X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-schema-service%2Fvalues.yaml;h=24e4fa3baeb4d978cf2591eb49e9b331fcea69cb;hb=555db9c1f910db06341070941b466e6c05827e27;hp=50e12e8e4d05edf351a930c3280c90a0cd01a1f7;hpb=c3f1b348de7b69a54642cf832361a9dee73d9d56;p=oom.git diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 50e12e8e4d..24e4fa3bae 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,41 +59,6 @@ global: # global defaults edge: label: v12 -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-schema-service-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: aai-schema-service - fqi: aai-schema-service@aai-schema-service.onap.org - public_fqdn: aai-schema-service.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.aai-schema-service - user_id: &user_id 1000 - group_id: &group_id 1000 - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** writing passwords into prop file" - echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} - # application image image: onap/aai-schema-service:1.11.0 pullPolicy: Always @@ -132,6 +98,13 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: aai-graphadmin-read + - serviceAccount: aai-resources-read + - serviceAccount: aai-traversal-read + # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -152,14 +125,14 @@ ingress: resources: small: limits: - cpu: 2 + cpu: 999 memory: 4Gi requests: cpu: 1 memory: 3Gi large: limits: - cpu: 4 + cpu: 999 memory: 8Gi requests: cpu: 2 @@ -174,8 +147,8 @@ serviceAccount: # Not fully used for now securityContext: - user_id: *user_id - group_id: *group_id + user_id: 1000 + group_id: 1000 #Log configuration log: