[POLICY][COMMON] Create Authorization Policies for Policy

[oom.git] / kubernetes / policy / components / policy-clamp-runtime-acm / values.yaml

diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index e35a6c0..cb73314 100644 (file)
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -22,7 +22,6 @@
 global:
   nodePortPrefixExt: 304
   persistence: {}
-  aafEnabled: false
   #Strimzi Kafka properties
   useStrimziKafka: set-via-parent-chart-global-value
   kafkaTopics:
@@ -39,16 +38,6 @@ secrets:
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
-  - uid: keystore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.keyStorePassword }}'
-    passwordPolicy: required
-  - uid: truststore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.trustStorePassword }}'
-    passwordPolicy: required
   - uid: runtime-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
@@ -56,29 +45,6 @@ secrets:
     password: '{{ .Values.config.policyAppUserPassword }}'
     passwordPolicy: required
 
-certStores:
-  keyStorePassword: Pol1cy_0nap
-  trustStorePassword: Pol1cy_0nap
-
-certInitializer:
-  nameOverride: policy-clamp-runtime-acm-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: policy
-  fqi: policy@policy.onap.org
-  public_fqdn: policy.onap.org
-  cadi_latitude: "0.0"
-  cadi_longitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  app_ns: org.osaaf.aaf
-  uid: 100
-  gid: 101
-  aaf_add_config: >
-    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
-    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
-    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -131,7 +97,7 @@ affinity: {}
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 20
+  initialDelaySeconds: 60
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
@@ -139,22 +105,26 @@ liveness:
   port: http-api
 
 readiness:
-  initialDelaySeconds: 20
+  initialDelaySeconds: 60
   periodSeconds: 10
   port: http-api
 
 service:
   type: ClusterIP
   name: *componentName
-  useNodePortExt: true
   ports:
   - name: http-api
     port: 6969
-    nodePort: 42
 
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+      - serviceAccount: policy-gui-read
+
 flavor: small
 resources:
   small: