1 # Copyright © 2020, Nokia
2 # Modifications Copyright © 2020, Nordix Foundation, Orange
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
18 envsubstImage: dibi/envsubst
21 readinessImage: onap/oom/readiness:3.0.1
23 ubuntuInitRepository: registry.hub.docker.com
24 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
26 loggingRepository: docker.elastic.co
27 loggingImage: beats/filebeat:5.5.0
29 busyboxRepository: registry.hub.docker.com
30 busyboxImage: library/busybox:1.31
35 repository: "nexus3.onap.org:10001"
38 # Service configuration
47 # Deployment configuration
48 repository: nexus3.onap.org:10001
49 image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
54 initialDelaySeconds: 60
56 command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
58 initialDelaySeconds: 30
60 command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
81 # Application configuration
84 name: aaf-cert-service-secret
86 name: aaf-cert-service-volume
87 mountPath: /etc/onap/aaf/certservice
92 name: aaf-cert-service-server-tls-secret
94 name: aaf-cert-service-server-tls-volume
95 mountPath: /etc/onap/aaf/certservice/certs/
98 defaultName: aaf-cert-service-client-tls-secret
102 jksName: certServiceServer-keystore.jks
103 p12Name: certServiceServer-keystore.p12
105 jksName: truststore.jks
109 # External secrets with credentials can be provided to override default credentials defined below,
110 # by uncommenting and filling appropriate *ExternalSecret value
113 keystorePassword: secret
114 truststorePassword: secret
115 #keystorePasswordExternalSecret:
116 #truststorePasswordExternalSecret:
117 # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
119 #clientIakExternalSecret:
120 #clientRvExternalSecret:
121 #raIakExternalSecret:
131 - uid: keystore-password
132 name: '{{ include "common.release" . }}-keystore-password'
134 externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
135 password: '{{ .Values.credentials.tls.keystorePassword }}'
136 passwordPolicy: required
137 - uid: truststore-password
138 name: '{{ include "common.release" . }}-truststore-password'
140 externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
141 password: '{{ .Values.credentials.tls.truststorePassword }}'
142 passwordPolicy: required
143 # Below values are relevant only if global addTestingComponents flag is enabled
144 - uid: ejbca-server-client-iak
146 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
147 password: '{{ .Values.credentials.cmp.client.iak }}'
148 - uid: cmp-config-client-rv
150 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
151 password: '{{ .Values.credentials.cmp.client.rv }}'
152 - uid: ejbca-server-ra-iak
154 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
155 password: '{{ .Values.credentials.cmp.ra.iak }}'
156 - uid: cmp-config-ra-rv
158 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
159 password: '{{ .Values.credentials.cmp.ra.rv }}'