Blame - kubernetes/platform/components/oom-cert-service/values.yaml - onap/oom

blob: 829d3a01d1e21c3082c2d0f9859966a3cff1a583 [file] [log] [blame]

Joanna Jeremicz	5b03f95	2021-01-27 13:15:16 +0100	[diff] [blame]	1	# Copyright © 2020-2021, Nokia
Sylvain Desbureaux	0de302a	2020-06-05 15:19:22 +0200	[diff] [blame]	2	# Modifications Copyright © 2020, Nordix Foundation, Orange
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	3	# Modifications Copyright © 2020 Nokia
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	4	#
				5	# Licensed under the Apache License, Version 2.0 (the "License");
				6	# you may not use this file except in compliance with the License.
				7	# You may obtain a copy of the License at
				8	#
				9	# http://www.apache.org/licenses/LICENSE-2.0
				10	#
				11	# Unless required by applicable law or agreed to in writing, software
				12	# distributed under the License is distributed on an "AS IS" BASIS,
				13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	# See the License for the specific language governing permissions and
				15	# limitations under the License.
				16
				17	# Global
				18	global:
Sylvain Desbureaux	0de302a	2020-06-05 15:19:22 +0200	[diff] [blame]	19	nodePortPrefix: 302
Sylvain Desbureaux	0de302a	2020-06-05 15:19:22 +0200	[diff] [blame]	20	persistence:
				21	enabled: true
				22	# Standard OOM
				23	pullPolicy: "Always"
Adam Wudzinski	11eafc5	2020-10-28 11:45:20 +0100	[diff] [blame]	24	repository: "nexus3.onap.org:10001"
				25	offlineDeploymentBuild: false
Sylvain Desbureaux	0de302a	2020-06-05 15:19:22 +0200	[diff] [blame]	26
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	27
				28	# Service configuration
				29	service:
				30	type: ClusterIP
				31	ports:
				32	- name: http
				33	port: 8443
				34	port_protocol: http
				35
Adam Wudzinski	11eafc5	2020-10-28 11:45:20 +0100	[diff] [blame]	36	# Certificates generation configuration
Jan Malkiewicz	741fb0b	2020-11-18 11:31:06 +0100	[diff] [blame]	37	certificateGenerationImage: onap/integration-java11:7.2.0
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	38
				39	# Deployment configuration
Adam Wudzinski	11eafc5	2020-10-28 11:45:20 +0100	[diff] [blame]	40	repository: "nexus3.onap.org:10001"
Joanna Jeremicz	5b03f95	2021-01-27 13:15:16 +0100	[diff] [blame]	41	image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	42	pullPolicy: Always
				43	replicaCount: 1
				44
				45	liveness:
				46	initialDelaySeconds: 60
				47	periodSeconds: 10
				48	command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
				49	readiness:
				50	initialDelaySeconds: 30
				51	periodSeconds: 10
				52	command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
				53
				54	flavor: small
				55	resources:
				56	small:
				57	limits:
				58	cpu: 0.5
				59	memory: 1Gi
				60	requests:
				61	cpu: 0.2
				62	memory: 512Mi
				63	large:
				64	limits:
				65	cpu: 1
				66	memory: 2Gi
				67	requests:
				68	cpu: 0.4
				69	memory: 1Gi
				70	unlimited: {}
				71
				72
				73	# Application configuration
				74	cmpServers:
				75	secret:
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	76	name: oom-cert-service-secret
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	77	volume:
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	78	name: oom-cert-service-volume
				79	mountPath: /etc/onap/oom/certservice
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	80
				81	tls:
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	82	issuer:
				83	selfsigning:
				84	name: &selfSigningIssuer cmpv2-selfsigning-issuer
				85	ca:
				86	name: &caIssuer cmpv2-ca-issuer
				87	secret:
				88	name: &caKeyPairSecret cmpv2-ca-key-pair
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	89	server:
				90	secret:
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	91	name: &serverSecret oom-cert-service-server-tls-secret
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	92	volume:
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	93	name: oom-cert-service-server-tls-volume
				94	mountPath: /etc/onap/oom/certservice/certs/
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	95	client:
				96	secret:
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	97	defaultName: oom-cert-service-client-tls-secret
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	98
				99	envs:
				100	keystore:
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	101	jksName: keystore.jks
				102	p12Name: keystore.p12
				103	pemName: tls.crt
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	104	truststore:
				105	jksName: truststore.jks
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	106	crtName: ca.crt
				107	pemName: tls.crt
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	108	httpsPort: 8443
				109
				110	# External secrets with credentials can be provided to override default credentials defined below,
				111	# by uncommenting and filling appropriate *ExternalSecret value
				112	credentials:
				113	tls:
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	114	certificatesPassword: secret
				115	#certificatesPasswordExternalSecret:
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	116	# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
				117	cmp:
egernug	2757833	2020-03-26 10:27:55 +0000	[diff] [blame]	118	# Used only if cmpv2 testing is enabled
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	119	clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	120	#clientRvExternalSecret:
Maciej Malewski	955e39d	2020-08-27 10:43:09 +0200	[diff] [blame]	121	raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	122	#raRvExternalSecret:
				123	client: {}
				124	# iak: mypassword
				125	# rv: unused
				126	ra: {}
				127	# iak: mypassword
				128	# rv: unused
				129
				130	secrets:
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	131	- uid: certificates-password
				132	name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	133	type: password
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	134	externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
				135	password: '{{ .Values.credentials.tls.certificatesPassword }}'
EmmettCox	bca68e0	2020-02-27 14:20:52 +0000	[diff] [blame]	136	passwordPolicy: required
				137	# Below values are relevant only if global addTestingComponents flag is enabled
				138	- uid: ejbca-server-client-iak
				139	type: password
				140	externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
				141	password: '{{ .Values.credentials.cmp.client.iak }}'
				142	- uid: cmp-config-client-rv
				143	type: password
				144	externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
				145	password: '{{ .Values.credentials.cmp.client.rv }}'
				146	- uid: ejbca-server-ra-iak
				147	type: password
				148	externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
				149	password: '{{ .Values.credentials.cmp.ra.iak }}'
				150	- uid: cmp-config-ra-rv
				151	type: password
				152	externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
				153	password: '{{ .Values.credentials.cmp.ra.rv }}'
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	154
				155	# Certificates definitions
				156	certificates:
				157	- name: selfsigned-cert
				158	secretName: *caKeyPairSecret
				159	isCA: true
				160	commonName: root.com
				161	subject:
				162	organization: Root Company
				163	country: PL
				164	locality: Wroclaw
				165	province: Dolny Slask
				166	organizationalUnit: Root Org
				167	issuer:
				168	name: *selfSigningIssuer
				169	kind: Issuer
				170	- name: cert-service-server-cert
				171	secretName: *serverSecret
				172	commonName: oom-cert-service
				173	dnsNames:
				174	- oom-cert-service
				175	- localhost
				176	subject:
				177	organization: certServiceServer org
				178	country: PL
				179	locality: Wroclaw
				180	province: Dolny Slask
				181	organizationalUnit: certServiceServer company
				182	usages:
				183	- server auth
				184	- client auth
				185	keystore:
				186	outputType:
				187	- jks
				188	- p12
				189	passwordSecretRef:
				190	name: *certificatesPasswordSecretName
				191	key: password
				192	issuer:
				193	name: *caIssuer
				194	kind: Issuer
				195	- name: cert-service-client-cert
				196	secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName \| default .Values.tls.client.secret.defaultName }}'
				197	commonName: certServiceClient.com
				198	subject:
				199	organization: certServiceClient org
				200	country: PL
				201	locality: Wroclaw
				202	province: Dolny Slask
				203	organizationalUnit: certServiceClient company
				204	usages:
				205	- server auth
				206	- client auth
				207	keystore:
				208	outputType:
				209	- jks
				210	passwordSecretRef:
				211	name: *certificatesPasswordSecretName
				212	key: password
				213	issuer:
				214	name: *caIssuer
				215	kind: Issuer