Run SDC pods as non-root

[oom.git] / kubernetes / sdc / charts / sdc-wfd-be / values.yaml

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index cb55f4a..78fdb32 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -19,7 +19,7 @@
 global:
   nodePortPrefix: 302
   readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: readiness-check:2.0.2
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
 
@@ -28,23 +28,32 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.3.2
-configInitImage: onap/workflow-init:1.3.2
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
 pullPolicy: Always
 
-# flag to enable debugging - application support required
-debugEnabled: false
+initJob:
+  enabled: true
 
 config:
-  javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
-  cassandaAuthenticationEnabled: true
-  cassandraHosts: sdc-cs
-  cassandraThriftClientPort: 9160
+  javaOptions: "-Xmx1536m -Xms1536m"
+  cassandraAuthenticationEnabled: true
   cassandraClientPort: 9042
-  sdcProtocol: HTTP
-  sdcEndpoint: sdc-be:8080
+
+  sdcProtocol: HTTPS
+  sdcEndpoint: sdc-be:8443
   sdcExternalUser: workflow
-  sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+  serverSSLEnabled: true
+
+  serverSSLKeyStoreType: jks
+  serverSSLKeyStorePath: /home/sdc/etc/keystore
+
+  serverSSLTrustStoreType: jks
+  serverSSLTrustStorePath: /home/sdc/etc/truststore
+
+  cassandraSSLEnabled: false
+  cassandraTrustStorePath: /home/sdc/etc/truststore
 
 # default number of instances
 replicaCount: 1
@@ -67,14 +76,23 @@ readiness:
 
 service:
   type: NodePort
+  portName: sdc-wfd-be
   internalPort: 8080
   externalPort: 8080
-  portName: sdc-wfd-be
-  nodePort: "57"
+  internalPort2: 8443
+  externalPort2: 8443
+  nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+
 
 ingress:
   enabled: false
-
+  service:
+    - baseaddr: "sdcwfdbe"
+      name: "sdc-wfd-be"
+      port: 8443
+  config:
+    ssl: "redirect"
+    
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little