summaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/oom-cert-service/values.yaml
blob: bd415c06b18b9ead9b7527d3db5e95697ab5dd28 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Copyright © 2020, Nokia
# Modifications Copyright  © 2020, Nordix Foundation, Orange
# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Global
global:
  nodePortPrefix: 302
  persistence:
    enabled: true
  # Standard OOM
  pullPolicy: "Always"
  repository: "nexus3.onap.org:10001"
  offlineDeploymentBuild: false


# Service configuration
service:
  type: ClusterIP
  ports:
    - name: http
      port: 8443
      port_protocol: http

# Certificates generation configuration
certificateGenerationImage: onap/integration-java11:7.2.0

# Deployment configuration
repository: "nexus3.onap.org:10001"
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
pullPolicy: Always
replicaCount: 1

liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
readiness:
  initialDelaySeconds: 30
  periodSeconds: 10
  command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD

flavor: small
resources:
  small:
    limits:
      cpu: 0.5
      memory: 1Gi
    requests:
      cpu: 0.2
      memory: 512Mi
  large:
    limits:
      cpu: 1
      memory: 2Gi
    requests:
      cpu: 0.4
      memory: 1Gi
  unlimited: {}


# Application configuration
cmpServers:
  secret:
    name: oom-cert-service-secret
  volume:
    name: oom-cert-service-volume
    mountPath: /etc/onap/oom/certservice

tls:
  server:
    secret:
      name: oom-cert-service-server-tls-secret
    volume:
      name: oom-cert-service-server-tls-volume
      mountPath: /etc/onap/oom/certservice/certs/
  client:
    secret:
      defaultName: oom-cert-service-client-tls-secret
  provider:
    secret:
      name: cmpv2-issuer-secret

envs:
  keystore:
    jksName: certServiceServer-keystore.jks
    p12Name: certServiceServer-keystore.p12
    pemName: certServiceServer-keystore.pem
  truststore:
    jksName: truststore.jks
    crtName: root.crt
    pemName: truststore.pem
  httpsPort: 8443

# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
  tls:
    keystorePassword: secret
    truststorePassword: secret
    #keystorePasswordExternalSecret:
    #truststorePasswordExternalSecret:
  # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
  cmp:
    # Used only if cmpv2 testing is enabled
    clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
    #clientRvExternalSecret:
    raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
    #raRvExternalSecret:
    client: {}
      # iak: mypassword
      # rv: unused
    ra: {}
      # iak: mypassword
      # rv: unused

secrets:
  - uid: keystore-password
    name: '{{ include "common.release" . }}-keystore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.keystorePassword }}'
    passwordPolicy: required
  - uid: truststore-password
    name: '{{ include "common.release" . }}-truststore-password'
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
    password: '{{ .Values.credentials.tls.truststorePassword }}'
    passwordPolicy: required
  # Below values are relevant only if global addTestingComponents flag is enabled
  - uid: ejbca-server-client-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.iak }}'
  - uid: cmp-config-client-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.client.rv }}'
  - uid: ejbca-server-ra-iak
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.iak }}'
  - uid: cmp-config-ra-rv
    type: password
    externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
    password: '{{ .Values.credentials.cmp.ra.rv }}'