[COMMON][SO] Create authorization policy template

[oom.git] / kubernetes / onap / values.yaml

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index bdbf5ab..40ac5ed 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,6 +1,7 @@
 # Copyright © 2019 Amdocs, Bell Canada
 # Copyright (c) 2020 Nordix Foundation, Modifications
 # Modifications Copyright © 2020-2021 Nokia
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -150,11 +151,23 @@ global:
     enabled: false
     # enable all component's Ingress interfaces
     enable_all: false
-    # default Ingress base URL
-    # can be overwritten in component vy setting ingress.baseurlOverride
+
+    # default Ingress base URL and preAddr- and postAddr settings
+    # Ingress URLs result:
+    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
     virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
       baseurl: "simpledemo.onap.org"
-    # All http requests via ingress will be redirected on Ingress controller
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
+
+    # All http (port 80) requests via ingress will be redirected
+    # to port 443 on Ingress controller
     # only valid for Istio Gateway (ServiceMesh enabled)
     config:
       ssl: "redirect"
@@ -175,6 +188,10 @@ global:
     # be aware that linkerd is not well tested
     engine: "istio" # valid value: istio or linkerd
 
+  # Global Istio Authorization Policy configuration
+  authorizationPolicies:
+    enabled: false
+
   # metrics part
   # If enabled, exporters (for prometheus) will be deployed
   # if custom resources set to yes, CRD from prometheus operartor will be
@@ -188,7 +205,7 @@ global:
   # Disabling AAF
   # POC Mode, only for use in development environment
   # Keep it enabled in production
-  aafEnabled: true
+  aafEnabled: false
   aafAgentImage: onap/aaf/aaf_agent:2.1.20
 
   # Disabling MSB
@@ -212,7 +229,7 @@ global:
         name: cmpv2-issuer-onap
 
   # Enabling CMPv2
-  cmpv2Enabled: true
+  cmpv2Enabled: false
   platform:
     certificates:
       clientSecretName: oom-cert-service-client-tls-secret
@@ -232,7 +249,7 @@ global:
   # Set to false if you want to disable TLS for NodePorts. Be aware that this
   # will loosen your security.
   # if set this element will force or not tls even if serviceMesh.tls is set.
-  # tlsEnabled: false
+  tlsEnabled: false
 
   # Logging
   # Currently, centralized logging is not in best shape so it's disabled by
@@ -285,16 +302,6 @@ aaf:
       enabled: false
 aai:
   enabled: false
-appc:
-  enabled: false
-  config:
-    openStackType: OpenStackProvider
-    openStackName: OpenStack
-    openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
-    openStackServiceTenantName: default
-    openStackDomain: default
-    openStackUserName: admin
-    openStackEncryptedPassword: admin
 cassandra:
   enabled: false
 cds:
@@ -314,8 +321,6 @@ cps:
   enabled: false
 dcaegen2-services:
   enabled: false
-dcaemod:
-  enabled: false
 holmes:
   enabled: false
 dmaap:
@@ -358,7 +363,7 @@ portal:
 robot:
   enabled: false
   config:
-    # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+    # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
     openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
 sdc:
   enabled: false
@@ -415,8 +420,6 @@ uui:
   enabled: false
 vfc:
   enabled: false
-vid:
-  enabled: false
 vnfsdk:
   enabled: false
 modeling: