diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-06-04 12:06:02 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-06-04 12:06:02 +0000 |
commit | 83ba0bb4bfe3978f0b0ba7c251ed28fc6686c20b (patch) | |
tree | 7fac7c8621a0c5138fb3a803cdeed76bdff92df5 /kubernetes/aaf/charts/aaf-cert-service/values.yaml | |
parent | 1884ba91333caea194da7aaac0af2afcc9b43a83 (diff) | |
parent | bca68e048a74ac3754e76ed738090402f7cbfd13 (diff) |
Merge "[AAF] Add CMPv2 Cert Service"
Diffstat (limited to 'kubernetes/aaf/charts/aaf-cert-service/values.yaml')
-rw-r--r-- | kubernetes/aaf/charts/aaf-cert-service/values.yaml | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/kubernetes/aaf/charts/aaf-cert-service/values.yaml b/kubernetes/aaf/charts/aaf-cert-service/values.yaml new file mode 100644 index 0000000000..c2bbecd81a --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cert-service/values.yaml @@ -0,0 +1,141 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + envsubstImage: dibi/envsubst + +# Service configuration +service: + type: ClusterIP + ports: + - name: http + port: 8443 + port_protocol: http + + +# Deployment configuration +repository: nexus3.onap.org:10001 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +pullPolicy: Always +replicaCount: 1 + +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD + +flavor: small +resources: + small: + limits: + cpu: 0.5 + memory: 1Gi + requests: + cpu: 0.2 + memory: 512Mi + large: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 0.4 + memory: 1Gi + unlimited: {} + + +# Application configuration +cmpServers: + secret: + name: aaf-cert-service-secret + volume: + name: aaf-cert-service-volume + mountPath: /etc/onap/aaf/certservice + +tls: + server: + secret: + name: aaf-cert-service-server-tls-secret + volume: + name: aaf-cert-service-server-tls-volume + mountPath: /etc/onap/aaf/certservice/certs/ + client: + secret: + defaultName: aaf-cert-service-client-tls-secret + +envs: + keystore: + jksName: certServiceServer-keystore.jks + p12Name: certServiceServer-keystore.p12 + truststore: + jksName: truststore.jks + crtName: root.crt + httpsPort: 8443 + +# External secrets with credentials can be provided to override default credentials defined below, +# by uncommenting and filling appropriate *ExternalSecret value +credentials: + tls: + keystorePassword: secret + truststorePassword: secret + #keystorePasswordExternalSecret: + #truststorePasswordExternalSecret: + # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled + cmp: + #clientIakExternalSecret: + #clientRvExternalSecret: + #raIakExternalSecret: + #raRvExternalSecret: + client: {} + # iak: mypassword + # rv: unused + ra: {} + # iak: mypassword + # rv: unused + +secrets: + - uid: keystore-password + name: '{{ include "common.release" . }}-keystore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.keystorePassword }}' + passwordPolicy: required + - uid: truststore-password + name: '{{ include "common.release" . }}-truststore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.truststorePassword }}' + passwordPolicy: required + # Below values are relevant only if global addTestingComponents flag is enabled + - uid: ejbca-server-client-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.iak }}' + - uid: cmp-config-client-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.rv }}' + - uid: ejbca-server-ra-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.iak }}' + - uid: cmp-config-ra-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.rv }}' |