X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-traversal%2Fvalues.yaml;h=ad4279a5431081ba8d1781fa8eb9671cfe4424d8;hb=21349802fd5b6aea04b66630f108b3603930c7c4;hp=0242cedd0b5379af6be0b32f3793f61f44977f02;hpb=f812cf9697596afd71b871aaff22fd22c599da74;p=oom.git diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 0242cedd0b..ad4279a543 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -26,8 +26,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -61,7 +59,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth + active: production,dmaap,aaf-auth #,keycloak # Notification event specific properties notification: @@ -104,28 +102,45 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-traversal-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-traversal + fqi: aai-traversal@aai-traversal.onap.org + public_fqdn: aai-traversal.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-traversal + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.7.2 +image: onap/aai-traversal:1.8.0 pullPolicy: Always restartPolicy: Always flavor: small @@ -153,6 +168,20 @@ aai_enpoints: # application configuration config: + # configure keycloak according to your environment. + # don't forget to add keycloak in active profiles above (global.config.profiles) + keycloak: + host: keycloak.your.domain + port: 8180 + # Specifies a set of users, credentials, roles, and groups + realm: aai-traversal + # Used by any client application for enabling fine-grained authorization for their protected resources + resource: aai-traversal-app + # If set to true, additional criteria will be added into traversal query to returns all the vertices that match + # the data-owner property with the given role to the user in keycloak + multiTenancy: + enabled: true + # Specifies timeout information such as application specific and limits timeout: # If set to true application will timeout for queries taking longer than limit