From: Andreas Geissler Date: Tue, 30 May 2023 06:50:08 +0000 (+0000) Subject: Merge "[AAI] Create Authorization Policies for AAI" X-Git-Tag: 12.0.0~24 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=e0cd330109c072570de1edf987fa2263f75914c9;hp=-c;p=oom.git Merge "[AAI] Create Authorization Policies for AAI" --- e0cd330109c072570de1edf987fa2263f75914c9 diff --combined kubernetes/aai/values.yaml index b162de7de4,87de5a3cba..c40dbe0d2d --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@@ -41,12 -41,6 +41,12 @@@ global: # global default #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. + #in case of using k8ssandra-operator in the common cassandra installation + #the service name is: + #serviceName: cassandra-dc1-service + #in case of local k8ssandra-operator instance it is + #serviceName: aai-cassandra-dc1-service + #in case the older cassandra installation is used: serviceName: cassandra #This should be same as shared cassandra instance or if localCluster is enabled @@@ -356,10 -350,6 +356,10 @@@ cassandra persistence: mountSubPath: aai/cassandra enabled: true + k8ssandraOperator: + enabled: false + config: + clusterName: aai-cassandra readiness: initialDelaySeconds: 10 @@@ -406,6 -396,34 +406,34 @@@ ingress config: ssl: "redirect" + serviceMesh: + authorizationPolicy: + authorizedPrincipalsMetrics: [] + authorizedPrincipals: + - serviceAccount: aai-graphadmin-read + - serviceAccount: aai-modelloader-read + - serviceAccount: aai-resources-read + - serviceAccount: aai-schema-service-read + - serviceAccount: aai-traversal-read + - serviceAccount: cds-blueprints-processor-read + - serviceAccount: consul-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-tcagen2 + - serviceAccount: nbi-read + - serviceAccount: sdnc-read + - serviceAccount: so-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-cnf-adapter-read + - serviceAccount: so-nssmf-adapter-read + - serviceAccount: so-etsi-nfvo-ns-lcm-read + - serviceAccount: so-etsi-sol003-adapter-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-sdc-controller-read + - serviceAccount: so-ve-vnfm-adapter + - serviceAccount: istio-ingress + namespace: istio-ingress + resources: small: limits: