[POLICY][COMMON] Create Authorization Policies for Policy

[oom.git] / kubernetes / policy / components / policy-apex-pdp / values.yaml

diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 09206dc..cef846c 100755 (executable)
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -2,6 +2,7 @@
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
 #   Modifications Copyright © 2022 Nordix Foundation
+#   Modification (C) 2023 Deutsche Telekom. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -23,7 +24,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  aafEnabled: true
   persistence: {}
 
 #################################################################
@@ -35,16 +35,6 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
     login: '{{ .Values.restServer.user }}'
     password: '{{ .Values.restServer.password }}'
-  - uid: truststore-pass
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.trustStorePassword }}'
-    passwordPolicy: required
-  - uid: keystore-pass
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.keyStorePassword }}'
-    passwordPolicy: required
   - uid: policy-kafka-user
     externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
     type: genericKV
@@ -57,7 +47,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/policy-apex-pdp:2.8.0
+image: onap/policy-apex-pdp:2.9.1
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -68,29 +58,6 @@ debugEnabled: false
 restServer:
   user: healthcheck
   password: zb!XztG34
-truststore:
-  password: Pol1cy_0nap
-certStores:
-  keyStorePassword: Pol1cy_0nap
-  trustStorePassword: Pol1cy_0nap
-
-certInitializer:
-  nameOverride: policy-apex-pdp-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: policy
-  fqi: policy@policy.onap.org
-  public_fqdn: policy.onap.org
-  cadi_latitude: "0.0"
-  cadi_longitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  app_ns: org.osaaf.aaf
-  uid: 101
-  gid: 102
-  aaf_add_config: >
-    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
-    echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
-    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 # default number of instances
 replicaCount: 1
@@ -114,14 +81,19 @@ readiness:
 service:
   type: ClusterIP
   name: policy-apex-pdp
-  portName: http
-  externalPort: 6969
   internalPort: 6969
-  nodePort: 37
+  ports:
+    - name: http
+      port: 6969
 
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # Resource Limit flavor -By Default using small
 # Segregation for Different environment (Small and Large)
 flavor: small
@@ -157,7 +129,7 @@ metrics:
     enabled: true
     port: policy-apex-pdp
     interval: 60s
-    isHttps: true
+    isHttps: false
     basicAuth:
       enabled: true
       externalSecretNameSuffix: policy-apex-pdp-restserver-creds