scottk/openlan-cgw
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/openlan-cgw.git synced 2026-01-10 17:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
openlan-cgw/helm/values.yaml
miha-jancar-shastacloud 7a30170f58 Improvement on secret management
2025-02-06 16:05:34 +01:00

158 lines
3.7 KiB
YAML
Raw Permalink Blame History

replicaCount: 1
strategyType: Recreate
revisionHistoryLimit: 2
nameOverride: ""
fullnameOverride: ""
images:
cgw:
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/cgw
tag: test_scale_testing
pullPolicy: Always
# regcred:
# registry: tip-tip-wlan-cloud-ucentral.jfrog.io
# username: username
# password: password
services:
cgw:
type: ClusterIP
ports:
# this port doesn't actually exist in cgw ... yet
# It is needed however, as the ALB requires at least one ssl port
#restapi:
# servicePort: 16002
# targetPort: 16002
# protocol: TCP
#websocket:
# servicePort: 15002
# targetPort: 15002
# protocol: TCP
#metrics:
# servicePort: 15003
# targetPort: 8080
# protocol: TCP
#grpc:
# servicePort: 15051
# targetPort: 50051
# protocol: TCP
checks:
cgw:
liveness:
httpGet:
path: /health
port: 8080
readiness:
httpGet:
path: /health
port: 8080
ingresses: {}
volumes: {}
# cgw:
# - name: db-certificate
# mountPath: /etc/cgw/nb_infra/certs
# volumeDefinition: |
# secret:
# secretName: cgw-db-cert
# - name: cgw-certificates
# mountPath: /etc/cgw/certs
# volumeDefinition: |
# secret:
# secretName: cgw-certs
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# requests:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 100m
# memory: 128Mi
securityContext:
fsGroup: 1000
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
podSecurityPolicy:
enabled: false
persistence:
enabled: false
# storageClassName: "-"
accessModes:
- ReadWriteOnce
size: 10Gi
annotations: {}
# Application
public_env_variables:
CGW_ROOT: /cgw-data
CGW_WSS_CAS: "cas.pem"
CGW_WSS_CERT: "websocket-cert.pem"
CGW_WSS_KEY: "websocket-key.pem"
CGW_LOG_LEVEL: "info" # or debug
CGW_KAFKA_CONSUME_TOPIC: "CnC"
CGW_KAFKA_PRODUCE_TOPIC: "CnC_Res"
# set to (#cpus * 2) - 2
DEFAULT_WSS_THREAD_NUM: "6"
# CGW_DB_TLS: "yes"
# CGW_REDIS_TLS: "yes"
# CGW_KAFKA_TLS: "yes"
#Set secret_env_variables or existingEnvSecret variable
secret_env_variables:
# CGW_DB_PASSWORD: "cgw123"
# CGW_DB_HOST: "pgsql"
# CGW_DB_PORT: "5432"
# CGW_DB_NAME: "cgw"
# CGW_DB_USERNAME: "cgw"
# CGW_KAFKA_HOST: "kafka"
# CGW_KAFKA_PORT: "9092"
# CGW_REDIS_HOST: "redis"
# CGW_REDIS_PORT: "6379"
# CGW_DB_PASSWORD: "123"
existingEnvSecret:
# NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/cgwchart#tldr
#if CGW_DB_TLS is enabled set db_cert or existingDBCertsSecret variable
db_cert:
#db_cert: |
# -----BEGIN CERTIFICATE-----
# .......
# -----END CERTIFICATE-----
existingDBCertsSecret:
#Set cgw_certs or existingCgwCertsSecret variable
#cgw_certs:
# websocket-cert.pem: |
# -----BEGIN CERTIFICATE-----
# .......
# -----END CERTIFICATE-----
# websocket-key.pem: |
# -----BEGIN PRIVATE KEY-----
# .......
# -----END PRIVATE KEY-----
# cas.pem: |
# -----BEGIN CERTIFICATE-----
# .......
# -----END CERTIFICATE-----
existingCgwCertsSecret:
Reference in New Issue View Git Blame Copy Permalink