kubernetes/platform/components/oom-cert-service/values.yaml

   1 # Copyright © 2020-2021, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation, Orange
   3 # Modifications Copyright © 2020 Nokia
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #       http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16
  17 # Global
  18 global:
  19   nodePortPrefix: 302
  20   persistence:
  21     enabled: true
  22   # Standard OOM
  23   pullPolicy: "Always"
  24   repository: "nexus3.onap.org:10001"
  25
  26
  27 # Service configuration
  28 service:
  29   type: ClusterIP
  30   ports:
  31     - name: http
  32       port: 8443
  33       port_protocol: http
  34
  35 # Deployment configuration
  36 repository: "nexus3.onap.org:10001"
  37 image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0
  38 pullPolicy: Always
  39 replicaCount: 1
  40
  41 liveness:
  42   initialDelaySeconds: 60
  43   periodSeconds: 10
  44   command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  45 readiness:
  46   initialDelaySeconds: 30
  47   periodSeconds: 10
  48   command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
  49
  50 flavor: small
  51 resources:
  52   small:
  53     limits:
  54       cpu: 0.5
  55       memory: 1Gi
  56     requests:
  57       cpu: 0.2
  58       memory: 512Mi
  59   large:
  60     limits:
  61       cpu: 1
  62       memory: 2Gi
  63     requests:
  64       cpu: 0.4
  65       memory: 1Gi
  66   unlimited: {}
  67
  68
  69 # Application configuration
  70 cmpServers:
  71   secret:
  72     name: oom-cert-service-secret
  73   volume:
  74     name: oom-cert-service-volume
  75     mountPath: /etc/onap/oom/certservice
  76
  77 tls:
  78   issuer:
  79     selfsigning:
  80       name: &selfSigningIssuer cmpv2-selfsigning-issuer
  81     ca:
  82       name: &caIssuer cmpv2-issuer-onap
  83       secret:
  84         name: &caKeyPairSecret  cmpv2-ca-key-pair
  85   server:
  86     secret:
  87       name: &serverSecret oom-cert-service-server-tls-secret
  88     volume:
  89       name: oom-cert-service-server-tls-volume
  90       mountPath: /etc/onap/oom/certservice/certs/
  91   client:
  92     secret:
  93       defaultName: oom-cert-service-client-tls-secret
  94
  95 envs:
  96   keystore:
  97     jksName: keystore.jks
  98     p12Name: keystore.p12
  99     pemName: tls.crt
 100   truststore:
 101     jksName: truststore.jks
 102     crtName: ca.crt
 103     pemName: tls.crt
 104   httpsPort: 8443
 105
 106 # External secrets with credentials can be provided to override default credentials defined below,
 107 # by uncommenting and filling appropriate *ExternalSecret value
 108 credentials:
 109   tls:
 110     certificatesPassword: secret
 111     #certificatesPasswordExternalSecret:
 112   # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
 113   cmp:
 114     # Used only if cmpv2 testing is enabled
 115     clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
 116     #clientRvExternalSecret:
 117     raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
 118     #raRvExternalSecret:
 119     client: {}
 120       # iak: mypassword
 121       # rv: unused
 122     ra: {}
 123       # iak: mypassword
 124       # rv: unused
 125
 126 secrets:
 127   - uid: certificates-password
 128     name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
 129     type: password
 130     externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
 131     password: '{{ .Values.credentials.tls.certificatesPassword }}'
 132     passwordPolicy: required
 133   # Below values are relevant only if global addTestingComponents flag is enabled
 134   - uid: ejbca-server-client-iak
 135     type: password
 136     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
 137     password: '{{ .Values.credentials.cmp.client.iak }}'
 138   - uid: cmp-config-client-rv
 139     type: password
 140     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
 141     password: '{{ .Values.credentials.cmp.client.rv }}'
 142   - uid: ejbca-server-ra-iak
 143     type: password
 144     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
 145     password: '{{ .Values.credentials.cmp.ra.iak }}'
 146   - uid: cmp-config-ra-rv
 147     type: password
 148     externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
 149     password: '{{ .Values.credentials.cmp.ra.rv }}'
 150
 151 # Certificates definitions
 152 certificates:
 153   - name: selfsigned-cert
 154     secretName: *caKeyPairSecret
 155     isCA: true
 156     commonName: root.com
 157     subject:
 158       organization: Root Company
 159       country: PL
 160       locality: Wroclaw
 161       province: Dolny Slask
 162       organizationalUnit: Root Org
 163     issuer:
 164       name: *selfSigningIssuer
 165       kind: Issuer
 166   - name: cert-service-server-cert
 167     secretName: *serverSecret
 168     commonName: oom-cert-service
 169     dnsNames:
 170       - oom-cert-service
 171       - localhost
 172     subject:
 173       organization: certServiceServer org
 174       country: PL
 175       locality: Wroclaw
 176       province: Dolny Slask
 177       organizationalUnit: certServiceServer company
 178     usages:
 179       - server auth
 180       - client auth
 181     keystore:
 182       outputType:
 183         - jks
 184         - p12
 185       passwordSecretRef:
 186         name: *certificatesPasswordSecretName
 187         key: password
 188     issuer:
 189       name: *caIssuer
 190       kind: Issuer
 191   - name: cert-service-client-cert
 192     secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName | default .Values.tls.client.secret.defaultName }}'
 193     commonName: certServiceClient.com
 194     subject:
 195       organization: certServiceClient org
 196       country: PL
 197       locality: Wroclaw
 198       province: Dolny Slask
 199       organizationalUnit: certServiceClient company
 200     usages:
 201       - server auth
 202       - client auth
 203     keystore:
 204       outputType:
 205         - jks
 206       passwordSecretRef:
 207         name: *certificatesPasswordSecretName
 208         key: password
 209     issuer:
 210       name: *caIssuer
 211       kind: Issuer