-
Notifications
You must be signed in to change notification settings - Fork 4
/
values.yaml
381 lines (353 loc) · 13.4 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
# Default values for activation-service.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## -- option to override the name config in the _helpers.tpl for the whole chart
nameOverride: ""
## -- option to override the fullname config in the _helpers.tpl for the whole chart
fullnameOverride: ""
# -- if a specific service account should be used, it can be configured here
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
# -- specifies if the account should be created
create: false
## deployment specific configuration
deployment:
# -- initial number of target replications, can be different if autoscaling is enabled
replicaCount: 1
# -- number of old replicas to be retained
revisionHistoryLimit: 3
## configuration of the update strategy
updateStrategy:
# -- type of the update
type: RollingUpdate
# -- new pods will be added gradually
rollingUpdate:
# -- number of pods that can be created above the desired amount while updating
maxSurge: 1
# -- number of pods that can be unavailable while updating
maxUnavailable: 0
## configuration of the image to be used
image:
# -- image name
# temporary retagged image, since walt is currently reworking there versioning approach
repository: quay.io/fiware/waltid
# -- tag of the image to be used
tag: 1.14.1-SNAPSHOT
# -- specification of the image pull policy
pullPolicy: IfNotPresent
# -- additional labels for the deployment, if required
additionalLabels: {}
# -- additional annotations for the deployment, if required
additionalAnnotations: {}
## Activation Service resource requests and limits, we leave the default empty to make that a concious choice by the user.
## for the autoscaling to make sense, you should configure this.
# resources:
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- selector template
# ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# -- tolerations template
# ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# -- affinity template
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## configuration of persistence for walt-id
persistence:
# -- should persistence be enabled
enabled: true
# -- specific config for the pvc
pvc:
# -- size to initiate it with
size: 1Gi
## configuration for the k8s service to access the vcwaltid
service:
# -- service type
type: ClusterIP
# -- additional annotations, if required
annotations: {}
# -- configuration specific to the apis to run. Be aware: ports are configurable in the chart, but not in the app yet. So dont change the defaults.
api:
# -- config for the core api
core:
enabled: true
port: 7000
## openshift specific route definition. Will not work on plain k8s
route:
## -- should the deployment create openshift routes
enabled: false
# -- annotations to be added to the route
annotations: {}
# -- host to be used
# host: localhost
# -- tls configuration for the route
tls:
termination: edge
# -- configuration for certificate generation.
# -- see: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/doc/ROUTES.md
certificate: { }
# issuer:
# kind: ClusterIssuer
# name: letsencrypt-aws-prod
## ingress configuration
ingress:
# -- should there be an ingress to connect the activation service with the public internet
enabled: false
# -- annotations to be added to the ingress
annotations: {}
# kubernetes.io/ingress.class: "ambassador"
## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl.
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/ssl-redirect: "true"
# -- all hosts to be provided
hosts: []
## provide a hosts and the paths that should be available
# - host: localhost
# paths:
# - /
# -- configure the ingress' tls
tls: []
# - secretName: bae-as-tls
# hosts:
# - vcbackend.fiware.org
# -- config for the auditor api
auditor:
enabled: true
port: 7002
## openshift specific route definition. Will not work on plain k8s
route:
## -- should the deployment create openshift routes
enabled: false
# -- annotations to be added to the route
annotations: {}
# -- host to be used
# host: localhost
# -- tls configuration for the route
tls:
termination: edge
# -- configuration for certificate generation.
# -- see: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/doc/ROUTES.md
certificate: { }
# issuer:
# kind: ClusterIssuer
# name: letsencrypt-aws-prod
## ingress configuration
ingress:
# -- should there be an ingress to connect the activation service with the public internet
enabled: false
# -- annotations to be added to the ingress
annotations: {}
# kubernetes.io/ingress.class: "ambassador"
## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl.
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/ssl-redirect: "true"
# -- all hosts to be provided
hosts: []
## provide a hosts and the paths that should be available
# - host: localhost
# paths:
# - /
# -- configure the ingress' tls
tls: []
# - secretName: bae-as-tls
# hosts:
# - vcbackend.fiware.org
# -- config for the signatory api
signatory:
enabled: true
port: 7001
## openshift specific route definition. Will not work on plain k8s
route:
## -- should the deployment create openshift routes
enabled: false
# -- annotations to be added to the route
annotations: {}
# -- host to be used
# host: localhost
# -- tls configuration for the route
tls:
termination: edge
# -- configuration for certificate generation.
# -- see: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/doc/ROUTES.md
certificate: { }
# issuer:
# kind: ClusterIssuer
# name: letsencrypt-aws-prod
## ingress configuration
ingress:
# -- should there be an ingress to connect the activation service with the public internet
enabled: false
# -- annotations to be added to the ingress
annotations: {}
# kubernetes.io/ingress.class: "ambassador"
## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl.
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/ssl-redirect: "true"
# -- all hosts to be provided
hosts: []
## provide a hosts and the paths that should be available
# - host: localhost
# paths:
# - /
# -- configure the ingress' tls
tls: []
# - secretName: bae-as-tls
# hosts:
# - vcbackend.fiware.org
# -- config for the custodian api
custodian:
enabled: true
port: 7003
## openshift specific route definition. Will not work on plain k8s
route:
## -- should the deployment create openshift routes
enabled: false
# -- annotations to be added to the route
annotations: {}
# -- host to be used
# host: localhost
# -- tls configuration for the route
tls:
termination: edge
# -- configuration for certificate generation.
# -- see: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/doc/ROUTES.md
certificate: { }
# issuer:
# kind: ClusterIssuer
# name: letsencrypt-aws-prod
## ingress configuration
ingress:
# -- should there be an ingress to connect the activation service with the public internet
enabled: false
# -- annotations to be added to the ingress
annotations: {}
# kubernetes.io/ingress.class: "ambassador"
## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl.
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/ssl-redirect: "true"
# -- all hosts to be provided
hosts: []
## provide a hosts and the paths that should be available
# - host: localhost
# paths:
# - /
# -- configure the ingress' tls
tls: []
# - secretName: bae-as-tls
# hosts:
# - vcbackend.fiware.org
# -- config for the essif api
essif:
enabled: true
port: 7010
## openshift specific route definition. Will not work on plain k8s
route:
## -- should the deployment create openshift routes
enabled: false
# -- annotations to be added to the route
annotations: {}
# -- host to be used
# host: localhost
# -- tls configuration for the route
tls:
termination: edge
# -- configuration for certificate generation.
# -- see: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/doc/ROUTES.md
certificate: { }
# issuer:
# kind: ClusterIssuer
# name: letsencrypt-aws-prod
## ingress configuration
ingress:
# -- should there be an ingress to connect the activation service with the public internet
enabled: false
# -- annotations to be added to the ingress
annotations: {}
# kubernetes.io/ingress.class: "ambassador"
## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl.
# kubernetes.io/tls-acme: "true"
# ingress.kubernetes.io/ssl-redirect: "true"
# -- all hosts to be provided
hosts: []
## provide a hosts and the paths that should be available
# - host: localhost
# paths:
# - /
# -- configure the ingress' tls
tls: []
# - secretName: bae-as-tls
# hosts:
# - vcbackend.fiware.org
# -- config to be used by walt
config:
# -- database configuaration, see hikari docu for options
datasource:
jdbcUrl: jdbc:sqlite:data/walt.db
maximumPoolSize: 5
autoCommit: false
dataSource:
journalMode: WAL
fullColumnNames: false
# -- all additional config to be used by waltid
additionalConfig:
# -- service configurations
serviceConf:
signatory.conf: |
proofConfig {
issuerDid="To-be-decided"
issuerVerificationMethod="todo"
proofType="LD_PROOF"
domain="TEST"
nonce="todo"
}
templatesFolder: "/vc-templates-runtime"
# -- service matrix config, see waltID documentation for more details
# -- in order to change the config of a service, set the config path to the mounted file
serviceMatrix:
id.walt.services.ecosystems.essif.didebsi.DidEbsiService=id.walt.services.ecosystems.essif.didebsi.WaltIdDidEbsiService
id.walt.services.ecosystems.essif.jsonrpc.JsonRpcService=id.walt.services.ecosystems.essif.jsonrpc.WaltIdJsonRpcService
id.walt.services.vc.JsonLdCredentialService=id.walt.services.vc.WaltIdJsonLdCredentialService
id.walt.services.vc.JwtCredentialService=id.walt.services.vc.WaltIdJwtCredentialService
id.walt.services.crypto.CryptoService=id.walt.services.crypto.SunCryptoService
id.walt.services.keystore.KeyStoreService=id.walt.services.keystore.SqlKeyStoreService
id.walt.services.key.KeyService=id.walt.services.key.WaltIdKeyService
id.walt.services.jwt.JwtService=id.walt.services.jwt.WaltIdJwtService
id.walt.services.vcstore.VcStoreService=id.walt.services.vcstore.FileSystemVcStoreService
id.walt.services.hkvstore.HKVStoreService=id.walt.services.hkvstore.FileSystemHKVStore:config/fsStore.conf
id.walt.services.context.ContextManager=id.walt.services.context.WaltIdContextManager
id.walt.signatory.Signatory=id.walt.signatory.WaltIdSignatory:/config/signatory.conf
id.walt.custodian.Custodian=id.walt.custodian.WaltIdCustodian
id.walt.auditor.Auditor=id.walt.auditor.WaltIdAuditor
id.walt.services.ecosystems.gaiax.GaiaxService=id.walt.services.ecosystems.gaiax.WaltIdGaiaxService
# -- VC templates to be used by waltId
templates:
PacketDeliveryService.json: |
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"credentialSchema": {
"id": "https://raw.githubusercontent.com/hesusruiz/dsbamvf/main/schemas/PacketDeliveryService/2022-10/schema.json",
"type": "FullJsonSchemaValidator2021"
},
"credentialSubject": {
"familyName": "Ruiz",
"firstName": "Jesus",
"id": "did:ebsi:2AEMAqXWKYMu1JHPAgGcga4dxu7ThgfgN95VyJBJGZbSJUtp",
"roles": [{
"names": ["P.Info.gold"],
"target": "did:elsi:packetdelivery"
}]
},
"id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4",
"issued": "2021-08-31T00:00:00Z",
"issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN",
"validFrom": "2021-08-31T00:00:00Z",
"issuanceDate": "2021-08-31T00:00:00Z",
"type": ["VerifiableCredential", "PacketDeliveryService"]
}
# -- Initcontainers to be added to the deployment
initContainers: []