kubernetes/platform/components/oom-cert-service/values.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

@media only all and (prefers-color-scheme: dark) {
.highlight .hll { background-color: #49483e }
.highlight .c { color: #75715e } /* Comment */
.highlight .err { color: #960050; background-color: #1e0010 } /* Error */
.highlight .k { color: #66d9ef } /* Keyword */
.highlight .l { color: #ae81ff } /* Literal */
.highlight .n { color: #f8f8f2 } /* Name */
.highlight .o { color: #f92672 } /* Operator */
.highlight .p { color: #f8f8f2 } /* Punctuation */
.highlight .ch { color: #75715e } /* Comment.Hashbang */
.highlight .cm { color: #75715e } /* Comment.Multiline */
.highlight .cp { color: #75715e } /* Comment.Preproc */
.highlight .cpf { color: #75715e } /* Comment.PreprocFile */
.highlight .c1 { color: #75715e } /* Comment.Single */
.highlight .cs { color: #75715e } /* Comment.Special */
.highlight .gd { color: #f92672 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gi { color: #a6e22e } /* Generic.Inserted */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #75715e } /* Generic.Subheading */
.highlight .kc { color: #66d9ef } /* Keyword.Constant */
.highlight .kd { color: #66d9ef } /* Keyword.Declaration */
.highlight .kn { color: #f92672 } /* Keyword.Namespace */
.highlight .kp { color: #66d9ef } /* Keyword.Pseudo */
.highlight .kr { color: #66d9ef } /* Keyword.Reserved */
.highlight .kt { color: #66d9ef } /* Keyword.Type */
.highlight .ld { color: #e6db74 } /* Literal.Date */
.highlight .m { color: #ae81ff } /* Literal.Number */
.highlight .s { color: #e6db74 } /* Literal.String */
.highlight .na { color: #a6e22e } /* Name.Attribute */
.highlight .nb { color: #f8f8f2 } /* Name.Builtin */
.highlight .nc { color: #a6e22e } /* Name.Class */
.highlight .no { color: #66d9ef } /* Name.Constant */
.highlight .nd { color: #a6e22e } /* Name.Decorator */
.highlight .ni { color: #f8f8f2 } /* Name.Entity */
.highlight .ne { color: #a6e22e } /* Name.Exception */
.highlight .nf { color: #a6e22e } /* Name.Function */
.highlight .nl { color: #f8f8f2 } /* Name.Label */
.highlight .nn { color: #f8f8f2 } /* Name.Namespace */
.highlight .nx { color: #a6e22e } /* Name.Other */
.highlight .py { color: #f8f8f2 } /* Name.Property */
.highlight .nt { color: #f92672 } /* Name.Tag */
.highlight .nv { color: #f8f8f2 } /* Name.Variable */
.highlight .ow { color: #f92672 } /* Operator.Word */
.highlight .w { color: #f8f8f2 } /* Text.Whitespace */
.highlight .mb { color: #ae81ff } /* Literal.Number.Bin */
.highlight .mf { color: #ae81ff } /* Literal.Number.Float */
.highlight .mh { color: #ae81ff } /* Literal.Number.Hex */
.highlight .mi { color: #ae81ff } /* Literal.Number.Integer */
.highlight .mo { color: #ae81ff } /* Literal.Number.Oct */
.highlight .sa { color: #e6db74 } /* Literal.String.Affix */
.highlight .sb { color: #e6db74 } /* Literal.String.Backtick */
.highlight .sc { color: #e6db74 } /* Literal.String.Char */
.highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */
.highlight .sd { color: #e6db74 } /* Literal.String.Doc */
.highlight .s2 { color: #e6db74 } /* Literal.String.Double */
.highlight .se { color: #ae81ff } /* Literal.String.Escape */
.highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */
.highlight .si { color: #e6db74 } /* Literal.String.Interpol */
.highlight .sx { color: #e6db74 } /* Literal.String.Other */
.highlight .sr { color: #e6db74 } /* Literal.String.Regex */
.highlight .s1 { color: #e6db74 } /* Literal.String.Single */
.highlight .ss { color: #e6db74 } /* Literal.String.Symbol */
.highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #a6e22e } /* Name.Function.Magic */
.highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */
.highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */
.highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */
.highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */
.highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */
}
@media (prefers-color-scheme: light) {
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comme# Copyright © 2020, Nokia
# Modifications Copyright  © 2020, Nordix Foundation, Orange
# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Global
global:
  envsubstImage: dibi/envsubst
  nodePortPrefix: 302
  # Readiness image
  readinessImage: onap/oom/readiness:3.0.1
  # Ubuntu Init image
  ubuntuInitRepository: docker.io
  ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
  # Logging image
  loggingRepository: docker.elastic.co
  loggingImage: beats/filebeat:5.5.0
  # BusyBox image
  busyboxRepository: docker.io
  busyboxImage: library/busybox:1.31
  persistence:
    enabled: true
  # Standard OOM
  pullPolicy: "Always"
  repository: "nexus3.onap.org:10001"


# Service configuration
service:
  type: ClusterIP
  ports:
    - name: http
      port: 8443
      port_protocol: http


# Deployment configuration
repository: nexus3.onap.org:10001
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1

liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
readiness:
  initialDelaySeconds: 30
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD

flavor: small
resources:
  small:
    limits:
      cpu: 0.5
      memory: 1Gi
    requests:
      cpu: 0.2
      memory: 512Mi
  large:
    limits:
      cpu: 1
      memory: 2Gi
    requests:
      cpu: 0.4
      memory: 1Gi
  unlimited: {}


# Application configuration
cmpServers:
  secret:
    name: oom-cert-service-secret
  volume:
    name: oom-cert-service-volume
    mountPath: /etc/onap/oom/certservice

tls:
  server:
    secret:
      name: oom-cert-service-server-tls-secret
    volume:
      name: oom-cert-service-server-tls-volume
      mountPath: /etc/onap/oom/certservice/certs/
  client:
    secret:
      defaultName: oom-cert-service-client-tls-secret

envs:
  keystore:
    jksName: certServiceServer-keystore.jks
    p12Name: certServiceServer-keystore.p12
  truststore:
    jksName: truststore.jks
    crtName: root.crt
  httpsPort: 8443

# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
  tls:
    keystorePassword: secret
    truststorePassword: secret
    #keystorePasswordExternalSecret:
    #truststorePasswordExternalSecret:
  # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
  cmp:
    # Used only if cmpv2 testing is enabled
    clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
    #clientRvExternalSecret:
    raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
    #raRvExternalSecret:
    client: {}
      # iak: mypassword
      # rv: unused
    ra: {}
      # iak: mypassword
      # rv: unused

secrets:
  - uid: keystore-password
    name: '{{ include "common.release" . }}-keystore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.keystorePassword }}'
    passwordPolicy: required
  - uid: truststore-password
    name: '{{ include "common.release" . }}-truststore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.truststorePassword }}'
    passwordPolicy: required
  # Below values are relevant only if global addTestingComponents flag is enabled
  - uid: ejbca-server-client-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.iak }}'
  - uid: cmp-config-client-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.rv }}'
  - uid: ejbca-server-ra-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.iak }}'
  - uid: cmp-config-ra-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.rv }}'