# Default values for aas.
nameOverride: "" # The name for AAS chart
(Default: `.Chart.Name`)
controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**)
# Warning: Ensure that the naming is applied consistently for all dependent services when modifying nameOverride
# TODO: Services should be be able to be deployed in different namespaces
dependentServices: # The dependent Service Name for deploying Authentication and Authorization Service chart, default is the chart name and override is from nameOverride value.
cms: cms
config:
envVarPrefix: AAS
dbPort: 5432 # PostgreSQL DB port
dbSSL: on # PostgreSQL DB SSL
(Allowed: `on`/`off`)
#TODO: to remove the below values if hardcoding the path
dbSSLCert: /etc/postgresql/secrets/server.crt # PostgreSQL DB SSL Cert
dbSSLKey: /etc/postgresql/secrets/server.key # PostgreSQL DB SSL Key
dbSSLCiphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 # PostgreSQL DB SSL Ciphers
dbListenAddresses: "*" # PostgreSQL DB Listen Address
dbName: aasdb # AAS DB Name
dbSSLMode: verify-full # PostgreSQL DB SSL Mode
dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16).
createCredentials: true # Trigger to run create-credentials setup task when set to True. Default is False
secret:
dbUsername: # DB Username for AAS DB
dbPassword: # DB Password for AAS DB
adminUsername: # Admin Username for AAS
adminPassword: # Admin Password for AAS
image:
db:
registry: dockerhub.io # The image registry where PostgreSQL image is pulled from
name: postgres:11.7 # The image name of PostgreSQL
pullPolicy: Always # The pull policy for pulling from container registry for PostgreSQL image
(Allowed values: `Always`/`IfNotPresent`)
svc:
name: # The image name with which AAS image is pushed to registry
pullPolicy: Always # The pull policy for pulling from container registry for AAS
(Allowed values: `Always`/`IfNotPresent`)
imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication
initName: # The image name of init container
storage:
nfs:
server: # The NFS Server IP/Hostname
reclaimPolicy: Retain # The reclaim policy for NFS
(Allowed values: `Retain`/)
accessModes: ReadWriteMany # The access modes for NFS
(Allowed values: `ReadWriteMany`)
path: /mnt/nfs_share # The path for storing persistent data on NFS
dbSize: 1Gi # The DB size for storing DB data for AAS in NFS path
configSize: 10Mi # The configuration size for storing config for AAS in NFS path
logsSize: 1Gi # The logs size for storing logs for AAS in NFS path
baseSize: 2.1Gi # The base volume size (configSize + logSize + dbSize)
securityContext:
aasdbInit: # The fsGroup id for init containers for AAS DB
fsGroup: 1001
aasdb: # The security content for AAS DB Service Pod
runAsUser: 1001
runAsGroup: 1001
aasInit: # The fsGroup id for init containers for AAS
fsGroup: 1001
aas: # The security content for AAS Pod
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- all
allowPrivilegeEscalation: false
service:
directoryName: authservice
cms:
containerPort: 8445 # The containerPort on which CMS can listen
port: 30445 # The externally exposed NodePort on which CMS can listen to external traffic
aasdb:
containerPort: 5432 # The containerPort on which AAS DB can listen
aas:
containerPort: 8444 # The containerPort on which AAS can listen
port: 30444 # The externally exposed NodePort on which AAS can listen to external traffic
ingress:
enable: false # Accept true or false to notify ingress rules are enable or disabled