-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathvalues.yaml
248 lines (230 loc) · 13.5 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
## Default values for vault and consul for HCL Commerce V9
global:
## Image registry used by deployment on SoFy
hclImageRegistry: hclcr.io/sofy
hclImagePullSecret: ''
# ambassador id and domain
ambassadorID:
domain:
## Common configuration for all component docker
common:
## tenant name used as the path name in vault secret
tenant: demo
## a flag to enable ingress to easily access vault UI in development
enableIngress: false
## external domain used in ingress for vault and commerce.
## template function "external.domain" is default to this value if global.domain is not defined
externalDomain: mycompany.com
## vault sub domain used in ingress relative to the "external.domain"
## e.g with externalDomain: mycompany.com, subDomain: vault,
## the domain used in ingress to access vault will be 'vault.mycompany.com'
subDomain: vault
## a flag to enable secret creation in commerce namespaces
enableSecretCreation: true
## namespaces where commerce environments are deployed
## it will create secret object of the vault token in each of these namespaces
commerceNameSpaces:
- commerce
## ingress controller [nginx,gke,ambassador]
## nginx - nginx ingress controller
## gke - cloud load balancing using HTTP(S) Load Balancer in GKE
## ambassador - ambassador API gateway
ingressController: nginx
## Enable this feature for deployment using openshift.
openshiftDeployment:
enabled: false
# The name of for an SecurityContextConstraints resource you want to have access
sccName: "privileged"
vaultConsul:
## docker image repository to pull consul and vault images
imageRepo: docker.io/
## plinux image repo
#imageRepo: docker.io/ibmcom/
## consul docker image name
consulImageName: consul
## consul docker image tag
consulImageTag: 1.9.4
## plinux consul image name and tag
#consulImageName: consul-ppc64le
#consulImageTag: 1.8.3-ubi8
## vault docker image name
vaultImageName: vault
## vault docker image tag
vaultImageTag: 1.7.0
## plinux vault image name and tag
#vaultImageName: vault-ppc64le
#vaultImageTag: 1.5.3-ubi8
## Vault resources
vaultResources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 512Mi
cpu: 500m
## Consul resources
consulResources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 512Mi
cpu: 500m
## imagePullPolicy
imagePullPolicy: IfNotPresent
## imagePullSecret
imagePullSecret:
## use external CA certificate
## when disabled (enabled=false)
## vault will generate an internal CA root certificate
## to sign the issuing certificate. This internal CA root
## certificate will change each time vault is re-deployed.
## It could cause communication issue between commerce pod
## if the certificates for 2 pods were not signed by the same
## root CA. It is not recommended to disable it.
## when enabled (enabled=true)
## vault will use the specified external CA certificate instead
## of generating one at start time. This can ensure vault always
## use the same CA certificate to issue the certificate to commerce.
## You can specify an existing secret name that holds the tls.crt and tls.key.
## Please make sure the certificate is marked for CA use (i.e. basicConstraints=CA:TRUE),
## otherwise, vault will not be able to use it and return error.
## Optionally, you can enable autoCreate to let deployment create a CA root certificate
## during the helm install.
externalCA:
enabled: true
existingSecretName:
autoCreate: true
## node selector for deploying vault and consul on specified set of nodes.
## e.g nodeSelector: {"cloud.google.com/gke-nodepool": "default-pool"}
nodeSelector: {}
## vault root token in UUID format. Please change it to your root token.
vaultToken: 992d4a42-3796-d06e-c4f0-16nf8503877d
## vault root token in base 64 format
## Note: to encode the vault token in base64, do this: echo -n '<vault token plain text>' | base64
## the -n is required to trim the trailing newline character
vaultTokenBase64: OTkyZDRhNDItMzc5Ni1kMDZlLWM0ZjAtMTZuZjg1MDM4Nzdk
## a flag to enable data loading
vaultLoadData: true
## data to load to vault under mounted <tenant> secret
## Format:
## <environment1>:
## <auth | live | both>: # properties under 'both' are created under the environment level, otherwise are created under environment type (auth | live) level
## <name1>:<value1>
## <name2>:<value2>
## ...
## <environment2>:
## <auth | live>:
## <name1>:<value1>
## <name2>:<value2>
##
## Note:
## 1. the default database values are based on the db docker images shipped with commerce
## 2. the default dbHost values are configured assuming using the db docker image deployed in the same K8s cluster in 'commerce' name space.
## 3. the following data covers 2 environments (dev and qa)
## 4. please modify the values based on your deployment sepcificiation
vaultData:
dev:
auth:
dbHost: "demodevauthdb.commerce.svc.cluster.local"
dbName: "mall"
dbUser: "wcs"
dbPassword: "wcs1"
dbType: "db2"
dbPort: "50000"
dbaUser: "db2inst1"
dbaPassword: "diet4coke"
dbPassEncrypt: "okFQawPB19Tkl1wKqQPDdAVtwz+mIgpJyqJQUuUWtyk="
dbaPassEncrypt: "u4h5LS/vJeSzsCfnt6NGfGHYPWK2fRq0+djkmB/iNWU="
toolingBaseUrl: 'https://cmc.demodevauth.{{ include "external.domain" $ }}/tooling'
searchQueryBaseUrl: 'https://search.demodevauth.{{ include "external.domain" $ }}'
live:
dbHost: "demodevlivedb.commerce.svc.cluster.local"
dbName: "mall"
dbUser: "wcs"
dbPassword: "wcs1"
dbType: "db2"
dbPort: "50000"
dbaUser: "db2inst1"
dbaPassword: "diet4coke"
dbPassEncrypt: "okFQawPB19Tkl1wKqQPDdAVtwz+mIgpJyqJQUuUWtyk="
dbaPassEncrypt: "u4h5LS/vJeSzsCfnt6NGfGHYPWK2fRq0+djkmB/iNWU="
toolingBaseUrl: 'https://cmc.demodevlive.{{ include "external.domain" $ }}/tooling'
both:
domainName: "commerce.svc.cluster.local"
spiUserName: "spiuser"
adminSpiUserPwd: "passw0rd"
authJWKS: "{base64}eyJrZXlzIjpbeyJrdHkiOiJSU0EiLCJraWQiOiJkZW1vS2V5IiwibiI6ImpIckkzcDRTQ1FUVUNuQmhaWkhESllzd1dCTXVhd3B5VkM2RGFLZENZeDc1MXdtRmx0bGlqY1VyOEd1WkMyLXZvMTZzT2RKZ0J5MDRwdmxydDRTc0ZDeVJvcmU1cVRyZTZJdTZfZTZ4dGRobHg1XzIzaVNmY1pqaG5tTk1SV2pFUC1wbmpZQXlWbjBINU10YVoyLXJlcDlxOUQyRENSQS15ZEtaLTZVd2t0VFZhRy1kTHNuLUNKMVNTNDQydkdybnJWYXU0b25RaVRSQlFjM2NkdHFzdDEzU3BvVHN1Y0lKblJ4RnNtUHd4M0NFUk1CTURwWi0weGRJVHJZNXVUZ3JvZnpRY21VcDRsVFZDQk9vRElJM3AyOE52YWt0TFNTWG00VmFfaHVZQlRlellwU21YWXRpTkpuY2FsUFRnREVaTkNSOWJLdXVQMjZUczMycnUtaGdnUSIsImUiOiJBUUFCIiwiZCI6ImpDZGdTc0o0Q2VsNFItWHhOaTJqX2N3TmNvSEltT0MyU2dpUjhKS1hLRjlhTWxGOHA1REF3LUxJd0xnSTNDRVVvYkN0c1k2VFlmV2JCUFBwcFJISHdPVHFjLVpMWkd5b3dtZk9LdFNfRmtjTTNJcGEtU3llcXU0MWd4bGNtZzg1Wk85UFd4eGduR3RudWJ1c3VXX3ZMSXJxWVQwUmc3UmlnR2NPVzhObVg4WlVYZTJJbDEzZi00VmVWWGRFZEE3YngwTDNkWE9HTzFCSDZJMGNGWmZIU2RYLWl1dzBiZWQ4ZUY0ODNIeDRkY3RMRkJCWmk0eC1iaWNCeEMxSDZLa2tRaThONXV4LVJVWUt0U2NzMFlzVUd3aTkwVjdBanRfY0JnckpZMGZuQk1iQUtfYzVKa0RfM09HYmw1cTZjYlBLQ2lxWDNpZi1hdEV6REkzQXM1T1hBUSIsInAiOiI4ZzRUZWliMUxoblA4NWVFZF9NYjhEcnhFV0hwNjFkTmhodEdEWHhBSGRvWk45aVJNZk00QUxvMG5uNGNwTllVcXpWY3ZmZy1KVHJ3eDJyb1dYRDZGVzlXRXJyWi1HUVpDM0dVRXgyYXRybW4wRUFFM3dhWGI1RXN5X0tfMDFjZFVDbmREU055ZGtSU1FIRTB3Z3F1QV9uTWkxV3RKS3ViVXp4NW9fQ0xJMUUiLCJxIjoibEpLaWJma2lyWU1hZmxiZEw1V0VHdlE0Y2lPaER6TFd4WVBQejlCa3pFWGdCaGxTY0VsLVhLQnh2bTFBa2dkdkhZMXVlT3IxdUhCeXBlSnhCbTNOTUtfelZjOUd5X1NUUnpabkJIajZERGZURVoybW5aWEhXSGNCMTNjQi1XcUh3c2xlaHBLZF9FOE9Db3NnM25rQjZVdDVhc3h4cy03X2FhV05yYnJwUGpFIiwiZHAiOiJwMGM1Q0tMaHItRmd4X3ZfTFJJU1RidS1HNEFxTTF6YkU0SEhzTXdjVjBVQlJvbmhGYjc3QmUycExac0QycHFrSUFtNXRRTllsMHdiV0FVMjI1RHJFMk1rX2I2cG9qSXk2S2l1WjJOX0p5WTRwZi1JSGtVazVKSlVmZ0dkdGNVdldkWUVrTzdkVElROHY1SThucGpZMTZDTFRnT0FxNlg0cXRaUlRnMlBhbkUiLCJkcSI6IlZKeUpxbzJtcFNBejExMkt5ODJmbFdZZU8wcDFMOTJwR0lVdnRVOGVDSU9HeUpKbE01TjNSak1OZEFCdU5Idk5XUXd4ck9WS21RWlpGSVc0RG93N3ZnMkdUQWttYllMVTJVcHZNc25leFZTSmZNX0drcG81RV9WNmRBWFBkd2FuV0ZRcjVBSGR2VkljVWY3WDhqc0J6cVh2LU5XRHI1QmRud0hzaE5NY2dCRSIsInFpIjoiTjdoWERqcEVCZTQxRFp0LUJCelZ4THBOSnd5ckZwSnZqZTFKVGNndkRld0Q5NDVTWWVROGROWGpsYWlVYjVYU19JWWg1dXdjM1lMOGxNeWdGUm1kNVR1c2xDcmU2VUxleGZBY1p0Q3dlVkl0WEsxdjBCUlVKSHFzRU1PZVNGdE12VU5Wdk5sRzlKbmd0OWMxTjRELWZNaVR3VkZndTBIOUFDY1RXT2VYYzZjIn1dfQ=="
elasticSearchHost: hcl-commerce-elasticsearch.elastic.svc.cluster.local
elasticSearchPort: 9200
elasticSearchScheme: http
nifiWebHttpPort: 30600
nifiClusterIsNode: false
nifiClusterNodeProtocalPort: 30600
zookeeperHost: hcl-commerce-zookeeper.zookeeper.svc.cluster.local
zookeeperPort: 2181
nifiElectionMaxWait: "1 min"
nifiJvmHeapInit: 4096m
nifiJvmHeapMax: 6144m
registryHost: demodevregistry-app.commerce.svc.cluster.local
registryPort: 30400
nifiHost: demodevnifi-app.commerce.svc.cluster.local
nifiPort: 30600
redisHost: hcl-commerce-redis-master.redis.svc.cluster.local
redisPort: 6379
searchDataQueryBaseUrl: 'https://query.demodev.{{ include "external.domain" $ }}'
qa:
auth:
dbHost: "demoqaauthdb.commerce.svc.cluster.local"
dbName: "mall"
dbUser: "wcs"
dbPassword: "wcs1"
dbType: "db2"
dbPort: "50000"
dbaUser: "db2inst1"
dbaPassword: "diet4coke"
dbPassEncrypt: "okFQawPB19Tkl1wKqQPDdAVtwz+mIgpJyqJQUuUWtyk="
dbaPassEncrypt: "u4h5LS/vJeSzsCfnt6NGfGHYPWK2fRq0+djkmB/iNWU="
toolingBaseUrl: 'https://www.demoqaauth.{{ include "external.domain" $ }}/tooling'
searchQueryBaseUrl: 'https://search.demoqaauth.{{ include "external.domain" $ }}'
live:
dbHost: "demoqalivedb.commerce.svc.cluster.local"
dbName: "mall"
dbUser: "wcs"
dbPassword: "wcs1"
dbType: "db2"
dbPort: "50000"
dbaUser: "db2inst1"
dbaPassword: "diet4coke"
dbPassEncrypt: "okFQawPB19Tkl1wKqQPDdAVtwz+mIgpJyqJQUuUWtyk="
dbaPassEncrypt: "u4h5LS/vJeSzsCfnt6NGfGHYPWK2fRq0+djkmB/iNWU="
toolingBaseUrl: 'https://www.demoqalive.{{ include "external.domain" $ }}/tooling'
both:
domainName: "commerce.svc.cluster.local"
spiUserName: "spiuser"
adminSpiUserPwd: "passw0rd"
authJWKS: "{base64}eyJrZXlzIjpbeyJrdHkiOiJSU0EiLCJraWQiOiJkZW1vS2V5IiwibiI6ImpIckkzcDRTQ1FUVUNuQmhaWkhESllzd1dCTXVhd3B5VkM2RGFLZENZeDc1MXdtRmx0bGlqY1VyOEd1WkMyLXZvMTZzT2RKZ0J5MDRwdmxydDRTc0ZDeVJvcmU1cVRyZTZJdTZfZTZ4dGRobHg1XzIzaVNmY1pqaG5tTk1SV2pFUC1wbmpZQXlWbjBINU10YVoyLXJlcDlxOUQyRENSQS15ZEtaLTZVd2t0VFZhRy1kTHNuLUNKMVNTNDQydkdybnJWYXU0b25RaVRSQlFjM2NkdHFzdDEzU3BvVHN1Y0lKblJ4RnNtUHd4M0NFUk1CTURwWi0weGRJVHJZNXVUZ3JvZnpRY21VcDRsVFZDQk9vRElJM3AyOE52YWt0TFNTWG00VmFfaHVZQlRlellwU21YWXRpTkpuY2FsUFRnREVaTkNSOWJLdXVQMjZUczMycnUtaGdnUSIsImUiOiJBUUFCIiwiZCI6ImpDZGdTc0o0Q2VsNFItWHhOaTJqX2N3TmNvSEltT0MyU2dpUjhKS1hLRjlhTWxGOHA1REF3LUxJd0xnSTNDRVVvYkN0c1k2VFlmV2JCUFBwcFJISHdPVHFjLVpMWkd5b3dtZk9LdFNfRmtjTTNJcGEtU3llcXU0MWd4bGNtZzg1Wk85UFd4eGduR3RudWJ1c3VXX3ZMSXJxWVQwUmc3UmlnR2NPVzhObVg4WlVYZTJJbDEzZi00VmVWWGRFZEE3YngwTDNkWE9HTzFCSDZJMGNGWmZIU2RYLWl1dzBiZWQ4ZUY0ODNIeDRkY3RMRkJCWmk0eC1iaWNCeEMxSDZLa2tRaThONXV4LVJVWUt0U2NzMFlzVUd3aTkwVjdBanRfY0JnckpZMGZuQk1iQUtfYzVKa0RfM09HYmw1cTZjYlBLQ2lxWDNpZi1hdEV6REkzQXM1T1hBUSIsInAiOiI4ZzRUZWliMUxoblA4NWVFZF9NYjhEcnhFV0hwNjFkTmhodEdEWHhBSGRvWk45aVJNZk00QUxvMG5uNGNwTllVcXpWY3ZmZy1KVHJ3eDJyb1dYRDZGVzlXRXJyWi1HUVpDM0dVRXgyYXRybW4wRUFFM3dhWGI1RXN5X0tfMDFjZFVDbmREU055ZGtSU1FIRTB3Z3F1QV9uTWkxV3RKS3ViVXp4NW9fQ0xJMUUiLCJxIjoibEpLaWJma2lyWU1hZmxiZEw1V0VHdlE0Y2lPaER6TFd4WVBQejlCa3pFWGdCaGxTY0VsLVhLQnh2bTFBa2dkdkhZMXVlT3IxdUhCeXBlSnhCbTNOTUtfelZjOUd5X1NUUnpabkJIajZERGZURVoybW5aWEhXSGNCMTNjQi1XcUh3c2xlaHBLZF9FOE9Db3NnM25rQjZVdDVhc3h4cy03X2FhV05yYnJwUGpFIiwiZHAiOiJwMGM1Q0tMaHItRmd4X3ZfTFJJU1RidS1HNEFxTTF6YkU0SEhzTXdjVjBVQlJvbmhGYjc3QmUycExac0QycHFrSUFtNXRRTllsMHdiV0FVMjI1RHJFMk1rX2I2cG9qSXk2S2l1WjJOX0p5WTRwZi1JSGtVazVKSlVmZ0dkdGNVdldkWUVrTzdkVElROHY1SThucGpZMTZDTFRnT0FxNlg0cXRaUlRnMlBhbkUiLCJkcSI6IlZKeUpxbzJtcFNBejExMkt5ODJmbFdZZU8wcDFMOTJwR0lVdnRVOGVDSU9HeUpKbE01TjNSak1OZEFCdU5Idk5XUXd4ck9WS21RWlpGSVc0RG93N3ZnMkdUQWttYllMVTJVcHZNc25leFZTSmZNX0drcG81RV9WNmRBWFBkd2FuV0ZRcjVBSGR2VkljVWY3WDhqc0J6cVh2LU5XRHI1QmRud0hzaE5NY2dCRSIsInFpIjoiTjdoWERqcEVCZTQxRFp0LUJCelZ4THBOSnd5ckZwSnZqZTFKVGNndkRld0Q5NDVTWWVROGROWGpsYWlVYjVYU19JWWg1dXdjM1lMOGxNeWdGUm1kNVR1c2xDcmU2VUxleGZBY1p0Q3dlVkl0WEsxdjBCUlVKSHFzRU1PZVNGdE12VU5Wdk5sRzlKbmd0OWMxTjRELWZNaVR3VkZndTBIOUFDY1RXT2VYYzZjIn1dfQ=="
elasticSearchHost: hcl-commerce-elasticsearch.elastic.svc.cluster.local
elasticSearchPort: 9200
elasticSearchScheme: http
zookeeperHost: hcl-commerce-zookeeper.zookeeper.svc.cluster.local
zookeeperPort: 2181
nifiJvmHeapInit: 4096m
nifiJvmHeapMax: 6144m
redisHost: hcl-commerce-redis-master.redis.svc.cluster.local
redisPort: 6379
searchDataQueryBaseUrl: 'https://query.demoqa.{{ include "external.domain" $ }}'
## This support container image is required when vaultConsul.externalCA.enabled
## and vaultConsul.externalCA.autoCreate are both enabled. Please specify the
## image repo, image path and tag for supportcontainer image you downloaded and pushed to
## your private container registry.
supportC:
imageRepo: my-docker-registry.io:5000/
image: commerce/supportcontainer
tag: v9-latest
## imagePullPolicy
imagePullPolicy: IfNotPresent
## imagePullSecret
imagePullSecret: ''
test:
image: docker.io/centos:latest