-
Notifications
You must be signed in to change notification settings - Fork 43
/
values.yaml
407 lines (378 loc) · 12.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
global:
imagePullSecret: {} # provide the details of a container registry image pull secret (if required)
domain: # see domain in Config Map kube-system/shoot-info or custom domain (e.g. sap-demo.com)
shootName: # see shootName in Config Map kube-system/shoot-info
gateway: # use default value (kyma-system/kyma-gateway) or custom gateway (e.g. default/cdomain-gateway)
# If necessary, override essential dependencies required in subcharts
# Required in case you e.g., provide a fullNameOverride or a custom exposed host
api:
fullName: # leave empty to apply default logic - $Release.Name-api (e.g. susaas-api)
deploymentHost: # leave empty to apply default logic - $Release.Name-api-$Release.Namespace (e.g. susaas-api-default)
broker:
fullName: # leave empty to apply default logic - $Release.Name-broker (e.g. susaas-broker)
deploymentHost: # leave empty to apply default - $Release.Name-broker-$Release.Namespace (e.g. susaas-broker-default)
router:
name: # leave empty to apply default logic - router (e.g. router)
fullName: # leave empty to apply default logic - $Release.Name-router (e.g. susaas-router)
deploymentHost: # leave empty to apply default logic - $Release.Name-router-$Release.Namespace (e.g. susaas-router-default)
port: # leave empty to apply default value - 5000
# Application Router Workload
router:
bindings:
xsuaa:
serviceInstanceName: xsuaa
destination:
serviceInstanceName: destination
html5-apps-repo:
serviceInstanceName: html5-repo-runtime
image:
# Provide your Application Router Docker Image repository
repository:
tag:
resources:
limits:
ephemeral-storage: 1G
memory: 500M
cpu: 300m
requests:
ephemeral-storage: 1G
cpu: 300m
memory: 500M
# Backend Service Workload
srv:
port: 8080
bindings:
xsuaa:
serviceInstanceName: xsuaa
sm-container:
serviceInstanceName: sm-container
sm-admin:
serviceInstanceName: sm-admin
saas-registry:
serviceInstanceName: saas-registry
destination:
serviceInstanceName: destination
hana:
serviceInstanceName: com-hdi-container
html5-apps-repo:
serviceInstanceName: html5-repo-runtime
image:
# Provide your Backend Service Docker Image repository
repository:
tag:
resources:
limits:
ephemeral-storage: 1G
memory: 500M
requests:
ephemeral-storage: 1G
cpu: 500m
memory: 500M
# SaaS API Workload
api:
bindings:
xsuaa-api:
serviceInstanceName: xsuaa-api
sm-container:
serviceInstanceName: sm-container
image:
# Provide your API Service Docker Image repository
repository:
tag:
resources:
limits:
ephemeral-storage: 1G
memory: 500M
cpu: 200m
requests:
ephemeral-storage: 1G
cpu: 200m
memory: 500M
# API Service Broker Workload
broker:
bindings:
xsuaa-api:
serviceInstanceName: xsuaa-api
image:
# Provide your API Service Broker Docker Image repository
repository:
tag:
resources:
limits:
ephemeral-storage: 1G
memory: 500M
cpu: 150m
requests:
ephemeral-storage: 1G
cpu: 100m
memory: 500M
config:
# Leave empty to generate new ID on Helm installation
# ! Should be static in productive scenarios !
serviceId:
displayName: Sustainable SaaS API
plans:
- name: default
description: Standard Plan
# Leave empty to generate new ID on Helm installation
# ! Should be static in productive scenarios !
planId:
- name: premium
description: Premium Plan
# Leave empty to generate new ID on Helm installation
# ! Should be static in productive scenarios !
planId:
- name: trial
description: Trial Plan
# Leave empty to generate new ID on Helm installation
# ! Should be static in productive scenarios !
planId:
# Shared Database Container Deployer Job
# Deploys the shared data model to a database container
hana_deployer:
image:
# Provide your HDI Container Deployer Docker Image repository
repository:
tag:
bindings:
hana:
serviceInstanceName: com-hdi-container
resources:
limits:
cpu: 500m
memory: 1G
requests:
cpu: 500m
memory: 1G
# HTML5 Apps Deployer Job
# Deploys the UI modules to the HTML5 App Repository
html5_apps_deployer:
cloudService: susaas
image:
# Provide your HTML5 Apps Deployer Docker Image repository
repository:
tag:
bindings:
html5-apps-repo:
serviceInstanceName: html5-repo-host
resources:
limits:
cpu: 500m
memory: 500M
requests:
cpu: 300m
memory: 500M
# SAP XSUAA Instance (for SaaS Application)
# XSUAA instance for SaaS application based on application service plan
xsuaa:
serviceOfferingName: xsuaa
servicePlanName: application
parameters:
# xsappname has to be unique in the same subaccount
xsappname: '{{.Release.Name}}-{{.Release.Namespace}}'
tenant-mode: shared
# Role collections names have to be unique in the same subaccount
# Therefore a unique identifer has to be utilized
role-collections:
- name: 'Susaas Member ({{.Release.Name}}-{{.Release.Namespace}})'
description: Member Access
role-template-references:
- '$XSAPPNAME.Member'
- '$XSAPPNAME.Token_Exchange'
- name: 'Susaas Administrator ({{.Release.Name}}-{{.Release.Namespace}})'
description: Administrator Access
role-template-references:
- '$XSAPPNAME.Admin'
- '$XSAPPNAME.SaaSAdmin'
- '$XSAPPNAME.UserManagementAdmin'
- '$XSAPPNAME.Token_Exchange'
- name: 'Susaas Extension Developer ({{.Release.Name}}-{{.Release.Namespace}})'
description: Extension Developer Access
role-template-references:
- '$XSAPPNAME.ExtensionDeveloper'
- '$XSAPPNAME.Token_Exchange'
scopes:
- name: "$XSAPPNAME.mtcallback"
description: SaaS Provisioning
grant-as-authority-to-apps:
- "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)"
- name: "$XSAPPNAME.mtdeployment"
description: SaaS Model Upgrade
- name: "$XSAPPNAME.MtxDiagnose"
description: SaaS Diagnose
- name: uaa.user
description: UAA
- name: "$XSAPPNAME.Member"
description: Member
- name: "$XSAPPNAME.Admin"
description: Administrator
- name: "$XSAPPNAME.cds.ExtensionDeveloper"
description: Develop Extensions
attributes: []
role-templates:
- name: Token_Exchange
description: UAA Token Exchange
scope-references: ["uaa.user"]
- name: Member
description: Member
scope-references: ["$XSAPPNAME.Member"]
- name: Admin
description: Administrator
scope-references:
- "$XSAPPNAME.Admin"
- xs_authorization.read
- xs_authorization.write
- xs_user.read
- xs_user.write
- xs_idp.read
- xs_idp.write
- name: SaaSAdmin
description: SaaS Administrator
scope-references:
- "$XSAPPNAME.mtcallback"
- "$XSAPPNAME.mtdeployment"
- "$XSAPPNAME.MtxDiagnose"
- name: ExtensionDeveloper
description: Extension Developer
scope-references: ["$XSAPPNAME.cds.ExtensionDeveloper"]
- name: UserManagementAdmin
description: Manage authorizations, trusted identity providers, and users.
default-role-name: User and Role Administrator
scope-references:
- xs_authorization.read
- xs_authorization.write
- xs_user.read
- xs_user.write
- xs_idp.read
- xs_idp.write
- name: UserManagementAuditor
description: Read-only access for authorizations, trusted identity providers, and users.
default-role-name: User and Role Auditor
scope-references:
- xs_authorization.read
- xs_user.read
- xs_idp.read
foreign-scope-references:
- xs_authorization.read
- xs_authorization.write
- xs_user.read
- xs_user.write
- xs_idp.read
- xs_idp.write
authorities:
- "$XSAPPNAME.mtcallback"
- "$XSAPPNAME.mtdeployment"
- "$XSAPPNAME.MtxDiagnose"
- "$XSAPPNAME.cds.ExtensionDeveloper"
- "$XSAPPNAME.cds.Subscriber"
- "$XSAPPNAME.cds.UIFlexDeveloper"
oauth2-configuration:
token-validity: 900
redirect-uris:
- http://*.localhost:5000/**
- http://localhost:5000/**
credential-types:
- binding-secret
- x509
# SAP XSUAA Instance (for SaaS API)
# XSUAA instance for SaaS API based on broker service plan
xsuaa_api:
serviceOfferingName: xsuaa
servicePlanName: broker
parameters:
# xsappname has to be unique in the same subaccount
xsappname: '{{.Release.Name}}-api-{{.Release.Namespace}}'
scopes:
- description: Default Plan
name: $XSAPPNAME.plan_default
- description: Trial Plan
name: $XSAPPNAME.trial_default
- description: Premium Plan
name: $XSAPPNAME.plan_premium
# SAP Software-as-a-Service Registry
# Required to connect SaaS application with SAP BTP SaaS registry
# ! Additional parameters injected in corresponding template !
saas_registry:
serviceOfferingName: saas-registry
servicePlanName: application
# Parameters allow us to modify the subscription process
# The following setup provides an option to define a custom domain
parameters:
appPlans:
- description: Sustainable SaaS default plan
name: default
- description: Sustainable SaaS trial plan
name: trial
- description: Sustainable SaaS premium plan
name: premium
propagateParams: true
paramsSchema:
schemas:
subscription:
create:
parameters:
additionalProperties: false
_show_form_view: true
type: object
properties:
custSubdomain:
type: string
title: Custom Subdomain
description: >-
Provide a custom subdomain for this subscription instance. This subdomain will be used instead of the default
<SubaccountSubdomain>-<ReleaseName>-router-<Namespace> pattern. Please make sure to use unique subdomains only!
# SAP Destination Service
# Used to centrally store destinations of the SaaS application
destination:
serviceOfferingName: destination
servicePlanName: lite
parameters:
version: 1.0.0
HTML5Runtime_enabled: false
init_data:
instance:
existing_destinations_policy: update
destinations:
# Backend Destination depends on dynamic Release name
- Name: susaas-srv-api
Authentication: NoAuthentication
ProxyType: Internet
Type: HTTP
URL: 'http://{{ include "cap.fullname" (merge (dict "name" "srv" "deployment" .Values.srv ) . ) }}:{{ .Values.srv.port }}'
HTML5.DynamicDestination: true
HTML5.ForwardAuthToken: true
# Sample destination currently not used in the project
- Name: NORTHWIND
Description: Northwind
URL: https://services.odata.org/v4/Northwind/Northwind.svc
Type: HTTP
ProxyType: Internet
Authentication: NoAuthentication
# SAP Service Manager ("container" plan)
# Required by mtxs for automated creation of tenant database containers
sm_container:
serviceOfferingName: service-manager
servicePlanName: container
parameters:
acquireTimeoutMillis: max
polling_timeout_seconds: 480
# SAP Service Manager ("subaccount-admin" plan)
# Required to create an instance of CIS Service ("central" plan)
sm_admin:
serviceOfferingName: service-manager
servicePlanName: subaccount-admin
# SAP HANA Cloud HDI Container
# Required for shared data model deployment
com_hdi_container:
serviceOfferingName: hana
servicePlanName: hdi-shared
# SAP HTML5 Application Repository
# Storing the SaaS application UI modules
html5_repo_host:
serviceOfferingName: html5-apps-repo
servicePlanName: app-host
# SAP HTML5 Application Repository
# Allows access to the SaaS applicaiton UI modules
html5_repo_runtime:
serviceOfferingName: html5-apps-repo
servicePlanName: app-runtime