Merge "[COMMON] Fix Kyverno policy violations in common/mongodb"

[oom.git] / kubernetes / sdc / components / sdc-wfd-be / values.yaml

diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 4aebe7a..cc85176 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -18,48 +18,25 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  aafEnabled: true
-  cassandra:
-    #This flag allows SDC to instantiate its own cluster, serviceName
-    #should be sdc-cs if this flag is enabled
+  sdc_cassandra:
+    # This flag allows SDC to instantiate its own cluster, serviceName
+    # should be sdc-cs if this flag is enabled
     localCluster: false
-    #The cassandra service name to connect to (default: shared cassandra service)
+    # The cassandra service name to connect to
+    # (default: shared cassandra service)
     serviceName: cassandra
-    #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
-    #to match with its own cluster replica
+    # Shared cassandra cluster replicaCount, should be changed if
+    # localCluster is enabled to match with its own cluster replica
     replicaCount: 3
     clusterName: cassandra
     dataCenter: Pod
 
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
-  nameOverride: sdc-wfd-be-cert-init
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: sdc
-  fqi: sdc@sdc.onap.org
-  public_fqdn: sdc.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  addconfig: true
-  keystoreFile: "org.onap.sdc.p12"
-  truststoreFile: "org.onap.sdc.trust.jks"
-  permission_user: 352070
-  permission_group: 35953
-  aaf_add_config: >
-    /opt/app/aaf_config/bin/agent.sh local showpass
-    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
-
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/sdc-workflow-backend:1.7.0
-configInitImage: onap/sdc-workflow-init:1.7.0
+image: onap/sdc-workflow-backend:1.12.0
+configInitImage: onap/sdc-workflow-init:1.12.0
 pullPolicy: Always
 
 initJob:
@@ -69,10 +46,9 @@ config:
   javaOptions: "-Xmx1536m -Xms1536m"
   cassandraAuthenticationEnabled: true
   cassandraClientPort: 9042
-  sdcProtocol: HTTPS
-  sdcEndpoint: sdc-be:8443
+  sdcEndpoint:
+    http: sdc-be:8080
   sdcExternalUser: workflow
-  serverSSLEnabled: true
   serverSSLKeyStoreType: jks
   serverSSLTrustStoreType: jks
   cassandraSSLEnabled: false
@@ -89,52 +65,91 @@ nodeSelector: {}
 
 affinity: {}
 
+# probe configuration parameters
+#liveness:
+#  initialDelaySeconds: 60
+#  periodSeconds: 10
+#  # necessary to disable liveness probe when setting breakpoints
+#  # in debugger so K8s doesn't restart unresponsive container
+#  enabled: true
+
+#readiness:
+#  initialDelaySeconds: 60
+#  periodSeconds: 10
+
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 60
+  initialDelaySeconds: 1
   periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 60
+  initialDelaySeconds: 1
   periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+
+startup:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 60
 
 service:
   type: NodePort
-  portName: sdc-wfd-be
   internalPort: 8080
-  externalPort: 8080
-  internalPort2: 8443
-  externalPort2: 8443
-  nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+  ports:
+    - name: http
+      port: 8080
+      nodePort: "57"
 
 ingress:
   enabled: false
   service:
-    - baseaddr: "sdcwfdbe"
+    - baseaddr: "sdc-wfd-be-api"
       name: "sdc-wfd-be"
-      port: 8443
+      port: 8080
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: sdc-wfd-fe-read
+      - serviceAccount: so-sdc-controller-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 # Resource Limit flavor -By Default using small
 # Segregation for Different environment (Small and Large)
 flavor: small
 resources:
   small:
     limits:
-      cpu: 500m
-      memory: 2Gi
+      cpu: "1"
+      memory: "1Gi"
     requests:
-      cpu: 40m
-      memory: 1Gi
+      cpu: "0.5"
+      memory: "1Gi"
   large:
     limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: "2"
+      memory: "2Gi"
     requests:
-      cpu: 80m
-      memory: 2Gi
+      cpu: "1"
+      memory: "2Gi"
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: sdc-wfd-be
+  roles:
+    - read
+
+wait_for_job_container:
+  containers:
+    - '{{ include "common.name" . }}-job'