1 # Copyright © 2020-2021, Nokia
2 # Modifications Copyright © 2020, Nordix Foundation, Orange
3 # Modifications Copyright © 2020 Nokia
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
24 repository: "nexus3.onap.org:10001"
27 # All http requests via ingress will be redirected
30 # you can set an own Secret containing a certificate
32 # secret: 'my-ingress-cert'
33 # optional: Namespace of the Istio IngressGateway
34 namespace: &ingressNamespace istio-ingress
37 # Service configuration
45 # Deployment configuration
46 repository: "nexus3.onap.org:10001"
47 image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.6.0
52 initialDelaySeconds: 60
54 command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
56 initialDelaySeconds: 30
58 command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
79 # Application configuration
82 name: oom-cert-service-secret
84 name: oom-cert-service-volume
85 mountPath: /etc/onap/oom/certservice
90 name: &selfSigningIssuer cmpv2-selfsigning-issuer
92 name: &caIssuer cmpv2-issuer-onap
94 name: &caKeyPairSecret cmpv2-ca-key-pair
96 name: ingress-selfsigned-issuer
97 namespace: *ingressNamespace
99 name: ingress-ca-issuer
100 namespace: *ingressNamespace
102 name: ingress-ca-key-pair
105 name: &serverSecret oom-cert-service-server-tls-secret
107 name: oom-cert-service-server-tls-volume
108 mountPath: /etc/onap/oom/certservice/certs/
111 defaultName: oom-cert-service-client-tls-secret
115 jksName: keystore.jks
116 p12Name: keystore.p12
119 jksName: truststore.jks
124 # External secrets with credentials can be provided to override default credentials defined below,
125 # by uncommenting and filling appropriate *ExternalSecret value
128 certificatesPassword: secret
129 #certificatesPasswordExternalSecret:
130 # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
132 # Used only if cmpv2 testing is enabled
133 clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
134 #clientRvExternalSecret:
135 raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
145 - uid: certificates-password
146 name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
148 externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
149 password: '{{ .Values.credentials.tls.certificatesPassword }}'
150 passwordPolicy: required
151 # Below values are relevant only if global addTestingComponents flag is enabled
152 - uid: ejbca-server-client-iak
154 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
155 password: '{{ .Values.credentials.cmp.client.iak }}'
156 - uid: cmp-config-client-rv
158 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
159 password: '{{ .Values.credentials.cmp.client.rv }}'
160 - uid: ejbca-server-ra-iak
162 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
163 password: '{{ .Values.credentials.cmp.ra.iak }}'
164 - uid: cmp-config-ra-rv
166 externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
167 password: '{{ .Values.credentials.cmp.ra.rv }}'
169 # Certificates definitions
171 - name: selfsigned-cert
172 secretName: *caKeyPairSecret
176 organization: Root Company
179 province: Dolny Slask
180 organizationalUnit: Root Org
182 name: *selfSigningIssuer
184 - name: cert-service-server-cert
185 secretName: *serverSecret
186 commonName: oom-cert-service
191 organization: certServiceServer org
194 province: Dolny Slask
195 organizationalUnit: certServiceServer company
204 name: *certificatesPasswordSecretName
209 - name: cert-service-client-cert
210 secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName | default .Values.tls.client.secret.defaultName }}'
211 commonName: certServiceClient.com
213 organization: certServiceClient org
216 province: Dolny Slask
217 organizationalUnit: certServiceClient company
225 name: *certificatesPasswordSecretName