[AAI] Fix Istio compatibility and add Job ServiceAccount

[oom.git] / kubernetes / aai / components / aai-resources / values.yaml

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index eb06c8f..1770b5b 100644 (file)
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -34,8 +34,6 @@ global: # global defaults
     migration:
       enabled: false
 
-  aafEnabled: false
-
   config:
     # Specifies that the cluster connected to a dynamic
     # cluster being spinned up by kubernetes deployment
@@ -199,7 +197,7 @@ service:
   internalPort: 8447
   portName2: tcp-5005
   internalPort2: 5005
-  portName3: aai-resources-8448
+  portName3: http-resources
   internalPort3: 8448
   terminationGracePeriodSeconds: 120
   sessionAffinity: None
@@ -207,6 +205,12 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: aai-read
+      - serviceAccount: consul-read
+
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following