X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-xacml-pdp%2Fvalues.yaml;h=d4c20ccf0adebf3c2a9ff48db9cec3ebed3c0947;hb=2d0db7cd17b6690d505b22a2f542149662ebf619;hp=551ad2b1096131dcb2fc03477fbb3416bf8efc60;hpb=e0259590627cd9e7925b6912ac2203091dbb54bf;p=oom.git diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 551ad2b109..d4c20ccf0a 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -21,7 +21,6 @@ ################################################################# global: persistence: {} - aafEnabled: true ################################################################# # Secrets metaconfig @@ -45,45 +44,12 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-xacml-pdp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.7.2 +image: onap/policy-xacml-pdp:3.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -92,7 +58,7 @@ debugEnabled: false # application configuration db: - user: policy_user + user: policy-user password: policy_user service: name: policy-mariadb @@ -128,28 +94,54 @@ readiness: service: type: ClusterIP name: policy-xacml-pdp - portName: http - externalPort: 6969 internalPort: 6969 + ports: + - name: http + port: 6969 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: dcae-datafile-collector-read + - serviceAccount: dcae-datalake-admin-ui-read + - serviceAccount: dcae-datalake-des-read + - serviceAccount: dcae-datalake-feeder-read + - serviceAccount: dcae-heartbeat-read + - serviceAccount: dcae-hv-ves-collector-read + - serviceAccount: dcae-kpi-ms-read + - serviceAccount: dcae-pm-mapper-read + - serviceAccount: dcae-pmsh-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-restconf-collector-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-snmptrap-collector-read + - serviceAccount: dcae-son-handler-read + - serviceAccount: dcae-tcagen2-read + - serviceAccount: dcae-ves-collector-read + - serviceAccount: dcae-ves-mapper-read + - serviceAccount: dcae-ves-openapi-manager-read + - serviceAccount: message-router-read + - serviceAccount: oof-read + - serviceAccount: sdnc-read + flavor: small resources: small: limits: cpu: 1 - memory: 4Gi + memory: 1Gi requests: - cpu: 100m + cpu: 0.5 memory: 1Gi large: limits: cpu: 2 - memory: 8Gi + memory: 2Gi requests: - cpu: 200m + cpu: 1 memory: 2Gi unlimited: {} @@ -168,7 +160,7 @@ metrics: enabled: true port: policy-xacml-pdp interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-xacml-pdp-restserver-creds