kubernetes/platform/components/oom-cert-service/values.yaml

   1 # Copyright © 2020, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation, Orange
   3 # Modifications Copyright © 2020 Nokia
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #       http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16
  17 # Global
  18 global:
  19   envsubstImage: dibi/envsubst
  20   nodePortPrefix: 302
  21   # Readiness image
  22   readinessImage: onap/oom/readiness:3.0.1
  23   # Ubuntu Init image
  24   ubuntuInitRepository: registry.hub.docker.com
  25   ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
  26   # Logging image
  27   loggingRepository: docker.elastic.co
  28   loggingImage: beats/filebeat:5.5.0
  29   # BusyBox image
  30   busyboxRepository: registry.hub.docker.com
  31   busyboxImage: library/busybox:1.31
  32   persistence:
  33     enabled: true
  34   # Standard OOM
  35   pullPolicy: "Always"
  36   repository: "nexus3.onap.org:10001"
  37   offlineDeploymentBuild: false
  38
  39
  40 # Service configuration
  41 service:
  42   type: ClusterIP
  43   ports:
  44     - name: http
  45       port: 8443
  46       port_protocol: http
  47
  48 # Certificates generation configuration
  49 certificateGenerationImage: onap/integration-java11:7.1.0
  50
  51 # Deployment configuration
  52 repository: nexus3.onap.org:10001
  53 image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
  54 pullPolicy: Always
  55 replicaCount: 1
  56
  57 liveness:
  58   initialDelaySeconds: 60
  59   periodSeconds: 10
  60   command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  61 readiness:
  62   initialDelaySeconds: 30
  63   periodSeconds: 10
  64   command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  65
  66 flavor: small
  67 resources:
  68   small:
  69     limits:
  70       cpu: 0.5
  71       memory: 1Gi
  72     requests:
  73       cpu: 0.2
  74       memory: 512Mi
  75   large:
  76     limits:
  77       cpu: 1
  78       memory: 2Gi
  79     requests:
  80       cpu: 0.4
  81       memory: 1Gi
  82   unlimited: {}
  83
  84
  85 # Application configuration
  86 cmpServers:
  87   secret:
  88     name: oom-cert-service-secret
  89   volume:
  90     name: oom-cert-service-volume
  91     mountPath: /etc/onap/oom/certservice
  92
  93 tls:
  94   server:
  95     secret:
  96       name: oom-cert-service-server-tls-secret
  97     volume:
  98       name: oom-cert-service-server-tls-volume
  99       mountPath: /etc/onap/oom/certservice/certs/
 100   client:
 101     secret:
 102       defaultName: oom-cert-service-client-tls-secret
 103
 104 envs:
 105   keystore:
 106     jksName: certServiceServer-keystore.jks
 107     p12Name: certServiceServer-keystore.p12
 108   truststore:
 109     jksName: truststore.jks
 110     crtName: root.crt
 111   httpsPort: 8443
 112
 113 # External secrets with credentials can be provided to override default credentials defined below,
 114 # by uncommenting and filling appropriate *ExternalSecret value
 115 credentials:
 116   tls:
 117     keystorePassword: secret
 118     truststorePassword: secret
 119     #keystorePasswordExternalSecret:
 120     #truststorePasswordExternalSecret:
 121   # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
 122   cmp:
 123     # Used only if cmpv2 testing is enabled
 124     clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
 125     #clientRvExternalSecret:
 126     raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
 127     #raRvExternalSecret:
 128     client: {}
 129       # iak: mypassword
 130       # rv: unused
 131     ra: {}
 132       # iak: mypassword
 133       # rv: unused
 134
 135 secrets:
 136   - uid: keystore-password
 137     name: '{{ include "common.release" . }}-keystore-password'
 138     type: password
 139     externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
 140     password: '{{ .Values.credentials.tls.keystorePassword }}'
 141     passwordPolicy: required
 142   - uid: truststore-password
 143     name: '{{ include "common.release" . }}-truststore-password'
 144     type: password
 145     externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
 146     password: '{{ .Values.credentials.tls.truststorePassword }}'
 147     passwordPolicy: required
 148   # Below values are relevant only if global addTestingComponents flag is enabled
 149   - uid: ejbca-server-client-iak
 150     type: password
 151     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
 152     password: '{{ .Values.credentials.cmp.client.iak }}'
 153   - uid: cmp-config-client-rv
 154     type: password
 155     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
 156     password: '{{ .Values.credentials.cmp.client.rv }}'
 157   - uid: ejbca-server-ra-iak
 158     type: password
 159     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
 160     password: '{{ .Values.credentials.cmp.ra.iak }}'
 161   - uid: cmp-config-ra-rv
 162     type: password
 163     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
 164     password: '{{ .Values.credentials.cmp.ra.rv }}'