1212# #
1313commonLabels :
1414 app.kubernetes.io/component : mosip
15+
1516# # Add annotations to all the deployed resources
1617# #
1718commonAnnotations : {}
19+
1820# # Kubernetes Cluster Domain
1921# #
2022clusterDomain : cluster.local
23+
2124# # Extra objects to deploy (value evaluated as a template)
2225# #
2326extraDeploy : []
27+
2428# # Number of nodes
2529# #
2630replicaCount : 1
31+
2732service :
2833 type : ClusterIP
2934 port : 80
@@ -44,10 +49,11 @@ service:
4449 # # ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
4550 # #
4651 externalTrafficPolicy : Cluster
52+
4753image :
4854 registry : docker.io
49- repository : mosipid /kernel-auditmanager-service
50- tag : 1.3.0-beta.1
55+ repository : mosipqa /kernel-auditmanager-service
56+ tag : 1.3.x
5157 # # Specify a imagePullPolicy
5258 # # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
5359 # # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -59,8 +65,10 @@ image:
5965 # #
6066 # pullSecrets:
6167 # - myRegistryKeySecretName
68+
6269# # Port on which this particular spring service module is running.
6370springServicePort : 8081
71+
6472# # Configure extra options for liveness and readiness probes
6573# # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
6674# #
@@ -74,6 +82,7 @@ startupProbe:
7482 timeoutSeconds : 5
7583 failureThreshold : 30
7684 successThreshold : 1
85+
7786livenessProbe :
7887 enabled : true
7988 httpGet :
@@ -84,27 +93,31 @@ livenessProbe:
8493 timeoutSeconds : 5
8594 failureThreshold : 6
8695 successThreshold : 1
96+
8797readinessProbe :
8898 enabled : true
8999 httpGet :
90100 path : /v1/auditmanager/actuator/health
91101 port : 8081
92- initialDelaySeconds : 0
93- periodSeconds : 10
94- timeoutSeconds : 5
102+ initialDelaySeconds : 30
103+ periodSeconds : 15
104+ timeoutSeconds : 10
95105 failureThreshold : 6
96106 successThreshold : 1
107+
97108# #
98109# existingConfigmap:
99110
100111# # Command and args for running the container (set to default if not set). Use array form
101112# #
102113command : []
103114args : []
115+
104116# # Deployment pod host aliases
105117# # https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
106118# #
107119hostAliases : []
120+
108121# # ref: http://kubernetes.io/docs/user-guide/compute-resources/
109122# #
110123resources :
@@ -113,36 +126,42 @@ resources:
113126 # resources, such as Minikube. If you do want to specify resources, uncomment the following
114127 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
115128 limits :
116- cpu : 1000m
117- memory : 2500Mi
129+ cpu : 2000m
130+ memory : 5000Mi
118131 requests :
119- cpu : 100m
132+ cpu : 300m
120133 memory : 1500Mi
134+
121135additionalResources :
122136 # # Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
123137 # # Example: java_opts: "-Xms500M -Xmx500M"
124- javaOpts : " -Xms1750M -Xmx1750M"
138+ javaOpts : " -Xms3050M -Xmx3050M"
139+
125140# # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
126141# # Clamav container already runs as 'mosip' user, so we may not need to enable this
127142containerSecurityContext :
128143 enabled : false
129144 runAsUser : mosip
130145 runAsNonRoot : true
146+
131147# # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
132148# #
133149podSecurityContext :
134150 enabled : false
135151 fsGroup : 1001
152+
136153# # Pod affinity preset
137154# # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
138155# # Allowed values: soft, hard
139156# #
140157podAffinityPreset : " "
158+
141159# # Pod anti-affinity preset
142160# # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
143161# # Allowed values: soft, hard
144162# #
145163podAntiAffinityPreset : soft
164+
146165# # Node affinity preset
147166# # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
148167# # Allowed values: soft, hard
@@ -164,69 +183,93 @@ nodeAffinityPreset:
164183 # # - e2e-az2
165184 # #
166185 values : []
186+
167187# # Affinity for pod assignment. Evaluated as a template.
168188# # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
169189# #
170190affinity : {}
191+
171192# # Node labels for pod assignment. Evaluated as a template.
172193# # ref: https://kubernetes.io/docs/user-guide/node-selection/
173194# #
174195nodeSelector : {}
196+
175197# # Tolerations for pod assignment. Evaluated as a template.
176198# # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
177199# #
178200tolerations : []
201+
179202# # Pod extra labels
180203# # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
181204# #
182205podLabels : {}
206+
183207# # Annotations for server pods.
184208# # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
185209# #
186210podAnnotations : {}
211+
187212# # pods' priority.
188213# # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
189214# #
190215# priorityClassName: ""
191216
192217# # lifecycleHooks for the container to automate configuration before or after startup.
193218# #
194- lifecycleHooks : {}
219+ lifecycleHooks :
220+ preStop :
221+ exec :
222+ command :
223+ - sh
224+ - -c
225+ - sleep 30
226+
227+ # # Termination grace perios : the maximum amount of time (in seconds) Kubernetes will wait for a container to gracefully shut down
228+ terminationGracePeriodSeconds : 60
229+
195230# # Custom Liveness probes for
196231# #
197232customLivenessProbe : {}
233+
198234# # Custom Rediness probes
199235# #
200236customReadinessProbe : {}
237+
201238# # Update strategy - only really applicable for deployments with RWO PVs attached
202239# # If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
203240# # PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
204241# # terminate the single previous pod, so that the new, incoming pod can attach to the PV
205242# #
206243updateStrategy :
207244 type : RollingUpdate
245+
208246# # Additional environment variables to set
209247# # Example:
210248# # extraEnvVars:
211249# # - name: FOO
212250# # value: "bar"
213251# #
214252extraEnvVars : []
253+
215254# # ConfigMap with extra environment variables that used
216255# #
217256extraEnvVarsCM :
218257 - global
219258 - config-server-share
220259 - artifactory-share
260+
221261# # Secret with extra environment variables
222262# #
223263extraEnvVarsSecret :
264+
224265# # Extra volumes to add to the deployment
225266# #
226267extraVolumes : []
268+
227269# # Extra volume mounts to add to the container
228270# #
229271extraVolumeMounts : []
272+
230273# # Add init containers to the pods.
231274# # Example:
232275# # initContainers:
@@ -241,7 +284,17 @@ initContainers:
241284 - command :
242285 - /bin/bash
243286 - -c
244- - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; fi
287+ - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host"
288+ |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST
289+ $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST"
290+ -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN
291+ CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool
292+ -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass
293+ changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts"
294+ -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer"
295+ ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host;
296+ EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts;
297+ fi
245298 env :
246299 - name : ENABLE_INSECURE
247300 value : " true"
@@ -259,6 +312,7 @@ initContainers:
259312 volumeMounts :
260313 - mountPath : /cacerts
261314 name : cacerts
315+
262316# # Add sidecars to the pods.
263317# # Example:
264318# # sidecars:
@@ -270,6 +324,7 @@ initContainers:
270324# # containerPort: 1234
271325# #
272326sidecars : {}
327+
273328persistence :
274329 enabled : false
275330 # # If defined, storageClassName: <storageClass>
@@ -291,15 +346,16 @@ persistence:
291346 existingClaim :
292347 # Dir where config and keys are written inside container
293348 mountDir :
349+
294350# # Init containers parameters:
295351# # volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
296352# #
297353volumePermissions :
298354 enabled : false
299355 image :
300356 registry : docker.io
301- repository : bitnami/bitnami -shell
302- tag : " 10 "
357+ repository : mosipid/os -shell
358+ tag : " 12-debian-12-r46 "
303359 pullPolicy : Always
304360 # # Optionally specify an array of imagePullSecrets.
305361 # # Secrets must be manually created in the namespace.
@@ -324,10 +380,12 @@ volumePermissions:
324380 # # cpu: 100m
325381 # # memory: 128Mi
326382 # #
383+
327384# # Specifies whether RBAC resources should be created
328385# #
329386rbac :
330387 create : true
388+
331389# # Specifies whether a ServiceAccount should be created
332390# #
333391serviceAccount :
@@ -336,6 +394,7 @@ serviceAccount:
336394 # # If not set and create is true, a name is generated using the fullname template
337395 # #
338396 name :
397+
339398# # Prometheus Metrics
340399# #
341400metrics :
@@ -345,7 +404,9 @@ metrics:
345404 # #
346405 podAnnotations :
347406 prometheus.io/scrape : " true"
407+
348408 endpointPath : /v1/auditmanager/actuator/prometheus
409+
349410 # # Prometheus Service Monitor
350411 # # ref: https://github.com/coreos/prometheus-operator
351412 # #
@@ -372,6 +433,7 @@ metrics:
372433 # # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
373434 # #
374435 additionalLabels : {}
436+
375437 # # Custom PrometheusRule to be defined
376438 # # The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
377439 # # ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
@@ -389,9 +451,11 @@ metrics:
389451 # labels:
390452 # severity: error
391453 rules : []
454+
392455# # Only internal access
393456istio :
394457 enabled : true
395458 gateway : istio-system/internal
396459 prefix : /v1/auditmanager
460+
397461enable_insecure : false
0 commit comments