[MSB] Make MSB ServiceMesh compatible

[oom.git] / kubernetes / msb / components / msb-iag / values.yaml

diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b91ddca..602177b 100644 (file)
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,11 +18,41 @@
 global:
   nodePortPrefix: 302
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: msb-iag-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: msb-iag
+  fqi: msb-iag@msb-iag.onap.org
+  fqi_namespace: org.onap.msb-iag
+  public_fqdn: msb-iag.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    mkdir -p {{ .Values.credsPath }}/certs
+    echo "*** retrieve certificate from pkcs12"
+    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+      -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+      -passin pass:$cadi_keystore_password_p12 \
+      -passout pass:$cadi_keystore_password_p12
+    echo "*** copy key to relevant place"
+    cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+    echo "*** change ownership and read/write attributes"
+    chown -R 1000 {{ .Values.credsPath }}/certs
+    chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+    chmod 600 {{ .Values.credsPath }}/certs/cert.key
+
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.4.0
 pullPolicy: Always
 istioSidecar: true
 
@@ -51,12 +82,17 @@ readiness:
 service:
   type: NodePort
   name: msb-iag
-  externalPort: 80
-  internalPort: 80
-  nodePort: 80
-  externalPortHttps: 443
-  internalPortHttps: 443
-  nodePortHttps: 83
+  both_tls_and_plain: true
+  # for liveness and readiness probe only
+  # internalPort:
+  internalPort: 443
+  internalPlainPort: 80
+  ports:
+    - name: msb-iag
+      port: 443
+      plain_port: 80
+      port_protocol: http
+      nodePort: '83'
 
 ingress:
   enabled: false
@@ -86,3 +122,14 @@ resources:
       cpu: 100m
       memory: 400Mi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: msb-iag
+  roles:
+    - read
+
+#Logs configuration
+log:
+  path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'