This repository is part of the commercial open-source project CZERTAINLY. You can find more information about the project at CZERTAINLY repository, including the contribution guide.
This repository contains Helm charts as part of the CZERTAINLY platform.
- Kubernetes 1.19+
- Helm 3.8.0+
- PostgreSQL 11+
Create namespace
We’ll need to define a Kubernetes namespace where the resources created by the Chart should be installed:
kubectl create namespace czertainlyCreate values.yaml
Note You can also use
--setoptions for the helm to apply configuration for the chart.
Copy the default values.yaml from the Helm chart and modify the values accordingly:
helm show values oci://harbor.3key.company/czertainly-helm/ejbca-ng-connector > values.yamlNow edit the values.yaml according to your desired stated, see Configurable parameters for more information.
Install
For the basic installation, run:
helm install --namespace czertainly -f values.yaml czertainly-ejbca-ng-connector oci://harbor.3key.company/czertainly-helm/ejbca-ng-connectorSave your configuration
Always make sure you save the values.yaml and all --set and --set-file options you used. You will need to use the same options when you upgrade to new versions with Helm. In case you are changing the configuration, save the new configuration.
Warning Be sure that you always save your previous configuration!
For upgrading the installation, update your configuration and run:
helm upgrade --namespace czertainly -f values.yaml czertainly-ejbca-ng-connector oci://harbor.3key.company/czertainly-helm/ejbca-ng-connectorYou can use the helm uninstall command to uninstall the application:
helm uninstall --namespace czertainly czertainly-ejbca-ng-connectorYou can find current values in the values.yaml.
You can also Specify each parameter using the --set or --set-file argument to helm install.
Global values are used to define common parameters for the chart and all its sub-charts by exactly the same name.
| Parameter | Default value | Description |
|---|---|---|
| global.image.registry | "" |
Global docker registry name |
| global.image.repository | "" |
Global docker image repository name |
| global.image.pullSecrets | [] |
Global array of secret names for image pull |
| global.volumes.ephemeral.type | "" |
Global ephemeral volume type to be used |
| global.volumes.ephemeral.sizeLimit | "" |
Global ephemeral volume size limit |
| global.volumes.ephemeral.storageClassName | "" |
Global ephemeral volume storage class name for storage type |
| global.volumes.ephemeral.custom | {} |
Global custom definition of the ephemeral volume for custom type |
| global.database.type | "" |
Type of the database, currently only postgresql is supported |
| global.database.host | "" |
Host where is the database located |
| global.database.port | "" |
Port on which is the database listening |
| global.database.name | "" |
Database name |
| global.database.username | "" |
Username to access the database |
| global.database.password | "" |
Password to access the database |
| global.trusted.certificates | "" |
List of additional CA certificates that should be trusted |
| global.httpProxy | "" |
Proxy to be used to access external resources through http |
| global.httpsProxy | "" |
Proxy to be used to access external resources through https |
| global.noProxy | "" |
Defines list of external resources that should not use proxy settings |
| global.initContainers | [] |
Global init containers |
| global.sidecarContainers | [] |
Global sidecar containers |
| global.additionalVolumes | [] |
Global additional volumes |
| global.additionalVolumeMounts | [] |
Global additional volume mounts |
| global.additionalPorts | [] |
Global additional ports |
| global.additionalEnv.variables | [] |
Global additional environment variables |
| global.additionalEnv.secrets | [] |
Global additional environment secrets |
| global.additionalEnv.configMaps | [] |
Global additional environment config maps |
The following values may be configured:
| Parameter | Default value | Description |
|---|---|---|
| image.registry | docker.io |
Docker registry name for the image |
| image.repository | czertainly |
Docker image repository name |
| image.name | czertainly-ejbca-ng-connector |
Docker image name |
| image.tag | 1.11.0 |
Docker image tag |
| image.digest | "" |
Docker image digest, will override tag if specified |
| image.pullPolicy | IfNotPresent |
Image pull policy |
| image.pullSecrets | [] |
Array of secret names for image pull |
| image.command | [] |
Override the default command |
| image.args | [] |
Override the default args |
| image.securityContext.runAsNonRoot | true |
Run the container as non-root user |
| image.securityContext.runAsUser | 10001 |
User ID for the container |
| image.securityContext.readOnlyRootFilesystem | true |
Run the container with read-only root filesystem |
| image.resources | {} |
The resources for the container |
| podSecurityContext | {} |
Pod security context |
| volumes.ephemeral.type | memory |
Ephemeral volume type to be used |
| volumes.ephemeral.sizeLimit | "1Mi" |
Ephemeral volume size limit |
| volumes.ephemeral.storageClassName | "" |
Ephemeral volume storage class name for storage type |
| volumes.ephemeral.custom | {} |
Custom definition of the ephemeral volume for custom type |
| database.type | "postgresql" |
Type of the database, currently only postgresql is supported |
| database.host | "host.docker.internal" |
Host where is the database located |
| database.port | 5432 |
Port on which is the database listening |
| database.name | "czertainlydb" |
Database name |
| database.username | "czertainlyuser" |
Username to access the database |
| database.password | "your-strong-password" |
Password to access the database |
| trusted.certificates | "" |
List of additional CA certificates that should be trusted |
| httpProxy | "" |
Proxy to be used to access external resources through http |
| httpsProxy | "" |
Proxy to be used to access external resources through https |
| httpProxy | "" |
Defines list of external resources that should not use proxy settings |
| logging.level | "INFO" |
Allowed values are "INFO", "DEBUG", "WARN", "TRACE" |
| service.type | "ClusterIP" |
Type of the service that is exposed |
| service.port | 8080 |
Port number of the exposed service |
| ejbca.maxPayloadSize | "2000000" |
Maximum payload size in bytes |
| ejbca.searchPageSize | "100" |
Maximum number of certificates to fetch in one request |
| Parameter | Default value | Description |
|---|---|---|
| initContainers | [] |
Init containers |
| sidecarContainers | [] |
Sidecar containers |
| additionalVolumes | [] |
Additional volumes |
| additionalVolumeMounts | [] |
Additional volume mounts |
| additionalPorts | [] |
Additional ports |
| additionalEnv.variables | [] |
Additional environment variables |
| additionalEnv.secrets | [] |
Additional environment secrets |
| additionalEnv.configMaps | [] |
Additional environment config maps |
For mode details about probes, see the Kubernetes documentation.
| Parameter | Default value | Description |
|---|---|---|
| image.probes.liveness.enabled | false |
Enable/disable liveness probe |
| image.probes.liveness.custom | {} |
Custom liveness probe command. When defined, it will override the default command |
| image.probes.liveness.initialDelaySeconds | 60 |
Initial delay seconds for liveness probe |
| image.probes.liveness.timeoutSeconds | 5 |
Timeout seconds for liveness probe |
| image.probes.liveness.periodSeconds | 10 |
Period seconds for liveness probe |
| image.probes.liveness.successThreshold | 1 |
Success threshold for liveness probe |
| image.probes.liveness.failureThreshold | 3 |
Failure threshold for liveness probe |
| image.probes.readiness.enabled | true |
Enable/disable readiness probe |
| image.probes.readiness.custom | {} |
Custom readiness probe command. When defined, it will override the default command |
| image.probes.readiness.initialDelaySeconds | 15 |
Initial delay seconds for readiness probe |
| image.probes.readiness.timeoutSeconds | 5 |
Timeout seconds for readiness probe |
| image.probes.readiness.periodSeconds | 10 |
Period seconds for readiness probe |
| image.probes.readiness.successThreshold | 1 |
Success threshold for readiness probe |
| image.probes.readiness.failureThreshold | 3 |
Failure threshold for readiness probe |
| image.probes.startup.enabled | true |
Enable/disable startup probe |
| image.probes.startup.custom | {} |
Custom startup probe command. When defined, it will override the default command |
| image.probes.startup.initialDelaySeconds | 15 |
Initial delay seconds for startup probe |
| image.probes.startup.timeoutSeconds | 5 |
Timeout seconds for startup probe |
| image.probes.startup.periodSeconds | 10 |
Period seconds for startup probe |
| image.probes.startup.successThreshold | 1 |
Success threshold for startup probe |
| image.probes.startup.failureThreshold | 45 |
Failure threshold for startup probe |
Additional parameters may be found in the values.yaml and dependencies. See dependent charts for the description of available parameters.