X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=684e592d3026dfdb9a1acc67c9ca521158c9ab3e;hb=f298897e7e5871bef78ca49b9b4bf9d2b0741658;hp=86ecb8b3556ad2dbea95d061854f913ecae01acd;hpb=0f80df72a06ef7ae74be47de47d4bcb3ce3e4050;p=oom.git

diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 86ecb8b355..684e592d30 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -1,6 +1,7 @@
 # Copyright (c) 2017 Amdocs, Bell Canada
 # Modifications Copyright (c) 2018 AT&T
 # Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,30 +31,8 @@ global: # global defaults
 
   restartPolicy: Always
 
-  installSidecarSecurity: false
   aafEnabled: true
-
-  fproxy:
-    name: forward-proxy
-    activeSpringProfiles: noHostVerification,cadi
-    image: onap/fproxy:2.1.13
-    port: 10680
-
-  rproxy:
-    name: reverse-proxy
-    activeSpringProfiles: noHostVerification,cadi
-    image: onap/rproxy:2.1.13
-    port: 10692
-
-  tproxyConfig:
-    name: init-tproxy-config
-    image: onap/tproxy-config:2.1.13
-
-  # AAF server details. Only needed if the AAF DNS does not resolve from the pod
-  aaf:
-    serverIp: 10.12.6.214
-    serverHostname: aaf.osaaf.org
-    serverPort: 30247
+  msbEnabled: true
 
   cassandra:
     #This will instantiate AAI cassandra cluster, default:shared cassandra.
@@ -223,8 +202,9 @@ global: # global defaults
         passwd: AAI
 
     # Active spring profiles for the resources microservice
+    # aaf-auth profile will be automatically set if aaf enabled is set to true
     profiles:
-      active: production,dmaap,aaf-auth
+      active: production,dmaap #,aaf-auth
 
     # Notification event specific properties
     notification:
@@ -234,6 +214,7 @@ global: # global defaults
     # Schema specific properties that include supported versions of api
     schema:
       # Specifies if the connection should be one way ssl, two way ssl or no auth
+      # will be set to no-auth if tls is disabled
       service:
         client: one-way-ssl
       # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
@@ -249,11 +230,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v21
+          default: v23
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -295,6 +276,40 @@ global: # global defaults
         # since when this is enabled, it prints a lot of information to console
         enabled: false
 
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: "aai"
+  app_ns: "org.osaaf.aaf"
+  fqi_namespace: "org.onap.aai"
+  fqi: "aai@aai.onap.org"
+  public_fqdn: "aaf.osaaf.org"
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** transform AAF certs into pem files"
+    mkdir -p {{ .Values.credsPath }}/certs
+    keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+      -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+      -alias ca_local_0 \
+      -storepass $cadi_truststore_password
+    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+      -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+      -passin pass:$cadi_keystore_password_p12 \
+      -passout pass:$cadi_keystore_password_p12
+    echo "*** generating needed file"
+    cat {{ .Values.credsPath }}/certs/cert.pem \
+        {{ .Values.credsPath }}/certs/cacert.pem \
+        {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+        > {{ .Values.credsPath }}/certs/fullchain.pem;
+    chown 1001 {{ .Values.credsPath }}/certs/*
+
 # application image
 dockerhubRepository: registry.hub.docker.com
 image: aaionap/haproxy:1.4.2
@@ -346,13 +361,16 @@ readiness:
 
 service:
   type: NodePort
-  portName: aai-ssl
+  portName: http
   externalPort: 8443
   internalPort: 8443
   nodePort: 33
   # POLICY hotfix - Note this must be temporary
   # See https://jira.onap.org/browse/POLICY-510
   aaiServiceClusterIp:
+  externalPlainPort: 80
+  internalPlainPort: 8080
+  nodeport: 33
 
 ingress:
   enabled: false
@@ -360,8 +378,8 @@ ingress:
     - baseaddr: "aai.api"
       name: "aai"
       port: 8443
-  config:
-    ssl: "redirect"
+      config:
+       ssl: "redirect"
 
 resources:
   small:
@@ -380,3 +398,8 @@ resources:
       memory: 2Gi
   unlimited: {}
 
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai
+  roles:
+    - read