# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Nordix Foundation.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
+image: onap/org.onap.dcaegen2.services.pmsh:2.2.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/pmsh
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/pmsh/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
# Dependencies
readinessCheck:
wait_for:
- - aaf-cm
- &postgresName dcae-pmsh-postgres
+ - message-router
# Probe Configuration
readiness:
periodSeconds: 15
timeoutSeconds: 1
path: /healthcheck
- scheme: HTTPS
- port: 8443
+ scheme: HTTP
+ port: 8080
# Service Configuration
service:
type: ClusterIP
name: dcae-pmsh
ports:
- - name: https
- port: 8443
+ - name: http
+ port: 8080
+ plain_port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-pmsh-read
# Initial Application Configuration
applicationConfig:
- enable_tls: true
- aaf_identity: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
+ enable_tls: false
+ aaf_identity: dummy_value
+ aaf_password: dummy_value
key_path: /opt/app/pmsh/etc/certs/key.pem
cert_path: /opt/app/pmsh/etc/certs/cert.pem
ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem
policy_pm_publisher:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT"
+ topic_url: "http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT"
streams_subscribes:
policy_pm_subscriber:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/unauthenticated.PMSH_CL_INPUT"
+ topic_url: "http://message-router:3904/events/unauthenticated.PMSH_CL_INPUT"
aai_subscriber:
type: message_router
dmaap_info:
- topic_url: "https://message-router:3905/events/AAI-EVENT"
+ topic_url: "http://message-router:3904/events/AAI-EVENT"
applicationEnv:
PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary
PMSH_PG_PASSWORD:
secretUid: *pgUserCredsSecretUid
key: password
+ PMSH_API_PORT: '8080'
# Resource Limit Flavor -By Default Using Small
flavor: small