kubernetes/aaf/components/aaf-cert-service/values.yaml

   1 # Copyright © 2020, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation, Orange
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 # Global
  17 global:
  18   envsubstImage: dibi/envsubst
  19   nodePortPrefix: 302
  20   # Readiness image
  21   readinessImage: onap/oom/readiness:3.0.1
  22   # Ubuntu Init image
  23   ubuntuInitRepository: registry.hub.docker.com
  24   ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
  25   # Logging image
  26   loggingRepository: docker.elastic.co
  27   loggingImage: beats/filebeat:5.5.0
  28   # BusyBox image
  29   busyboxRepository: registry.hub.docker.com
  30   busyboxImage: library/busybox:1.31
  31   persistence:
  32     enabled: true
  33   # Standard OOM
  34   pullPolicy: "Always"
  35   repository: "nexus3.onap.org:10001"
  36
  37
  38 # Service configuration
  39 service:
  40   type: ClusterIP
  41   ports:
  42     - name: http
  43       port: 8443
  44       port_protocol: http
  45
  46
  47 # Deployment configuration
  48 repository: nexus3.onap.org:10001
  49 image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
  50 pullPolicy: Always
  51 replicaCount: 1
  52
  53 liveness:
  54   initialDelaySeconds: 60
  55   periodSeconds: 10
  56   command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  57 readiness:
  58   initialDelaySeconds: 30
  59   periodSeconds: 10
  60   command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  61
  62 flavor: small
  63 resources:
  64   small:
  65     limits:
  66       cpu: 0.5
  67       memory: 1Gi
  68     requests:
  69       cpu: 0.2
  70       memory: 512Mi
  71   large:
  72     limits:
  73       cpu: 1
  74       memory: 2Gi
  75     requests:
  76       cpu: 0.4
  77       memory: 1Gi
  78   unlimited: {}
  79
  80
  81 # Application configuration
  82 cmpServers:
  83   secret:
  84     name: aaf-cert-service-secret
  85   volume:
  86     name: aaf-cert-service-volume
  87     mountPath: /etc/onap/aaf/certservice
  88
  89 tls:
  90   server:
  91     secret:
  92       name: aaf-cert-service-server-tls-secret
  93     volume:
  94       name: aaf-cert-service-server-tls-volume
  95       mountPath: /etc/onap/aaf/certservice/certs/
  96   client:
  97     secret:
  98       defaultName: aaf-cert-service-client-tls-secret
  99
 100 envs:
 101   keystore:
 102     jksName: certServiceServer-keystore.jks
 103     p12Name: certServiceServer-keystore.p12
 104   truststore:
 105     jksName: truststore.jks
 106     crtName: root.crt
 107   httpsPort: 8443
 108
 109 # External secrets with credentials can be provided to override default credentials defined below,
 110 # by uncommenting and filling appropriate *ExternalSecret value
 111 credentials:
 112   tls:
 113     keystorePassword: secret
 114     truststorePassword: secret
 115     #keystorePasswordExternalSecret:
 116     #truststorePasswordExternalSecret:
 117   # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
 118   cmp:
 119     #clientIakExternalSecret:
 120     #clientRvExternalSecret:
 121     #raIakExternalSecret:
 122     #raRvExternalSecret:
 123     client: {}
 124       # iak: mypassword
 125       # rv: unused
 126     ra: {}
 127       # iak: mypassword
 128       # rv: unused
 129
 130 secrets:
 131   - uid: keystore-password
 132     name: '{{ include "common.release" . }}-keystore-password'
 133     type: password
 134     externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
 135     password: '{{ .Values.credentials.tls.keystorePassword }}'
 136     passwordPolicy: required
 137   - uid: truststore-password
 138     name: '{{ include "common.release" . }}-truststore-password'
 139     type: password
 140     externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
 141     password: '{{ .Values.credentials.tls.truststorePassword }}'
 142     passwordPolicy: required
 143   # Below values are relevant only if global addTestingComponents flag is enabled
 144   - uid: ejbca-server-client-iak
 145     type: password
 146     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
 147     password: '{{ .Values.credentials.cmp.client.iak }}'
 148   - uid: cmp-config-client-rv
 149     type: password
 150     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
 151     password: '{{ .Values.credentials.cmp.client.rv }}'
 152   - uid: ejbca-server-ra-iak
 153     type: password
 154     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
 155     password: '{{ .Values.credentials.cmp.ra.iak }}'
 156   - uid: cmp-config-ra-rv
 157     type: password
 158     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
 159     password: '{{ .Values.credentials.cmp.ra.rv }}'