[AAF] Add CMPv2 Cert Service

[oom.git] / kubernetes / onap / values.yaml

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 62949db..dcbfd6d 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -46,16 +46,25 @@ global:
   repositoryCred:
     user: docker
     password: docker
+  dockerHubRepository: docker.io
 
   # readiness check - temporary repo until images migrated to nexus3
   readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
+  readinessImage: readiness-check:2.2.1
+
+  # curl image
+  curlImage: curlimages/curl:7.69.1
+
   # logging agent - temporary repo until images migrated to nexus3
   loggingRepository: docker.elastic.co
 
   # image pull policy
   pullPolicy: Always
 
+  # default clusterName
+  # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+  clusterName: cluster.local
+
   # default mount path root directory referenced
   # by persistent volumes and log files
   persistence:
@@ -92,6 +101,27 @@ global:
 
   # Enabling CMPv2
   cmpv2Enabled: true
+  aaf:
+    certServiceClient:
+      image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0
+      secret:
+        name: aaf-cert-service-client-tls-secret
+        mountPath: /etc/onap/aaf/certservice/certs/
+      envVariables:
+        # Certificate related
+        cmpv2Organization: "Linux-Foundation"
+        cmpv2OrganizationalUnit: "ONAP"
+        cmpv2Location: "San-Francisco"
+        cmpv2State: "California"
+        cmpv2Country: "US"
+        # Client configuration related
+        caName: "RA"
+        requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+        requestTimeout: "20000"
+        keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+        keystorePassword: "secret"
+        truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+        truststorePassword: "secret"
 
   # TLS
   # Set to false if you want to disable TLS for NodePorts. Be aware that this
@@ -99,6 +129,11 @@ global:
   # if set this element will force or not tls even if serviceMesh.tls is set.
   # tlsEnabled: false
 
+  # Logging
+  # Currently, centralized logging is not in best shape so it's disabled by
+  # default
+  centralizedLoggingEnabled: &centralizedLogging false
+
 
 # Example of specific for the components where you want to disable TLS only for
 # it:
@@ -138,7 +173,7 @@ global:
 # to customize the ONAP deployment.
 #################################################################
 aaf:
-  enabled: true
+  enabled: false
 aai:
   enabled: false
 appc:
@@ -176,8 +211,11 @@ dmaap:
   enabled: false
 esr:
   enabled: false
+# Today, "logging" chart that perform the central part of logging must also be
+# enabled in order to make it work. So `logging.enabled` must have the same
+# value than centralizedLoggingEnabled
 log:
-  enabled: false
+  enabled: *centralizedLogging
 sniro-emulator:
   enabled: false
 oof: