aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/contrib/components/ejbca/values.yaml
blob: b777a7d388c1da03789396c3abc0d3f748073550 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Copyright © 2020, Nordix Foundation, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
global:
  mariadbGalera: &mariadbGalera
    #This flag allows EJBCA to instantiate its own mariadb-galera cluster
    localCluster: false
    service: mariadb-galera
    internalPort: 3306
    nameOverride: mariadb-galera

secrets:
  - uid: ejbca-db-secret
    name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
    type: basicAuth
    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
    login: '{{ .Values.config.db.userName }}'
    password: '{{ .Values.config.db.userPassword }}'
  - uid: ejbca-server-ra-iak
    name: '{{ include "common.release" . }}-ejbca-ra-iak'
    type: password
    password: '{{ .Values.config.ejbca.raIak }}'
  - uid: ejbca-server-client-iak
    name: '{{ include "common.release" . }}-ejbca-client-iak'
    type: password
    password: '{{ .Values.config.ejbca.clientIak }}'

# application configuration
config:
  db:
    userName: ejbca
    # userPassword: password
    # userCredentialsExternalSecret: some-secret
  ejbca: {}
    # raIak: mypassword
    # clientIak: mypassword

mysqlDatabase: &dbName ejbca

#################################################################
# Application configuration defaults.
#################################################################
# application configuration
replicaCount: 1

ejbca:
  image: primekey/ejbca-ce:7.4.3.2
pullPolicy: Always

mariadb-galera:
  db:
    externalSecret: *ejbca-db-secret
    name: *dbName
  nameOverride: &ejbca-galera ejbca-galera
  service:
    name: ejbca-galera
    portName: ejbca-galera
    internalPort: 3306
  replicaCount: 1
  persistence:
    enabled: true
    mountSubPath: ejbca/maria/data
  serviceAccount:
    nameOverride: *ejbca-galera

mariadb-init:
  config:
    userCredentialsExternalSecret: *ejbca-db-secret
    mysqlDatabase: *dbName
  nameOverride: ejbca-config

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  path: /ejbca/publicweb/healthcheck/ejbcahealth
  port: 8443
  initialDelaySeconds: 180
  periodSeconds: 30

readiness:
  path: /ejbca/publicweb/healthcheck/ejbcahealth
  port: 8443
  initialDelaySeconds: 180
  periodSeconds: 30

service:
  type: ClusterIP
  both_tls_and_plain: true
  ports:
    - name: api
      port: 8443
      plain_port: 8080
      port_protocol: http

# Resource Limit flavor -By Default using small
flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
  small:
    limits:
      cpu: 1500m
      memory: 1536Mi
    requests:
      cpu: 10m
      memory: 750Mi
  large:
    limits:
      cpu: 2
      memory: 2Gi
    requests:
      cpu: 20m
      memory: 1Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: ejbca
  roles:
    - read