--- # The below section can be used to override additional values defined under each of the dependent charts cms: image: name: # Certificate Management Service image name
(**REQUIRED**) aas: image: name: # Authentication & Authorization Service image name
(**REQUIRED**) secret: dbUsername: # DB Username for AAS DB dbPassword: # DB Password for AAS DB aas-manager: image: name: # Authentication & Authorization Manager image name
(**REQUIRED**) secret: superAdminUsername: superAdminPassword: globalAdminUsername: globalAdminPassword: hvs: image: name: # Host Verification Service image name
(**REQUIRED**) config: requireEKCertForHostProvision: false # If set to true enforce ta hardening
(Allowed values: `true`\`false`) verifyQuoteForHostRegistration: false # If set to true enforce ta hardening
(Allowed values: `true`\`false`) secret: dbUsername: # DB Username for HVS DB dbPassword: # DB Password for HVS DB trustagent: image: name: # Trust Agent image name
(**REQUIRED**) nodeLabel: txt: "" # The node label for TXT-ENABLED hosts
(**REQUIRED IF NODE IS TXT ENABLED**) suefi: "" # The node label for SUEFI-ENABLED hosts (**REQUIRED IF NODE IS SUEFI ENABLED**) config: tpmOwnerSecret: # The TPM owner secret if TPM is already owned hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names aliases: hostAliases: - ip: "" hostnames: - "" - "" - nats: clientPort: 30222 nats-init: image: name: # The image name of nats-init container global: controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**) image: pullPolicy: Always # The pull policy for pulling from container registry (Allowed values: `Always`/`IfNotPresent`) imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication initName: # The image name of init container config: dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16). nats: enabled: false # Enable/Disable NATS mode
(Allowed values: `true`\`false`) servers: # NATS Server IP/Hostname
(**REQUIRED IF ENABLED**) serviceMode: # The model for TA
(Allowed values: `outbound`)
(**REQUIRED IF ENABLED**) hvsUrl: # Hvs Base Url, Do not include "/" at the end. e.g for ingress https://hvs.isecl.com/hvs/v2 , for nodeport https://:30443/hvs/v2 cmsUrl: # CMS Base Url, Do not include "/" at the end. e.g for ingress https://cms.isecl.com/cms/v2 , for nodeport https://:30445/cms/v1 aasUrl: # Authservice Base Url, Do not include "/" at the end. e.g for ingress https://aas.isecl.com/aas/v1 , for nodeport https://:30444/aas/v1 storage: nfs: server: # The NFS Server IP/Hostname
(**REQUIRED**) path: /mnt/nfs_share # The path for storing persistent data on NFS service: cms: 30445 # The service port for Certificate Management Service aas: 30444 # The service port for Authentication Authorization Service hvs: 30443 # The service port for Host Verification Service ta: 31443 # The service port for Trust Agent ingress: enable: false # Accept true or false to notify ingress rules are enable or disabled aas: secret: adminUsername: # Admin Username for AAS adminPassword: # Admin Password for AAS hvs: secret: serviceUsername: # Admin Username for HVS servicePassword: # Admin Password for HVS