---
# The below section can be used to override additional values defined under each of the dependent charts
cms:
image:
name: cms # Certificate Management Service image name
(**REQUIRED**)
aas:
image:
name: aas # Authentication & Authorization Service image name
(**REQUIRED**)
secret:
dbUsername: # DB Username for AAS DB
dbPassword: # DB Password for AAS DB
aas-manager:
image:
name: aas-manager # Authentication & Authorization Manager image name
(**REQUIRED**)
aas:
url: # Authservice Base Url, Do not include "/" at the end. e.g for ingress https://aas.isecl.com/aas/v1 , for nodeport https://isecl.com:30444/aas/v1
hostAliasEnabled: false # Set this to true for using host aliases and also add entries accordingly in ip, hostname entries. hostalias is required when ingress is deployed and pods are not able to resolve the domain names
secret:
superAdminUsername:
superAdminPassword:
globalAdminUsername:
globalAdminPassword:
aliases:
hostAliases:
- ip: ""
hostnames:
- ""
- ""
hvs:
image:
name: hvs # Host Verification Service image name
(**REQUIRED**)
config:
requireEKCertForHostProvision: false # If set to true enforce ta hardening
(Allowed values: `true`\`false`)
verifyQuoteForHostRegistration: false # If set to true enforce ta hardening
(Allowed values: `true`\`false`)
secret:
dbUsername: # DB Username for HVS DB
dbPassword: # DB Password for HVS DB
nats:
clientPort: 30222
nats-init:
image:
name: # The image name of nats-init container
global:
controlPlaneHostname: # K8s control plane IP/Hostname
(**REQUIRED**)
image:
pullPolicy: Always # The pull policy for pulling from container registry
(Allowed values: `Always`/`IfNotPresent`)
imagePullSecret: # The image pull secret for authenticating with image registry, can be left empty if image registry does not require authentication
initName: # The image name of init container
config:
dbhostSSLPodRange: 10.1.0.0/8 # PostgreSQL DB Host Address(IP address/subnet-mask). IP range varies for different k8s network plugins(Ex: Flannel - 10.1.0.0/8 (default), Calico - 192.168.0.0/16).
nats:
enabled: true # Enable/Disable NATS mode
(Allowed values: `true`\`false`)
servers: "nats://:" # NATS Server IP/Hostname
(**REQUIRED IF ENABLED**) e.g nats://192.1.2.4:30222
storage:
nfs:
server: # The NFS Server IP/Hostname
(**REQUIRED**)
path: /mnt/nfs_share # The path for storing persistent data on NFS
service:
cms: 30445 # The service port for Certificate Management Service
aas: 30444 # The service port for Authentication Authorization Service
hvs: 30443 # The service port for SGX Host Verification Service
ingress:
enable: false # Accept true or false to notify ingress rules are enable or disabled, Default value: false
aas:
secret:
adminUsername: # Admin Username for AAS
adminPassword: # Admin Password for AAS
hvs:
secret:
serviceUsername: # Admin Username for HVS
servicePassword: # Admin Password for HVS
proxyEnabled: false # Set to true when running deploying behind corporate proxy
httpProxy: # Set http_proxy url
httpsProxy: # Set https_proxy url
allProxy: # Set all_proxy url
noProxy: # Set no_proxy