X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blobdiff_plain;f=kubernetes%2Fsdc%2Fcomponents%2Fsdc-be%2Fvalues.yaml;h=7f914d4bdfb983fcd0ec9c845202343e761cb2bf;hp=faf46e55499cde07c8ab3ab59eb25123b14ee575;hb=refs%2Fheads%2Fmaster;hpb=8c26e59d30a185186cf33988a0dbb859409f73eb

diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index faf46e5549..7f914d4bdf 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -19,7 +19,6 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  aafEnabled: true
   sdc_cassandra:
     #This flag allows SDC to instantiate its own cluster, serviceName
     #should be sdc-cs if this flag is enabled
@@ -31,20 +30,17 @@ global:
     replicaCount: 3
     clusterName: cassandra
     dataCenter: Pod
-  # Strimzi kafka config
+  # Global Strimzi kafka config overridden
+  # from parent values.yaml
   kafka:
     useKafka: overridden-from-parent-values-yaml
-    sdcBeKafkaUser: overridden-from-parent-values-yaml
-    topics:
-      sdcDistNotifTopic: overridden-from-parent-values-yaml
-      sdcDistStatusTopic: overridden-from-parent-values-yaml
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/sdc-backend-all-plugins:1.12.0
-backendInitImage: onap/sdc-backend-init:1.12.0
+image: onap/sdc-backend-all-plugins:1.13.6
+backendInitImage: onap/sdc-backend-init:1.13.6
 
 pullPolicy: Always
 
@@ -53,54 +49,26 @@ debugEnabled: false
 
 #environment file
 env:
-  name: AUTO
-
-certInitializer:
-  nameOverride: sdc-be-cert-init
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  fqdn: sdc
-  fqi: sdc@sdc.onap.org
-  public_fqdn: sdc.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  addconfig: true
-  keystoreFile: "org.onap.sdc.p12"
-  truststoreFile: "org.onap.sdc.trust.jks"
-  permission_user: 352070
-  permission_group: 35953
-  aaf_add_config: |
-    echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
-    echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+  name: &env AUTO
 
 #################################################################
 # SDC Config part
 #################################################################
-
-secrets:
-  - uid: sdc-be-kafka-secret
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
-
 config:
   javaOptions: "-Xmx1536m -Xms1536m"
   cassandraSslEnabled: "false"
-  # Strimzi kafka config
-  kafka:
-    saslMech: scram-sha-512
-    securityProtocol: SASL_PLAINTEXT
-    authType: simple
-    topicRetentionMs: 7200000
-    topicSegmentBytes: 1073741824
-    topicConsumer:
-      pattern: SDC-DIST
-      groupId: sdc
+
+kafkaUser:
+  acls:
+    - name: sdc
+      suffix: *env
+      type: group
+      operations: [Read]
+    - name: SDC-DISTR
+      type: topic
+      patternType: prefix
+      operations: [Read, Write]
+
 
 # default number of instances
 replicaCount: 1
@@ -137,39 +105,49 @@ startup:
 service:
   type: NodePort
   name: sdc-be
-  both_tls_and_plain: true
   internalPort: 8080
-  msb:
-    - port: 8443
-      url: "/sdc/v1"
-      version: "v1"
-      protocol: "REST"
-      visualRange: "1"
-      serviceName: sdc
-      enable_ssl: true
-    - port: 8080
-      url: "/sdc/v1"
-      version: "v1"
-      protocol: "REST"
-      visualRange: "1"
-      serviceName: sdc-deprecated
   ports:
     - name: tcp-api
-      port: 8443
-      plain_port: 8080
+      port: 8080
       port_protocol: http
       nodePort: '04'
+  annotations:
+    msb.onap.org/service-info: |
+      {{ if .Values.global.msbEnabled -}}[
+        {
+          "serviceName": "sdc-be",
+          "version": "v1",
+          "url": "/sdc/v1",
+          "path":"/sdc/v1",
+          "protocol": "REST",
+          "visualRange":"1",
+          "port": "{{ .Values.service.internalPort }}",
+        }
+      ]{{ end }}
 
 ingress:
   enabled: false
   service:
     - baseaddr: "sdc-be-api"
       name: "sdc-be"
-      port: 8443
-      plain_port: 8080
+      port: 8080
   config:
     ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: consul-read
+      - serviceAccount: consul-server-read
+      - serviceAccount: modeling-etsicatalog-read
+      - serviceAccount: nbi-read
+      - serviceAccount: oof-has-read
+      - serviceAccount: portal-db-read
+      - serviceAccount: so-cnfm-lcm-read
+      - serviceAccount: so-etsi-sol003-adapter-read
+      - serviceAccount: so-read
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
 
 # Resource Limit flavor -By Default using small
 flavor: small
@@ -177,18 +155,18 @@ flavor: small
 resources:
   small:
     limits:
-      cpu: 1
-      memory: 2Gi
+      cpu: "1"
+      memory: "3Gi"
     requests:
-      cpu: 100m
-      memory: 1Gi
+      cpu: "0.5"
+      memory: "3Gi"
   large:
     limits:
-      cpu: 2
-      memory: 4Gi
+      cpu: "2"
+      memory: "6Gi"
     requests:
-      cpu: 200m
-      memory: 2Gi
+      cpu: "1"
+      memory: "6Gi"
   unlimited: {}
 
 #Pods Service Account