicz741fb0b2020-11-18 11:31:06 +0100[diff] [blame]91 provider:
92 secret:
93 name: cmpv2-issuer-secret
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]94
95envs:
96 keystore:
97 jksName: certServiceServer-keystore.jks
98 p12Name: certServiceServer-keystore.p12
Jan Malkiewicz741fb0b2020-11-18 11:31:06 +0100[diff] [blame]99 pemName: certServiceServer-keystore.pem
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]100 truststore:
101 jksName: truststore.jks
102 crtName: root.crt
Jan Malkiewicz741fb0b2020-11-18 11:31:06 +0100[diff] [blame]103 pemName: truststore.pem
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]104 httpsPort: 8443
105
106# External secrets with credentials can be provided to override default credentials defined below,
107# by uncommenting and filling appropriate *ExternalSecret value
108credentials:
109 tls:
110 keystorePassword: secret
111 truststorePassword: secret
112 #keystorePasswordExternalSecret:
113 #truststorePasswordExternalSecret:
114 # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
115 cmp:
egernug27578332020-03-26 10:27:55 +0000[diff] [blame]116 # Used only if cmpv2 testing is enabled
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]117 clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]118 #clientRvExternalSecret:
Maciej Malewski955e39d2020-08-27 10:43:09 +0200[diff] [blame]119 raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
EmmettCoxbca68e02020-02-27 14:20:52 +0000[diff] [blame]120 #raRvExternalSecret:
121 client: {}
122 # iak: mypassword
123 # rv: unused
124 ra: {}
125 # iak: mypassword
126 # rv: unused
127
128secrets:
129 - uid: keystore-password
130 name: '{{ include "common.release" . }}-keystore-password'
131 type: password
132 externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
133 password: '{{ .Values.credentials.tls.keystorePassword }}'
134 passwordPolicy: required
135 - uid: truststore-password
136 name: '{{ include "common.release" . }}-truststore-password'
137 type: password
138 externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
139 password: '{{ .Values.credentials.tls.truststorePassword }}'
140 passwordPolicy: required
141 # Below values are relevant only if global addTestingComponents flag is enabled
142 - uid: ejbca-server-client-iak
143 type: password
144 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
145 password: '{{ .Values.credentials.cmp.client.iak }}'
146 - uid: cmp-config-client-rv
147 type: password
148 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
149 password: '{{ .Values.credentials.cmp.client.rv }}'
150 - uid: ejbca-server-ra-iak
151 type: password
152 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
153 password: '{{ .Values.credentials.cmp.ra.iak }}'
154 - uid: cmp-config-ra-rv
155 type: password
156 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
157 password: '{{ .Values.credentials.cmp.ra.rv }}'