# Default values for TA.
nameOverride: "" # The name for TA chart
(Default: `.Chart.Name`)
controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**)
nodeLabel:
txt: "" # The node label for TXT-ENABLED hosts
(**REQUIRED IF NODE IS TXT ENABLED**)
suefi: "" # The node label for SUEFI-ENABLED hosts (**REQUIRED IF NODE IS SUEFI ENABLED**)
# Warning: Ensure that the naming is applied consistently for all dependent services when modifying nameOverride
# TODO: Services should be be able to be deployed in different namespaces
dependentServices: # The dependent Service Name for deploying TA chart, default is the chart name and override is from nameOverride value.
cms: cms
aas: aas
hvs: hvs
nats: nats
image:
svc:
name: # The image name with which TA image is pushed to registry
(**REQUIRED**)
pullPolicy: Always # The pull policy for pulling from container registry for TA
(Allowed values: `Always`/`IfNotPresent`)
imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication
initName: # The image name of init container
config:
logLevel: info # Log Level for Trust agent
(Allowed values: `info`/`warn`/`debug`/`trace`)
provisionAttestation: "y" # TPM provisioning
(Allowed values: `y`\`n`)
tpmOwnerSecret: # The TPM owner secret if TPM is already owned
nats:
enabled: false # Enable/Disable NATS mode
(Allowed values: `true`\`false`)
servers: # NATS Server IP/Hostname
serviceMode: # The model for TA
(Allowed values: `outbound`)
hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names
aliases:
hostAliases:
- ip: ""
hostnames:
- ""
- ""
service:
directoryName: trustagent
cms:
containerPort: 8445 # The containerPort on which CMS can listen
aas:
containerPort: 8444 # The containerPort on which AAS can listen
hvs:
containerPort: 8443 # The containerPort on which HVS can listen
port: 30443
ta:
containerPort: 1443 # The containerPort on which TA can listen
port: 31443 # The externally exposed NodePort on which TA can listen to external traffic