diff options
Diffstat (limited to 'kubernetes/so')
32 files changed, 375 insertions, 11 deletions
diff --git a/kubernetes/so/components/so-admin-cockpit/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-admin-cockpit/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-admin-cockpit/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml index a825e16d49..de6f031435 100644 --- a/kubernetes/so/components/so-admin-cockpit/values.yaml +++ b/kubernetes/so/components/so-admin-cockpit/values.yaml @@ -143,6 +143,13 @@ ingress: port: 9091 config: ssl: "none" +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: portal-app-read + - serviceAccount: so-read + - serviceAccount: istio-ingress + namespace: istio-ingress nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index eefb33989d..e6223d7f54 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -46,9 +46,11 @@ pnf: port: 3904 protocol: http uriPathPrefix: events - topicName: unauthenticated.PNF_READY - consumerGroup: consumerGroup - consumerId: consumerId + pnfReadyTopicName: unauthenticated.PNF_READY + pnfUpdateTopicName: unauthenticated.PNF_UPDATE + consumerGroup: so-consumer + consumerId: so-bpmn-infra-pnfready + consumerIdUpdate: so-bpmn-infra-pnfupdate topicListenerDelayInSeconds: 5 bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 msb-ip: msb-iag diff --git a/kubernetes/so/components/so-bpmn-infra/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-bpmn-infra/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 2fc9646c1d..9d69bb7215 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -57,7 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/bpmn-infra:1.11.0 +image: onap/so/bpmn-infra:1.12.1 pullPolicy: Always bpmn: @@ -158,6 +158,16 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-admin-cockpit-read + - serviceAccount: so-oof-adapter-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-read + - serviceAccount: so-sdc-controller-read + - serviceAccount: so-sdnc-adapter-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index 83e23d0e84..a3c5af2dbc 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/catalog-db-adapter:1.11.0 +image: onap/so/catalog-db-adapter:1.12.1 pullPolicy: Always db: @@ -123,6 +123,15 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-read + - serviceAccount: so-sdc-controller-read + - serviceAccount: so-sdnc-adapter-read config: openStackUserName: "vnf_user" openStackRegion: "RegionOne" diff --git a/kubernetes/so/components/so-cnf-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-cnf-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index 509925e17b..9f75e4c037 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -145,6 +145,10 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: so-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-cnfm-lcm/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml index 9cb7483819..4e6adc4ef7 100644 --- a/kubernetes/so/components/so-cnfm-lcm/values.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml @@ -42,7 +42,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-cnfm-as-lcm:1.12.0 +image: onap/so/so-cnfm-as-lcm:1.12.1 pullPolicy: Always aai: @@ -119,6 +119,13 @@ ingress: config: ssl: 'redirect' +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: so-read + - serviceAccount: istio-ingress + namespace: istio-ingress + nodeSelector: {} tolerations: [] diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 8790877492..be1d13ee4b 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -143,6 +143,13 @@ ingress: config: ssl: 'redirect' +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: so-read + - serviceAccount: istio-ingress + namespace: istio-ingress + nodeSelector: {} tolerations: [] diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml index 98edcebb29..35a42fac78 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml @@ -114,6 +114,15 @@ ingress: port: 9092 config: ssl: "redirect" +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-etsi-nfvo-ns-lcm-read + - serviceAccount: so-read + - serviceAccount: istio-ingress + namespace: istio-ingress nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml index c571029de7..9ddbb354d8 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml @@ -119,6 +119,12 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index ecf9b04dc9..4429761585 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -144,6 +144,12 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-oof-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-oof-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index c8a12690d0..10f30f1c25 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -126,6 +126,11 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-openstack-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-openstack-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 205bc9a342..80abf04b2c 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.11.0 +image: onap/so/openstack-adapter:1.12.1 pullPolicy: Always db: @@ -128,6 +128,12 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-read config: openStackUserName: "vnf_user" openStackRegion: "RegionOne" diff --git a/kubernetes/so/components/so-request-db-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-request-db-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 5e49316a36..430d776b3f 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/request-db-adapter:1.11.0 +image: onap/so/request-db-adapter:1.12.1 pullPolicy: Always db: @@ -119,6 +119,17 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-admin-cockpit-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-etsi-sol005-adapter-read + - serviceAccount: so-nssmf-adapter-read + - serviceAccount: so-openstack-adapter-read + - serviceAccount: so-read + - serviceAccount: so-sdc-controller-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-sdc-controller/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-sdc-controller/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 81ae6ae7fd..aef59cbe19 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -53,7 +53,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdc-controller:1.12.0 +image: onap/so/sdc-controller:1.12.1 pullPolicy: Always db: @@ -133,6 +133,12 @@ livenessProbe: ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-read + nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index 60c1f9b285..daf4db3a1c 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -59,7 +59,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdnc-adapter:1.11.0 +image: onap/so/sdnc-adapter:1.12.1 pullPolicy: Always org: @@ -139,6 +139,12 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: robot-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: so-read nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/authorizationpolicy.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..7158c0263f --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/authorizationpolicy.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 08911aae76..c16c7d733f 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -76,6 +76,11 @@ nodeSelector: {} tolerations: [] affinity: {} +serviceMesh: + authorizationPolicy: + authorizedPrincipals: + - serviceAccount: so-read + #Pods Service Account serviceAccount: nameOverride: so-ve-vnfm-adapter diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 68905358c3..4a361c6516 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -139,7 +139,7 @@ dbCreds: userName: so_user adminName: so_admin -image: onap/so/api-handler-infra:1.11.0 +image: onap/so/api-handler-infra:1.12.1 server: aai: @@ -603,6 +603,9 @@ serviceMesh: - serviceAccount: consul-read - serviceAccount: consul-server-read - serviceAccount: nbi-read + - serviceAccount: policy-drools-pdp-read + - serviceAccount: so-bpmn-infra-read + - serviceAccount: robot-read - serviceAccount: istio-ingress namespace: istio-ingress |