#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: cli-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "cli"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.cli"
+ fqi: "cli@cli.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** transform AAF certs into pem files"
+ mkdir -p {{ .Values.credsPath }}/certs
+ keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+ -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+ -alias ca_local_0 \
+ -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** generating needed file"
+ cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+ {{ .Values.credsPath }}/certs/cert.pem \
+ {{ .Values.credsPath }}/certs/cacert.pem \
+ > {{ .Values.credsPath }}/certs/fullchain.pem;
+ cat {{ .Values.credsPath }}/certs/fullchain.pem
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 33 {{ .Values.credsPath }}
+
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/cli:2.0.2
+image: onap/cli:6.0.1
pullPolicy: Always
flavor: small
service:
type: NodePort
name: cli
- externalPort: 8080
- externalPort1: 9090
- internalPort: "80"
- internalPort1: 8080
+ externalPort: 443
+ externalPort1: 9443
+ internalPort: "443"
+ internalPort1: 9443
nodePort: "60"
nodePort1: "71"
ingress:
enabled: false
+ service:
+ - baseaddr: "cli.api"
+ name: "cli"
+ port: 443
+ - baseaddr: "cli2.api"
+ name: cli
+ port: 9443
+ config:
+ ssl: "redirect"
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
cpu: 1
memory: 2Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 10m
+ memory: 500Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cli
+ roles:
+ - read