[SDNC] Create Authorization Policies for SDNC

[oom.git] / kubernetes / sdnc / values.yaml

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 36cde48..ee8b2e5 100644 (file)
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -470,10 +470,7 @@ dgbuilder:
     service:
       - baseaddr: "sdnc-dgbuilder-ui"
         name: "sdnc-dgbuilder"
-        port: 3000
-      - baseaddr: "sdnc-web-service-api"
-        name: "sdnc-web-service"
-        port: 8080
+        port: 3100
     config:
       ssl: "redirect"
 
@@ -581,7 +578,7 @@ ingress:
     name: "sdnc"
     port: 8282
   - baseaddr: "sdnc-callhome"
-    name: "onap-sdnc-callhome"
+    name: "sdnc-callhome"
     port: *chport
     protocol: tcp
     exposedPort: *chport
@@ -589,6 +586,26 @@ ingress:
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: a1policymanagement-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: ncmp-dmi-plugin-read
+      - serviceAccount: policy-drools-pdp-read
+      - serviceAccount: robot-read
+      - serviceAccount: sdnc-ansible-server-read
+      - serviceAccount: sdnc-dmaap-listener-read
+      - serviceAccount: sdnc-prom-read
+      - serviceAccount: sdnc-ueb-listener-read
+      - serviceAccount: sdnc-web-read
+      - serviceAccount: so-sdnc-adapter-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+    authorizedPrincipalsSdnHosts:
+      - serviceAccount: sdnc-read
+
 #Resource Limit flavor -By Default using small
 flavor: small
 #segregation for different envionment (Small and Large)