mirror of
https://github.com/bitnami/charts.git
synced 2026-03-12 06:47:32 +08:00
630bb00113
* Rebased from master * add ingress support * Remove path from ingress * Rebased from master * add ingress support * Remove path from ingress * Update Chart.yaml * Update ingress.yaml * Update values.yaml Co-authored-by: rafael <rafael@bitnami.com>
389 lines
10 KiB
YAML
389 lines
10 KiB
YAML
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
|
|
##
|
|
# global:
|
|
# imageRegistry: myRegistryName
|
|
# imagePullSecrets:
|
|
# - myRegistryKeySecretName
|
|
# storageClass: myStorageClass
|
|
|
|
## Bitnami EJBCA image version
|
|
## ref: https://hub.docker.com/r/bitnami/ejbca/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/ejbca
|
|
tag: 6.15.2-6-debian-10-r30
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
|
|
## String to partially override ebjca.fullname template (will maintain the release name)
|
|
##
|
|
# nameOverride:
|
|
|
|
## String to fully override ebjca.fullname template
|
|
##
|
|
# fullnameOverride:
|
|
|
|
## Number of EJBCA replicas to deploy.
|
|
##
|
|
replicaCount: 1
|
|
|
|
## Admin of the application
|
|
## ref: https://github.com/bitnami/bitnami-docker-ejbca#environment-variables
|
|
##
|
|
ejbcaAdminUsername: bitnami
|
|
|
|
## Password for the administrator account
|
|
## If the password is not specified, a random one will be generated
|
|
##
|
|
# ejbcaAdminPassword:
|
|
|
|
## Alternatively, you can provide the name of an existing secret containing
|
|
## a key named "ejbca-admin-password"
|
|
## NOTE: This will override the password defined at ejbcaAdminPassword
|
|
##
|
|
# existingSecret:
|
|
|
|
## Options used to launch the WildFly server
|
|
## E.g. ejbcaJavaOpts: "-Xms2048m -Xmx2048m"
|
|
# ejbcaJavaOpts:
|
|
|
|
## Details regarding the CA that EJBCA will instantiate
|
|
##
|
|
ejbcaCA:
|
|
## The name of the CA
|
|
##
|
|
name: "ManagementCA"
|
|
|
|
## The base DomainName of the CA
|
|
##
|
|
## e.g. baseDN: "O=Example CA,C=SE,UID=c-5ca04c9328c8208704310f7c2ed16414"
|
|
##
|
|
baseDN:
|
|
|
|
## Name of an existing Secret containing a Keystore object
|
|
## to be imported by EBJCA.
|
|
##
|
|
## It should contain at the following two keys:
|
|
##
|
|
## "keystore.jks" --> The actual keystore object
|
|
## "keystore-password" --> Password used to encrypt keystore.jks
|
|
##
|
|
## ejbcaKeystoreExistingSecret:
|
|
##
|
|
|
|
## Additional container environment variables
|
|
## extraEnv:
|
|
## - name:
|
|
## value:
|
|
##
|
|
extraEnv: []
|
|
|
|
## Custom command to override image cmd
|
|
##
|
|
# command: []
|
|
|
|
## Custom args for the custom commad:
|
|
# args: []
|
|
|
|
## Additional volume mounts
|
|
## Example: Mount CA file
|
|
## extraVolumeMounts
|
|
## - name: ca-cert
|
|
## subPath: ca_cert
|
|
## mountPath: /path/to/ca_cert
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Additional volumes
|
|
## Example: Add secret volume
|
|
## extraVolumes:
|
|
## - name: ca-cert
|
|
## secret:
|
|
## secretName: ca-cert
|
|
## items:
|
|
## - key: ca-cert
|
|
## path: ca_cert
|
|
##
|
|
extraVolumes: []
|
|
|
|
## EJBCA containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 300m
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Additional pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Add labels to all the deployed resources
|
|
##
|
|
commonLabels: {}
|
|
|
|
## Add annotations to all the deployed resources
|
|
##
|
|
commonAnnotations: {}
|
|
|
|
## K8s Security Context for EJBCA pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
|
|
## K8s Security Context for EJBCA container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## EJBCA pod extra options for liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 500
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 500
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Custom liveness and readiness probes (evaluated as a template)
|
|
##
|
|
customLivenessProbe: {}
|
|
customReadinessProbe: {}
|
|
|
|
## EJBCA Container ports to open
|
|
##
|
|
containerPorts:
|
|
http: 8080
|
|
https: 8443
|
|
|
|
## Kubernetes configuration
|
|
## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
|
|
##
|
|
service:
|
|
type: LoadBalancer
|
|
## HTTP Port
|
|
##
|
|
port: 8080
|
|
## HTTPS Port
|
|
##
|
|
# httpsPort: 8443
|
|
httpsPort: 8443
|
|
## HTTPS Advertised port
|
|
##
|
|
advertisedHttpsPort: 443
|
|
|
|
## HTTPS Target Port
|
|
## defaults to https unless overridden to the specified port.
|
|
## if you want the target port to be "http" or "80" you can specify that here.
|
|
##
|
|
httpsTargetPort: https
|
|
## Node Ports to expose
|
|
## nodePorts:
|
|
## http: <to set explicitly, choose port between 30000-32767>
|
|
## https: <to set explicitly, choose port between 30000-32767>
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
https: ""
|
|
## Enable client source IP preservation
|
|
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
annotations: {}
|
|
## Limits which cidr blocks can connect to service's load balancer
|
|
## Only valid if service.type: LoadBalancer
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## Extra ports to expose (normally used with the `sidecar` value)
|
|
# extraPorts:
|
|
|
|
## Configure the ingress resource that allows you to access the
|
|
## WordPress installation. Set up the URL
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: ejbca.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## Enable persistence using Persistent Volume Claims
|
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## EJBCA data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
##
|
|
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
|
## the existingClaim variable
|
|
# existingClaim: your-claim
|
|
accessMode: ReadWriteOnce
|
|
size: 2Gi
|
|
|
|
##
|
|
## MariaDB chart configuration
|
|
##
|
|
## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml
|
|
##
|
|
mariadb:
|
|
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
|
|
##
|
|
enabled: true
|
|
## Disable MariaDB replication
|
|
##
|
|
replication:
|
|
enabled: false
|
|
|
|
## Create a database and a database user
|
|
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
|
|
##
|
|
db:
|
|
name: bitnami_ejbca
|
|
user: bn_ejbca
|
|
## If the password is not specified, mariadb will generates a random password
|
|
##
|
|
# password:
|
|
|
|
## MariaDB admin password
|
|
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
|
|
##
|
|
# rootUser:
|
|
# password:
|
|
|
|
## Use existing secret (ignores root, db and replication passwords)
|
|
##
|
|
# existingSecret:
|
|
|
|
## Enable persistence using Persistent Volume Claims
|
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
master:
|
|
persistence:
|
|
enabled: true
|
|
## mariadb data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
##
|
|
## External Database Configuration
|
|
##
|
|
## All of these values are only used when mariadb.enabled is set to false
|
|
##
|
|
externalDatabase:
|
|
## Database host
|
|
##
|
|
host: localhost
|
|
## non-root Username for EJBCA Database
|
|
##
|
|
user: bn_ejbca
|
|
## Database password
|
|
##
|
|
password: ""
|
|
## Name of an existing secret resource containing the DB password in a 'mariadb-password' key
|
|
##
|
|
existingSecret: ""
|
|
## Database name
|
|
##
|
|
database: bitnami_ejbca
|
|
|
|
## Database port number
|
|
##
|
|
port: 3306
|
|
|
|
## Add sidecars to the pod.
|
|
## Example:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: {}
|
|
|
|
## Add init containers to the pod.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## Example:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
##
|
|
initContainers: {}
|