X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fvalues.yaml;h=776f8be4b42e9c17416a889aa682488fa3eb9aa4;hb=27fd7d8750ceeb798052eb8af36264c79b6536fb;hp=7509cb3bd607119fb789c8e6781758338ebbd957;hpb=51a3229247fe40fcc5bd63bd3b673e216b6e37ee;p=oom.git

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 7509cb3bd6..776f8be4b4 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -33,6 +33,8 @@ global: # global defaults
     migration:
       enabled: false
 
+  aafEnabled: false
+
   config:
     # Specifies that the cluster connected to a dynamic
     # cluster being spinned up by kubernetes deployment
@@ -49,7 +51,8 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      # aaf-auth profile will be automatically set if aaf enabled is set to true 
+      active: production,dmaap #,aaf-auth
 
     # Notification event specific properties
     notification:
@@ -147,11 +150,6 @@ certInitializer:
     keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
       -storepass "${cadi_truststore_password}" \
       -keystore {{ .Values.fqi_namespace }}.trust.jks
-    echo "*** set key password as same password as keystore password"
-    keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
-      -keystore {{ .Values.fqi_namespace }}.p12 \
-      -keypass "${cadi_keystore_password_p12}" \
-      -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
     echo "*** save the generated passwords"
     echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
     echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
@@ -169,9 +167,19 @@ replicaCount: 1
 
 # Configuration for the resources deployment
 config:
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
   keycloak:
-    host: localhost
+    host: keycloak.your.domain
     port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-resources
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-resources-app
+    # If set to true, additional criteria will be added that match the data-owner property with the given role
+    # to the user in keycloak
+    multiTenancy:
+      enabled: true
 
   # Specifies crud related operation timeouts and overrides
   crud:
@@ -211,9 +219,9 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: aai-resources-8447
+  portName: http
   internalPort: 8447
-  portName2: aai-resources-5005
+  portName2: tcp-5005
   internalPort2: 5005
 
 ingress: