X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fvalues.yaml;h=3941af3747656d10d11f294ee0460262916d1129;hb=600dc9809b14fb264b8e7c4e6c46c8587eaf5c20;hp=37af7a714295765adc15fe025f920aa550e14b93;hpb=0c4534e4155560e8726e6a75e0b7476ee9f754ee;p=oom.git

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 37af7a7142..3941af3747 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -33,6 +33,8 @@ global: # global defaults
     migration:
       enabled: false
 
+  aafEnabled: false
+
   config:
     # Specifies that the cluster connected to a dynamic
     # cluster being spinned up by kubernetes deployment
@@ -49,7 +51,8 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      # aaf-auth profile will be automatically set if aaf enabled is set to true
+      active: production,dmaap #,aaf-auth
 
     # Notification event specific properties
     notification:
@@ -74,11 +77,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v21
+          default: v24
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -137,36 +140,54 @@ certInitializer:
   credsPath: /opt/app/osaaf/local
   fqi_namespace: org.onap.aai-resources
   aaf_add_config: |
-    echo "*** retrieving password for keystore and trustore"
-    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
-      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
-    if [ -z "$cadi_keystore_password_p12" ]
-    then
-      echo "  /!\ certificates retrieval wasn't good"
-      exit 1
-    else
-      echo "*** writing passwords into prop file"
-      echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
-      echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
-      echo "*** change ownership of certificates to targeted user"
-      chown -R 1000 {{ .Values.credsPath }}
-    fi
-  truststoreAllPassword: changeit
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
 
 # application image
-image: onap/aai-resources:1.8.2
+image: onap/aai-resources:1.9.1
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
 flavorOverride: small
 # default number of instances
 replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+  type: RollingUpdate
+  # The number of pods that can be unavailable during the update process
+  maxUnavailable: 0
+  # The number of pods that can be created above the desired amount of pods during an update
+  maxSurge: 1
 
 # Configuration for the resources deployment
 config:
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
   keycloak:
-    host: localhost
+    host: keycloak.your.domain
     port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-resources
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-resources-app
+    # If set to true, additional criteria will be added that match the data-owner property with the given role
+    # to the user in keycloak
+    multiTenancy:
+      enabled: true
 
   # Specifies crud related operation timeouts and overrides
   crud:
@@ -206,10 +227,11 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: aai-resources-8447
+  portName: http
   internalPort: 8447
-  portName2: aai-resources-5005
+  portName2: tcp-5005
   internalPort2: 5005
+  terminationGracePeriodSeconds: 120
 
 ingress:
   enabled: false
@@ -247,3 +269,9 @@ resources:
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-resources
+  roles:
+    - read