kubernetes/aaf/components/aaf-cert-service/values.yaml

   1 # Copyright © 2020, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation, Orange
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 # Global
  17 global:
  18   envsubstImage: dibi/envsubst
  19   nodePortPrefix: 302
  20   # Readiness image
  21   readinessRepository: oomk8s
  22   readinessImage: readiness-check:2.0.2
  23   # Ubuntu Init image
  24   ubuntuInitRepository: registry.hub.docker.com
  25   ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
  26   # Logging image
  27   loggingRepository: docker.elastic.co
  28   loggingImage: beats/filebeat:5.5.0
  29   # BusyBox image
  30   busyboxRepository: registry.hub.docker.com
  31   busyboxImage: library/busybox:1.31
  32   persistence:
  33     enabled: true
  34   # Standard OOM
  35   pullPolicy: "Always"
  36   repository: "nexus3.onap.org:10001"
  37
  38
  39 # Service configuration
  40 service:
  41   type: ClusterIP
  42   ports:
  43     - name: http
  44       port: 8443
  45       port_protocol: http
  46
  47
  48 # Deployment configuration
  49 repository: nexus3.onap.org:10001
  50 image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
  51 pullPolicy: Always
  52 replicaCount: 1
  53
  54 liveness:
  55   initialDelaySeconds: 60
  56   periodSeconds: 10
  57   command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  58 readiness:
  59   initialDelaySeconds: 30
  60   periodSeconds: 10
  61   command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  62
  63 flavor: small
  64 resources:
  65   small:
  66     limits:
  67       cpu: 0.5
  68       memory: 1Gi
  69     requests:
  70       cpu: 0.2
  71       memory: 512Mi
  72   large:
  73     limits:
  74       cpu: 1
  75       memory: 2Gi
  76     requests:
  77       cpu: 0.4
  78       memory: 1Gi
  79   unlimited: {}
  80
  81
  82 # Application configuration
  83 cmpServers:
  84   secret:
  85     name: aaf-cert-service-secret
  86   volume:
  87     name: aaf-cert-service-volume
  88     mountPath: /etc/onap/aaf/certservice
  89
  90 tls:
  91   server:
  92     secret:
  93       name: aaf-cert-service-server-tls-secret
  94     volume:
  95       name: aaf-cert-service-server-tls-volume
  96       mountPath: /etc/onap/aaf/certservice/certs/
  97   client:
  98     secret:
  99       defaultName: aaf-cert-service-client-tls-secret
 100
 101 envs:
 102   keystore:
 103     jksName: certServiceServer-keystore.jks
 104     p12Name: certServiceServer-keystore.p12
 105   truststore:
 106     jksName: truststore.jks
 107     crtName: root.crt
 108   httpsPort: 8443
 109
 110 # External secrets with credentials can be provided to override default credentials defined below,
 111 # by uncommenting and filling appropriate *ExternalSecret value
 112 credentials:
 113   tls:
 114     keystorePassword: secret
 115     truststorePassword: secret
 116     #keystorePasswordExternalSecret:
 117     #truststorePasswordExternalSecret:
 118   # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
 119   cmp:
 120     #clientIakExternalSecret:
 121     #clientRvExternalSecret:
 122     #raIakExternalSecret:
 123     #raRvExternalSecret:
 124     client: {}
 125       # iak: mypassword
 126       # rv: unused
 127     ra: {}
 128       # iak: mypassword
 129       # rv: unused
 130
 131 secrets:
 132   - uid: keystore-password
 133     name: '{{ include "common.release" . }}-keystore-password'
 134     type: password
 135     externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
 136     password: '{{ .Values.credentials.tls.keystorePassword }}'
 137     passwordPolicy: required
 138   - uid: truststore-password
 139     name: '{{ include "common.release" . }}-truststore-password'
 140     type: password
 141     externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
 142     password: '{{ .Values.credentials.tls.truststorePassword }}'
 143     passwordPolicy: required
 144   # Below values are relevant only if global addTestingComponents flag is enabled
 145   - uid: ejbca-server-client-iak
 146     type: password
 147     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
 148     password: '{{ .Values.credentials.cmp.client.iak }}'
 149   - uid: cmp-config-client-rv
 150     type: password
 151     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
 152     password: '{{ .Values.credentials.cmp.client.rv }}'
 153   - uid: ejbca-server-ra-iak
 154     type: password
 155     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
 156     password: '{{ .Values.credentials.cmp.ra.iak }}'
 157   - uid: cmp-config-ra-rv
 158     type: password
 159     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
 160     password: '{{ .Values.credentials.cmp.ra.rv }}'