X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-distribution%2Fvalues.yaml;h=2d80fbb216385783e819d838a1e60492ed6fda58;hb=refs%2Fchanges%2F63%2F135863%2F4;hp=09805bd496c2eae700b1cbac8ebbfbfd390e3aaf;hpb=b8be171914389631c6f0c41929119436a9d1b681;p=oom.git

diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 09805bd496..48a05f1850 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -1,6 +1,7 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+#   Modifications Copyright (C) 2023 Nordix Foundation
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -45,16 +46,6 @@ secrets:
     login: '{{ .Values.sdcBe.user }}'
     password: '{{ .Values.sdcBe.password }}'
     passwordPolicy: required
-  - uid: keystore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.keyStorePassword }}'
-    passwordPolicy: required
-  - uid: truststore-password
-    type: password
-    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
-    password: '{{ .Values.certStores.trustStorePassword }}'
-    passwordPolicy: required
 
 #################################################################
 # Global configuration defaults.
@@ -67,50 +58,35 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/policy-distribution:2.5.2
+image: onap/policy-distribution:2.9.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
 debugEnabled: false
 
-# application configuration
+#Strimzi Kafka User def
+kafkaUser:
+  acls:
+    - name: policy-distribution
+      type: group
+      operations: [Read]
+    - name: SDC-DISTR
+      type: topic
+      patternType: prefix
+      operations: [Read, Write]
 
 restServer:
   user: healthcheck
   password: zb!XztG34
 apiParameters:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 papParameters:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 sdcBe:
   user: policy
   password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-certStores:
-  keyStorePassword: Pol1cy_0nap
-  trustStorePassword: Pol1cy_0nap
-
-certInitializer:
-  nameOverride: policy-distribution-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: policy
-  fqi: policy@policy.onap.org
-  public_fqdn: policy.onap.org
-  cadi_latitude: "0.0"
-  cadi_longitude: "0.0"
-  credsPath: /opt/app/osaaf/local
-  app_ns: org.osaaf.aaf
-  uid: 100
-  gid: 101
-  aaf_add_config: >
-    /opt/app/aaf_config/bin/agent.sh;
-    export $(/opt/app/aaf_config/bin/agent.sh local showpass
-    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
-    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
-    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
-    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 # default number of instances
 replicaCount: 1
@@ -134,27 +110,60 @@ readiness:
 service:
   type: ClusterIP
   name: policy-distribution
-  portName: policy-distribution
-  externalPort: 6969
   internalPort: 6969
+  ports:
+    - name: http
+      port: 6969
 
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: policy-pap-read
+
 flavor: small
 resources:
   small:
     limits:
       cpu: 1
-      memory: 4Gi
+      memory: 0.5Gi
     requests:
-      cpu: 100m
-      memory: 1Gi
+      cpu: 0.5
+      memory: 0.5Gi
   large:
     limits:
       cpu: 2
-      memory: 8Gi
+      memory: 1Gi
     requests:
-      cpu: 200m
-      memory: 2Gi
+      cpu: 1
+      memory: 1Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-distribution
+  roles:
+    - read
+
+metrics:
+  serviceMonitor:
+    # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+    # The default operator for prometheus enforces the below label.
+    labels:
+      release: prometheus
+    enabled: true
+    port: policy-distribution
+    interval: 60s
+    isHttps: false
+    basicAuth:
+      enabled: true
+      externalSecretNameSuffix: policy-distribution-restserver-creds
+      externalSecretUserKey: login
+      externalSecretPasswordKey: password
+    selector:
+      app: '{{ include "common.name" . }}'
+      chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      release: '{{ include "common.release" . }}'
+      heritage: '{{ .Release.Service }}'