Run SDC pods as non-root

[oom.git] / kubernetes / sdc / charts / sdc-wfd-fe / values.yaml

# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefix: 302
  nodePortPrefixExt: 304
  readinessRepository: oomk8s
  readinessImage: readiness-check:2.0.2
  loggingRepository: docker.elastic.co
  loggingImage: beats/filebeat:5.5.0

#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
image: onap/workflow-frontend:1.6.2
pullPolicy: Always

# flag to enable debugging - application support required
debugEnabled: false

config:
  javaOptions: "-Xmx256m -Xms256m"
  backendServerURL: "https://sdc-wfd-be:8443"
  isHttpsEnabled: true
  # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
  isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
security:
  isDefaultStore: false
  truststoreFilename: "org.onap.sdc.trust.jks"
  keystoreFilename: "org.onap.sdc.p12"
  storePath: "etc"

# default number of instances
replicaCount: 1

nodeSelector: {}

affinity: {}

# probe configuration parameters
liveness:
  initialDelaySeconds: 60
  periodSeconds: 10
  # necessary to disable liveness probe when setting breakpoints
  # in debugger so K8s doesn't restart unresponsive container
  enabled: true

readiness:
  initialDelaySeconds: 60
  periodSeconds: 10

service:
  type: NodePort
  internalPort: 8080
  externalPort: 8080
  internalPort2: 8443
  externalPort2: 8443
  portName: sdc-wfd-fe
  nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property

ingress:
  enabled: false
  service:
    - baseaddr: "sdcwfdfe"
      name: "sdc-wfd-fe"
      port: 8443
  annotations:
    ingress.kubernetes.io/secure-backends: "false"
    nginx.ingress.kubernetes.io/secure-backends: "false"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  #
  # Example:
  # Configure resource requests and limits
  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
  # Minimum memory for development is 2 CPU cores and 4GB memory
  # Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
#  limits:
#    cpu: 2
#    memory: 4Gi
#  requests:
#    cpu: 2
#    memory: 4Gi