forked from corda/corda-kubernetes-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
265 lines (261 loc) · 17.2 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
# Global values
global: {}
# Setup options
setup:
# cordaVersion defines the version that we will be deploying, 4.0 would indicate using Corda Enterprise 4.0 (the general availability (GA) version)
# If you would like to test an unreleased version you can target the SNAPSHOT of the version, for example: "4.5-SNAPSHOT"
# Note that this parameter is case-sensitive
# This version also affects the Corda Firewall version
cordaVersion: "4.0"
# initialRegistration defines if we should perform the initial registration tasks or not
initialRegistration:
# enabled is a boolean value for the above parameter
enabled: true
# cordaFirewall defines if we should activate the Corda Firewall component as part of the installation or not
cordaFirewall:
# enabled is a boolean value for the above parameter
enabled: true
# destination defines where the Float will be deployed
destination:
# internalKubernetesCluster defines if the Float should be installed in the same cluster as Node & Bridge (not best security practice, but good for testing)
internalKubernetesCluster:
# enabled is a boolean value for the above parameter
enabled: true
# external-kubernetes-cluster defines if the Float should be installed in a separate Kubernetes cluster from Node & Bridge (true DMZ)
external-kubernetes-cluster:
# enabled is a boolean value for the above parameter
enabled: false
# external-vm defines if the Float should be installed on a separate VM from Node & Bridge (true DMZ)
external-vm:
# enabled is a boolean value for the above parameter
enabled: false
# hsm defines if we should use an HSM to store the private keys for the certificates in
hsm:
# enabled is a boolean value for the above parameter
enabled: false
# artemis defines if we should set up out-of-process Artemis as part of the deployment or not
artemis:
# enabled is a boolean value for the above parameter
enabled: false
# cloudProvider defines what provider the deployment should be targeting, a lot of options are provider specific. Use 'local' for doing local deployments.
# Accepted options: 'azure', 'aws', 'gcp'
# Please also configure the storage options to match your intended cloud provider solution (for example if using gcp as cloud provider, disable azureFile and enable gcpPD storage)
cloudProvider: "azure"
# config defines the options that relate to the deployment but not specifically to the Corda Node
config:
# namespace defines the Kubernetes namespace that all resources will be deployed to
namespace: "cordatest"
# resourceName defines the Kubernetes resource Name that all resources will share (with some added extensions to differentiate the different resources)
# Does not need editing unless deploying multiple nodes in the same cluster which should use unique resource names
resourceName: "corda-node-1"
# dockerImageNode defines the Docker Image we will be deploying for the Corda Node
dockerImageNode: "corda_image_ent_%s:v1.00"
# dockerImageFirewall defines the Docker Image we will be deploying for the Corda Firewall
dockerImageFirewall: "corda_image_firewall_%s:v1.00"
# containerRegistry defines the Container Registry options
containerRegistry:
# serverAddress is the name of the server that corresponds with the Container Registry
serverAddress: ""
# username is the username for the Container Registry access.
# Please note that if using Amazon ECR you must use the special username "AWS"
username: ""
# password is the password for the Container Registry access
password: ""
# email is the email address corresponding to the Container Registry
email: ""
# artifactoryR3 defines the options for accessing R3 Artifactory https://software.r3.com/ to download binaries (Corda Enterprise, Corda Firewall, Corda Health Survey Tool, etc.)
artifactoryR3:
# artifactory_username is the username for the R3 Artifactory
artifactory_username: ""
# artifactory_password is the password for the R3 Artifactory
artifactory_password: ""
# nodeLoadBalancerIP defines the public / private IP address (NOTE: DNS name is not allowed) for the Kubernetes Cluster on which there will be an ingress to the Corda Nodes RPC endpoint
nodeLoadBalancerIP: ""
# floatLoadBalancerIP defines the public / private IP address (NOTE: DNS name is not allowed) for the Kubernetes Cluster on which there will be an ingress to the Corda Firewalls Float endpoint
floatLoadBalancerIP: ""
# storage defines the Storage options
storage:
# resourceName defines the Kubernetes resource Name to use for this resource
# Does not need editing unless deploying multiple nodes in the same cluster which should use unique resource names
resourceName: "storage-1"
# local defines the local storage options, only used if it is enabled
local:
# enabled is a boolean value for the above parameter
enabled: false
# provisioner defines the type of storage being used. See Storage Classes: https://kubernetes.io/docs/concepts/storage/storage-classes/ for more information
provisioner: "no-provisioner"
# azureFile defines the Azure specific storage options, only used if it is enabled
azureFile:
# enabled is a boolean value for the above parameter
enabled: true
# provisioner defines the type of storage being used. See Storage Classes: https://kubernetes.io/docs/concepts/storage/storage-classes/ for more information
provisioner: "azure-file"
# skuName defines the Azure specific skuName
skuName: "Standard_LRS"
# skuName defines the Azure specific location
location: "westeurope"
# azureStorageAccountName is only used if provisioner = azure-file, it determines the Azure storage account name
azureStorageAccountName: ""
# azureStorageAccountKey is only used if provisioner = azure-file, it determines the Azure storage account key
azureStorageAccountKey: ""
# awsEBS defines the AWS EBS specific storage options, only used if it is enabled
awsEBS:
# enabled is a boolean value for the above parameter
enabled: false
# provisioner defines the type of storage being used. See Storage Classes: https://kubernetes.io/docs/concepts/storage/storage-classes/ for more information
provisioner: "aws-ebs"
# type defines the AWS specific type, io1, gp2, sc1, st1, see AWS docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html for more information
type: "gp2"
# iopsPerGB defines the performance of the storage. Only for io1 volumes. I/O operations per second per GiB. AWS volume plugin multiplies this with size of requested volume to compute IOPS of the volume and caps it at 20 000 IOPS (maximum supported by AWS, see AWS docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html for more information
iopsPerGB: "10"
# fsType defines the file system type to use, default ext4
fsType: "ext4"
# encrypted denotes whether the EBS volume should be encrypted or not (true/false as string)
encrypted: "false"
# kmsKeyId defines the encryption key. This parameter is optional. The full Amazon Resource Name of the key to use when encrypting the volume. If none is supplied but encrypted is true, a key is generated by AWS. See AWS docs for valid ARN value
kmsKeyId: ""
# zones defines the list of zones where this resource will be available
zones:
# name defines the zone name where this resource will be available
- name: "eu-west-2b"
# gcpPD defines the Google Cloud Platform (GCP) persistent disk (GCP PD) specific storage options, only used if it is enabled
gcpPD:
# enabled is a boolean value for the above parameter
enabled: false
# provisioner defines the type of storage being used. See Storage Classes: https://kubernetes.io/docs/concepts/storage/storage-classes/ for more information
provisioner: "gce-pd"
# fsType defines the file system type to use, default ext4
fsType: "ext4"
# type defines the GCP specific type, pd-standard is default
type: "pd-standard"
# node defines the storage options for the Node information
node:
# fileShareName defines the volume share name, with which Kubernetes will be able to map the volume to the Deployment
# Does not need editing unless deploying multiple nodes in the same cluster which should use unique share names
fileShareName: "node-storage"
# size specifies the size to reserve for this volume
size: "2Gi"
# volumeId defines the id of the volume. This is currently only used if either AWS EBS or GCP PD is enabled
volumeId: ""
# volumeHost defines which EC2 instance the volume is connected to (the value can be found in AWS portal -> EC2 Instances -> Private DNS of the VM). This is currently only used if AWS EBS is enabled
volumeHost: ""
# bridge defines the storage options for the Bridge information
bridge:
# fileShareName defines the volume share name, with which Kubernetes will be able to map the volume to the Deployment
# Does not need editing unless deploying multiple nodes in the same cluster which should use unique share names
fileShareName: "bridge-storage"
# size specifies the size to reserve for this volume
size: "1Gi"
# volumeId defines the id of the volume. This is currently only used if either AWS EBS or GCP PD is enabled
volumeId: ""
# volumeHost defines which EC2 instance the volume is connected to (the value can be found in AWS portal -> EC2 Instances -> Private DNS of the VM). This is currently only used if AWS EBS is enabled
volumeHost: ""
# float defines the storage options for the float information
float:
# fileShareName defines the volume share name, with which Kubernetes will be able to map the volume to the Deployment
# Does not need editing unless deploying multiple nodes in the same cluster which should use unique share names
fileShareName: "float-storage"
# size specifies the size to reserve for this volume
size: "1Gi"
# volumeId defines the id of the volume. This is currently only used if either AWS EBS or GCP PD is enabled
volumeId: ""
# volumeHost defines which EC2 instance the volume is connected to (the value can be found in AWS portal -> EC2 Instances -> Private DNS of the VM). This is currently only used if AWS EBS is enabled
volumeHost: ""
# corda is the Corda specific deployment options
corda:
# node is the options that define how to define the node.conf file which defines how the Corda Node will function
node:
# Values that will end up in the node.conf file
conf:
# legalName defines the X500 Node identity name. See https://docs.corda.net/node-naming.html#node-naming for more information
legalName: "O=,L=London,C=GB"
# emailAddress defines the email address of the Node administrator, preferrably an impersonal address (e.g. [email protected])
emailAddress: ""
# bridgeTunnelPort defines the port number that the Bridge will connect to the Float on
bridgeTunnelPort: 39999
# p2pPort defines the port number of inbound connections
p2pPort: 40000
# p2pAddress defines the public facing IP address (domain name recommended) and port number of the Node, in the case of using a Float, this address should correspond to the public IP address of the float
p2pAddress: ""
# floatInternalAddress defines the Floats private IP address, that the Bridge will use to set up the Corda Firewall tunnel between the Bridge and the Float
floatInternalAddress: "" # Address that the Bridge service will connect to, if empty uses the public p2p address (above)
# identityManagerAddress defines the accesspoint for the Identity Manager server (protocol + domain name + port, eg. http://my-identity-manager:1000)
identityManagerAddress: ""
# networkmapAddress defines the accesspoint for the Network Map server (protocol + domain name + port, eg. http://my-network-map:2000)
networkmapAddress: ""
# compatibilityZoneEnabled defines if you are connecting to a compatibility zone rather than using the above identityManagerAddress+networkmapAddress. Set this to true to be able to join Corda Testnet along with compatibilityZoneURL
compatibilityZoneEnabled: false
# compatibilityZoneURL defines the root address of Corda compatibility zone network management services. For Corda Testnet you can use "https://netmap.testnet.r3.com"
compatibilityZoneURL: ""
# networkRootTruststorePassword defines the password with which to unlock the network root truststore file usually named 'networkRootTrustStore.jks'
networkRootTruststorePassword: "trustpass"
# keystorePassword defines the password with which to unlock the Node keystore file, usually named "nodekeystore.jks". This value will also end up in the "bridge.conf" file
keystorePassword: "cordacadevpass"
# truststorePassword defines the password with which to unlock the Node truststore file, usually named "truststore.jks". This value will also end up in the "bridge.conf" file
truststorePassword: "trustpass"
# crlCheckSoftFail defines if CRL failure is a critical error or if we can just fail softly (by logging an error) and continuing
crlCheckSoftFail: true
# tlsCertCrlDistPoint defines the endpoint for retrieving the CRL (Certificate Revocation List) of the Corda Network, if empty "", not used
# Example from Corda Network UAT network: http://crl.uat.corda.network/nodetls.crl
tlsCertCrlDistPoint: ""
# tlsCertCrlIssuer defines the X500 name of the trusted CRL issuer of the Corda Network, example from the Corda Network UAT network
tlsCertCrlIssuer: "CN=Corda TLS CRL Authority,OU=Corda UAT,O=R3 HoldCo LLC,L=New York,C=US"
# devMode defines if Corda Node is running in developer mode or not, this setting should NEVER be enabled in a production setting!
devMode: false
# ssh defines the SSH access options
ssh:
# enabled is a boolean value for the above parameter
enabled: true
# sshdPort is the Node Shell access port. See https://docs.corda.net/shell.html for more information.
sshdPort: 2223
# rpc defines the RPC options
rpc:
# port is the RPC endpoint that the user interface will access to direct the CorDapp on the Corda Node
port: 30000
# adminPort is the RPC admin endpoint that can be used to do administrative tasks on the Corda Node, normally disabled
adminPort: 30009
# users defines the list of RPC users and the permissions they have. See https://docs.corda.net/clientrpc.html#granting-flow-permissions for more information
users:
# name defines the name of the RPC user
- name: user1
# password defines the password for the RPC user
password: test
# permissions defines the RPC permissions available. See https://docs.corda.net/clientrpc.html?highlight=rpc%20permission#rpc-permissions for more information
permissions: ALL
# dataSource defines the database options
dataSource:
# className defines which database to use, empty ("") defines H2
className: ""
# url defines where to reach the database at. empty ("") defines H2 local database access
url: ""
# user defines the username for the access to the database
user: "user1"
# password defines the password for the access to the database
password: "test"
# monitoring defines the monitoring options
monitoring:
# enabled is a boolean value for the above parameter
enabled: true
# port defines the port on which the monitoring information will be available
port: 8090
# allowDevCorDapps defines if CorDapps that are signed with developer keys will be allowed to load or not (it clears the cordappSignerKeyFingerprintBlacklist if enabled)
allowDevCorDapps:
# enabled is a boolean value for the above parameter
enabled: true
# firewall is the options that define how to define the bridge.conf and float.conf files which defines how the Corda Firewall will function
firewall:
# Values that will end up in the bridge.conf/float.conf files
conf:
# certificateValidityInDays defines how long the tunnel certificates will be valid for, in days
certificateValidityInDays: "3650"
# truststorePassword defines the password with which to unlock the firewall tunnel root truststore file usually named "trust.jks".
truststorePassword: "trustpass"
# truststorePassword defines the password with which to unlock the firewall tunnel root truststore file usually named "trust.jks".
bridgeKeystorePassword: "bridgepass"
# truststorePassword defines the password with which to unlock the firewall tunnel root truststore file usually named "trust.jks".
floatKeystorePassword: "floatpass"
# keystorePasswordCA defines the password for the tunnel certificates root CA
keystorePasswordCA: "capass"
# keyPasswordCA defines the password for the tunnel certificates root CA key
keyPasswordCA: "cakeypass"
# fin.