[DCAEGEN2] Create Authorization Policies for DCAE

[oom.git] / kubernetes / dcaegen2-services / components / dcae-prh / values.yaml

diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index 80154c7..a2cce37 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -1,6 +1,6 @@
 #============LICENSE_START========================================================
 # ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
 # Copyright (c) 2022 Nokia.  All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -31,16 +31,11 @@ filebeatConfig:
   logstashServiceName: log-ls
   logstashPort: 5044
 
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.9.0
 pullPolicy: Always
 
 # log directory where logging sidecar should look for log files
@@ -50,15 +45,6 @@ log:
   path: /opt/app/prh/logs
 logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
 
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/prh/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
 secrets:
   - uid: &aaiCredsUID aaicreds
     type: basicAuth
@@ -87,6 +73,11 @@ service:
     - port: 8100
       name: http
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 aaiCreds:
   user: AAI
   password: AAI