[SO] Create Authorization Policies for SO

[oom.git] / kubernetes / so / components / so-etsi-nfvo-ns-lcm / values.yaml

diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index 6af6182..be1d13e 100644 (file)
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -17,18 +17,11 @@
 #################################################################
 global:
   nodePortPrefixExt: 304
-  repository: nexus3.onap.org:10001
-  readinessImage: onap/oom/readiness:3.0.1
-  aafAgentImage: onap/aaf/aaf_agent:2.1.20
-  envsubstImage: dibi/envsubst
   persistence:
     mountPath: /dockerdata-nfs
-  security:
-    aaf:
-      enabled: false
-  aaf:
-    auth:
-      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+  mariadbGalera:
+    serviceName: mariadb-galera
+    servicePort: '3306'
 
 #################################################################
 # Secrets metaconfig
@@ -56,8 +49,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+image: onap/so/so-etsi-nfvo-ns-lcm:1.9.0
 pullPolicy: Always
 
 aai:
@@ -87,17 +79,16 @@ logPath: ./logs/so-etsi-nfvo-ns-lcm/
 app: so-etsi-nfvo-ns-lcm
 service:
   type: ClusterIP
-  name: so-etsi-nfvo-ns-lcm
   annotations:
     service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
     msb.onap.org/service-info: |
-      {{ if not .Values.global.msbDisabled -}}[
+      {{ if .Values.global.msbEnabled -}}[
         {
           "serviceName": "{{ include "common.servicename" . }}",
           "version": "v1",
           "url": "/so/so-etsi-nfvo-ns-lcm/v1",
           "protocol": "REST",
-          "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}",
+          "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}",
           "visualRange":"1"
         }
       ]{{ end }}
@@ -113,12 +104,6 @@ updateStrategy:
 # soHelpers part
 #################################################################
 soHelpers:
-  nameOverride: so-nfvo-cert-init
-  certInitializer:
-    nameOverride: so-nfvo-cert-init
-    credsPath: /opt/app/osaaf/local
-  cadi:
-    apiEnforcement: org.onap.so.nfvoAdapterPerm
   containerPort: *containerPort
 
 # Resource Limit flavor -By Default using small
@@ -152,14 +137,27 @@ livenessProbe:
 ingress:
   enabled: false
   service:
-    - baseaddr: 'soetsinfvonslcm'
+    - baseaddr: 'so-etsi-nfvo-ns-lcm-api'
       name: 'so-etsi-nfvo-ns-lcm'
       port: 9095
   config:
     ssl: 'redirect'
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 nodeSelector: {}
 
 tolerations: []
 
 affinity: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: so-etsi-nfvo-ns-lcm
+  roles:
+    - read