diff options
author | AndrewLamb <andrew.a.lamb@est.tech> | 2023-04-20 16:24:13 +0100 |
---|---|---|
committer | AndrewLamb <andrew.a.lamb@est.tech> | 2023-04-21 14:23:45 +0100 |
commit | 7ef78aefe4cf6dba1e14add5602f4df55862c9b4 (patch) | |
tree | 8a30c680e9e07514eb0662762609b3de6055bad5 /kubernetes/policy | |
parent | 9d4d923694a16dfe53adf262091eba61e4a3cb56 (diff) |
[POLICY][COMMON] Create Authorization Policies for Policy
Policy- Add initial authorized serviceaccounts for each sub component service
Common- Change authorizationpolicy to match on the label app
Issue-ID: OOM-3139
Change-Id: I411877b933d6dfcbdee633f1440d16c9658438e5
Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
Diffstat (limited to 'kubernetes/policy')
28 files changed, 331 insertions, 2 deletions
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3ea694fb06..cef846cb0e 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -89,6 +89,11 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) flavor: small diff --git a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 2ec88ee82e..344994cc08 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -95,10 +95,14 @@ service: - name: http port: 6969 - ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: policy-pap-read + flavor: small resources: small: diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index ce53abaf04..f1d94f0fbe 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -74,6 +74,11 @@ affinity: {} ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 6f60fec111..df8896f9f3 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -64,6 +64,11 @@ affinity: {} ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 985399a893..6e4a72cf36 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -86,6 +86,11 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + flavor: small resources: small: diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index cef5200eb6..3e6164ae0d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -64,6 +64,11 @@ affinity: {} ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 83839f80bf..abbfb7a25e 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -84,6 +84,11 @@ affinity: {} ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + # probe configuration parameters liveness: initialDelaySeconds: 20 diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 0ec4be4726..cb73314f1d 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -119,6 +119,12 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + - serviceAccount: policy-gui-read + flavor: small resources: small: diff --git a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index e744d09920..d93074bbe6 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -118,6 +118,11 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: policy-pap-read + flavor: small resources: small: diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 7cc347c519..b30baec959 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -80,6 +80,11 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + server: jvmOpts: -server -XshowSettings:vm diff --git a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 5e48e99d7a..a6ddd205d9 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -89,7 +89,13 @@ ingress: config: ssl: "redirect" -#resources: {} +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: istio-ingress + namespace: istio-ingress + + #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following diff --git a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index a7fcdaf832..81456c58dc 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -64,6 +64,10 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: [] + ## Persist data to a persitent volume persistence: enabled: true diff --git a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 8a638f60bc..a190fb0cdd 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -128,6 +128,12 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: message-router-read + - serviceAccount: portal-app-read + flavor: small resources: small: diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 44ae16de1d..222da883cb 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -102,6 +102,31 @@ service: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: dcae-datafile-collector-read + - serviceAccount: dcae-datalake-admin-ui-read + - serviceAccount: dcae-datalake-des-read + - serviceAccount: dcae-datalake-feeder-read + - serviceAccount: dcae-heartbeat-read + - serviceAccount: dcae-hv-ves-collector-read + - serviceAccount: dcae-kpi-ms-read + - serviceAccount: dcae-pm-mapper-read + - serviceAccount: dcae-pmsh-read + - serviceAccount: dcae-prh-read + - serviceAccount: dcae-restconf-collector-read + - serviceAccount: dcae-slice-analysis-ms-read + - serviceAccount: dcae-snmptrap-collector-read + - serviceAccount: dcae-son-handler-read + - serviceAccount: dcae-tcagen2-read + - serviceAccount: dcae-ves-collector-read + - serviceAccount: dcae-ves-mapper-read + - serviceAccount: dcae-ves-openapi-manager-read + - serviceAccount: message-router-read + - serviceAccount: oof-read + - serviceAccount: sdnc-read + flavor: small resources: small: |