[SO] Create Authorization Policies for SO

[oom.git] / kubernetes / so / components / so-etsi-nfvo-ns-lcm / values.yaml

diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index f791cda..be1d13e 100644 (file)
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -19,12 +19,6 @@ global:
   nodePortPrefixExt: 304
   persistence:
     mountPath: /dockerdata-nfs
-  security:
-    aaf:
-      enabled: false
-  aaf:
-    auth:
-      header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
   mariadbGalera:
     serviceName: mariadb-galera
     servicePort: '3306'
@@ -55,7 +49,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/so-etsi-nfvo-ns-lcm:1.8.2
+image: onap/so/so-etsi-nfvo-ns-lcm:1.9.0
 pullPolicy: Always
 
 aai:
@@ -85,7 +79,6 @@ logPath: ./logs/so-etsi-nfvo-ns-lcm/
 app: so-etsi-nfvo-ns-lcm
 service:
   type: ClusterIP
-  name: so-etsi-nfvo-ns-lcm
   annotations:
     service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
     msb.onap.org/service-info: |
@@ -111,12 +104,6 @@ updateStrategy:
 # soHelpers part
 #################################################################
 soHelpers:
-  nameOverride: so-nfvo-cert-init
-  certInitializer:
-    nameOverride: so-nfvo-cert-init
-    credsPath: /opt/app/osaaf/local
-  cadi:
-    apiEnforcement: org.onap.so.nfvoAdapterPerm
   containerPort: *containerPort
 
 # Resource Limit flavor -By Default using small
@@ -156,6 +143,13 @@ ingress:
   config:
     ssl: 'redirect'
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 nodeSelector: {}
 
 tolerations: []