summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/charts/aaf-cert-service/values.yaml
blob: c2bbecd81ac34d6ceea38f5b5792d484a3083e52 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Copyright © 2020, Nokia
# Modifications Copyright  © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Global
global:
  envsubstImage: dibi/envsubst

# Service configuration
service:
  type: ClusterIP
  ports:
    - name: http
      port: 8443
      port_protocol: http


# Deployment configuration
repository: nexus3.onap.org:10001
image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
pullPolicy: Always
replicaCount: 1

liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
readiness:
  initialDelaySeconds: 30
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD

flavor: small
resources:
  small:
    limits:
      cpu: 0.5
      memory: 1Gi
    requests:
      cpu: 0.2
      memory: 512Mi
  large:
    limits:
      cpu: 1
      memory: 2Gi
    requests:
      cpu: 0.4
      memory: 1Gi
  unlimited: {}


# Application configuration
cmpServers:
  secret:
    name: aaf-cert-service-secret
  volume:
    name: aaf-cert-service-volume
    mountPath: /etc/onap/aaf/certservice

tls:
  server:
    secret:
      name: aaf-cert-service-server-tls-secret
    volume:
      name: aaf-cert-service-server-tls-volume
      mountPath: /etc/onap/aaf/certservice/certs/
  client:
    secret:
      defaultName: aaf-cert-service-client-tls-secret

envs:
  keystore:
    jksName: certServiceServer-keystore.jks
    p12Name: certServiceServer-keystore.p12
  truststore:
    jksName: truststore.jks
    crtName: root.crt
  httpsPort: 8443

# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
  tls:
    keystorePassword: secret
    truststorePassword: secret
    #keystorePasswordExternalSecret:
    #truststorePasswordExternalSecret:
  # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
  cmp:
    #clientIakExternalSecret:
    #clientRvExternalSecret:
    #raIakExternalSecret:
    #raRvExternalSecret:
    client: {}
      # iak: mypassword
      # rv: unused
    ra: {}
      # iak: mypassword
      # rv: unused

secrets:
  - uid: keystore-password
    name: '{{ include "common.release" . }}-keystore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.keystorePassword }}'
    passwordPolicy: required
  - uid: truststore-password
    name: '{{ include "common.release" . }}-truststore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.truststorePassword }}'
    passwordPolicy: required
  # Below values are relevant only if global addTestingComponents flag is enabled
  - uid: ejbca-server-client-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.iak }}'
  - uid: cmp-config-client-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.rv }}'
  - uid: ejbca-server-ra-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.iak }}'
  - uid: cmp-config-ra-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.rv }}'