# Default values for hvs
nameOverride: "" # The name for HVS chart
(Default: `.Chart.Name`)
controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**)
# Warning: Ensure that the naming is applied consistently for all dependent services when modifying nameOverride
# TODO: Services should be be able to be deployed in different namespaces
dependentServices: # The dependent Service Name for deploying HVS chart, default is the chart name and override is from nameOverride value.
cms: cms
aas: aas
config:
envVarPrefix: HVS
dbPort: 5432 # PostgreSQL DB port
dbSSL: on # PostgreSQL DB SSL
(Allowed Values: `on`/`off`)
dbSSLCert: /etc/postgresql/secrets/server.crt # PostgreSQL DB SSL Cert
dbSSLKey: /etc/postgresql/secrets/server.key # PostgreSQL DB SSL Key
dbSSLCiphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 # PostgreSQL DB SSL Ciphers
dbListenAddresses: "*" # PostgreSQL DB Listen Address
dbName: hvsdb # HVS DB Name
dbSSLMode: verify-full # PostgreSQL DB SSL Mode
dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16).
requireEKCertForHostProvision: # If set to true, worker node EK certificate should be registered in HVS DB, for AIK provisioning step of TA. (Allowed values: `true`\`false`)
verifyQuoteForHostRegistration: # If set to true, when the worker node is being registered to HVS, quote verification will be done. Default value is false. (Allowed values: `true`\`false`)
nats:
enabled: false # Enable/Disable NATS mode
(Allowed values: `true`\`false`)
servers: "" # NATS Server IP/Hostname
serviceMode: "" # The model for TA
(Allowed values: `outbound`)
# The values provided for serviceUsername and servicePassword here should be same as that of provided for aas.hvs.secret.serviceUsername and aas.hvs.secret.servicePassword in values.yaml file for aas-manager chart
secret:
dbUsername: # DB Username for HVS DB
dbPassword: # DB Password for HVS DB
serviceUsername: # Admin Username for HVS
servicePassword: # Admin Password for HVS
image:
db:
registry: dockerhub.io # The image registry where PostgreSQL image is pulled from
name: postgres:11.7 # The image name of PostgreSQL
pullPolicy: Always # The pull policy for pulling from container registry for PostgreSQL image
svc:
name: # The image name with which HVS image is pushed to registry
(**REQUIRED**)
pullPolicy: Always # The pull policy for pulling from container registry for HVS
(Allowed values: `Always`/`IfNotPresent`)
imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication
storage:
nfs:
server: # The NFS Server IP/Hostname
(**REQUIRED**)
reclaimPolicy: Retain # The reclaim policy for NFS
(Allowed values: `Retain`/)
accessModes: ReadWriteMany # The access modes for NFS
(Allowed values: `ReadWriteMany`)
path: /mnt/nfs_share # The path for storing persistent data on NFS
dbSize: 5Gi # The DB size for storing DB data for HVS in NFS path
configSize: 10Mi # The configuration size for storing config for HVS in NFS path
logsSize: 1Gi # The logs size for storing logs for HVS in NFS path
baseSize: 6.1Gi # The base volume size (configSize + logSize + dbSize)
securityContext:
hvsdbInit: # The fsGroup id for init containers for HVS DB
fsGroup: 2000
hvsdb: # The security content for HVS DB Service Pod
runAsUser: 1001
runAsGroup: 1001
hvsInit: # The fsGroup id for init containers for HVS
fsGroup: 1001
hvs: # The security content for HVS Pod
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- all
allowPrivilegeEscalation: false
service:
directoryName: hvs
cms:
containerPort: 8445 # The containerPort on which CMS can listen
aas:
containerPort: 8444 # The containerPort on which AAS can listen
port: 30444 # The externally exposed NodePort on which AAS can listen to external traffic
hvsdb:
containerPort: 5432 # The containerPort on which HVS DB can listen
hvs:
containerPort: 8443 # The containerPort on which HVS can listen
port: 30443 # The externally exposed NodePort on which HVS can listen to external traffic
ingress:
enable: false # Accept true or false to notify ingress rules are enable or disabled