48 files changed, 361 insertions, 28 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index a9ffd70f96..db276d546c 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -356,7 +356,7 @@ spec:
 {{ toYaml $dot.Values.ingress.tls | indent 4 }}
 {{- end -}}
 {{- if $dot.Values.ingress.config -}}
-{{-   if $dot.Values.ingress.config.tls -}}
+{{-   if $dot.Values.ingress.config.tls }}
   tls:
   - hosts:
   {{-   range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index 3ba945ee8b..a3d269e4f2 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -95,7 +95,7 @@ true
         spec:
           selector:
             matchLabels:
-              app.kubernetes.io/name: <app-to-match>    ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
+              app: <app-to-match>    ("app" corresponds to a key defined in "common.labels", which is included in "common.service")
 
     If common.useAuthorizationPolicies returns false:
       Will not create an authorization policy
@@ -115,7 +115,7 @@ metadata:
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "common.servicename" . }}
+      app: {{ include "common.servicename" . }}
   action: ALLOW
   rules:
 {{-     if $authorizedPrincipals }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
index 8f28dcaa25..9b1381fa8b 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
@@ -3,6 +3,7 @@
 # Copyright (C) 2021 Nordix Foundation.
 # Modifications Copyright © 2021 Orange
 # Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
 # ============================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
 # ================================= LICENSE_END ==============================
 
 apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
 description: DCAE PM-Mapper Helm charts
 name: dcae-pm-mapper
 version: 12.0.0
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index f3a7ae3977..0c90e3ae87 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -3,6 +3,7 @@
 #  Copyright (C) 2021 Nordix Foundation.
 #  Copyright (c) 2022 Nokia.  All rights reserved.
 #  Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+#  Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
 # =========================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -46,7 +47,7 @@ secrets:
 # Application Configuration Defaults.
 #################################################################
 # Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.9.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.10.1
 pullPolicy: Always
 
 # Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index da48074303..9a274153f2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -35,7 +35,7 @@ filebeatConfig:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.9.0
 pullPolicy: Always
 
 # log directory where logging sidecar should look for log files
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 46eaca22e1..1ae79801ae 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -90,6 +90,11 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # Resource Limit flavor -By Default using small
 # Segregation for Different environment (Small and Large)
 flavor: small
diff --git a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index ab8c31ff20..3b64507880 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -99,10 +99,14 @@ service:
     - name: http
       port: 6969
 
-
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: policy-pap-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 47b0955f01..0c9fe5201a 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -74,6 +74,11 @@ affinity: {}
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 808c60ef86..9f043ba930 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -64,6 +64,11 @@ affinity: {}
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 99f6206b20..3d0754c656 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -86,6 +86,11 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index 28718505df..13e9472238 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -64,6 +64,11 @@ affinity: {}
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index c2c43c7313..708bd7dad4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -84,6 +84,11 @@ affinity: {}
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index fef8598ef7..4ec221369b 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -119,6 +119,12 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+      - serviceAccount: policy-gui-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index e367dd0e15..3c71e78072 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -118,6 +118,11 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: policy-pap-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 6b6c576e6a..ddc81b6980 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -80,6 +80,11 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+
 server:
   jvmOpts: -server -XshowSettings:vm
 
diff --git a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 330161e316..975f103ef9 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -89,7 +89,13 @@ ingress:
   config:
     ssl: "redirect"
 
-#resources: {}
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
+  #resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
diff --git a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index a7fcdaf832..81456c58dc 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -64,6 +64,10 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals: []
+
 ## Persist data to a persitent volume
 persistence:
   enabled: true
diff --git a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 6674effd62..a3bdba9b88 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -136,6 +136,12 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+      - serviceAccount: portal-app-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index e589c4b315..f20ad9ae41 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -102,6 +102,31 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: dcae-datafile-collector-read
+      - serviceAccount: dcae-datalake-admin-ui-read
+      - serviceAccount: dcae-datalake-des-read
+      - serviceAccount: dcae-datalake-feeder-read
+      - serviceAccount: dcae-heartbeat-read
+      - serviceAccount: dcae-hv-ves-collector-read
+      - serviceAccount: dcae-kpi-ms-read
+      - serviceAccount: dcae-pm-mapper-read
+      - serviceAccount: dcae-pmsh-read
+      - serviceAccount: dcae-prh-read
+      - serviceAccount: dcae-restconf-collector-read
+      - serviceAccount: dcae-slice-analysis-ms-read
+      - serviceAccount: dcae-snmptrap-collector-read
+      - serviceAccount: dcae-son-handler-read
+      - serviceAccount: dcae-tcagen2-read
+      - serviceAccount: dcae-ves-collector-read
+      - serviceAccount: dcae-ves-mapper-read
+      - serviceAccount: dcae-ves-openapi-manager-read
+      - serviceAccount: message-router-read
+      - serviceAccount: oof-read
+      - serviceAccount: sdnc-read
+
 flavor: small
 resources:
   small:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index adf4b3e04e..f6c2694992 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -39,8 +39,8 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/sdc-backend-all-plugins:1.12.3
-backendInitImage: onap/sdc-backend-init:1.12.3
+image: onap/sdc-backend-all-plugins:1.12.4
+backendInitImage: onap/sdc-backend-init:1.12.4
 
 pullPolicy: Always
 
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index c9eb535808..f58fca7a07 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -51,8 +51,8 @@ cassandra:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.12.3
-cassandraInitImage: onap/sdc-cassandra-init:1.12.3
+image: onap/sdc-cassandra:1.12.4
+cassandraInitImage: onap/sdc-cassandra-init:1.12.4
 pullPolicy: Always
 
 config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index 62987370d5..b548c05cf4 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -23,7 +23,7 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/sdc-frontend:1.12.3
+image: onap/sdc-frontend:1.12.4
 pullPolicy: Always
 
 config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index e13d10ac3e..cd02020325 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -35,8 +35,8 @@ global:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/sdc-onboard-backend:1.12.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.3
+image: onap/sdc-onboard-backend:1.12.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index eefb33989d..e6223d7f54 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -46,9 +46,11 @@ pnf:
     port: 3904
     protocol: http
     uriPathPrefix: events
-    topicName: unauthenticated.PNF_READY
-    consumerGroup: consumerGroup
-    consumerId: consumerId
+    pnfReadyTopicName: unauthenticated.PNF_READY
+    pnfUpdateTopicName: unauthenticated.PNF_UPDATE
+    consumerGroup: so-consumer
+    consumerId: so-bpmn-infra-pnfready
+    consumerIdUpdate: so-bpmn-infra-pnfupdate
     topicListenerDelayInSeconds: 5
 bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
 msb-ip: msb-iag
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index c53741a3a3..9d69bb7215 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -57,7 +57,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/bpmn-infra:1.11.0
+image: onap/so/bpmn-infra:1.12.1
 pullPolicy: Always
 
 bpmn:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 868653b6cc..a3c5af2dbc 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -56,7 +56,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/catalog-db-adapter:1.11.0
+image: onap/so/catalog-db-adapter:1.12.1
 pullPolicy: Always
 
 db:
diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
index 6dbb0a0fff..4e6adc4ef7 100644
--- a/kubernetes/so/components/so-cnfm-lcm/values.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -42,7 +42,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/so-cnfm-as-lcm:1.12.0
+image: onap/so/so-cnfm-as-lcm:1.12.1
 pullPolicy: Always
 
 aai:
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index a029a886d3..80abf04b2c 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/openstack-adapter:1.11.0
+image: onap/so/openstack-adapter:1.12.1
 pullPolicy: Always
 
 db:
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 3eb96e1b8f..430d776b3f 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/request-db-adapter:1.11.0
+image: onap/so/request-db-adapter:1.12.1
 pullPolicy: Always
 
 db:
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 8b17efc390..aef59cbe19 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -53,7 +53,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/sdc-controller:1.12.0
+image: onap/so/sdc-controller:1.12.1
 pullPolicy: Always
 
 db:
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 19e5c6f2c3..daf4db3a1c 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -59,7 +59,7 @@ secrets:
 #################################################################
 # Application configuration defaults.
 #################################################################
-image: onap/so/sdnc-adapter:1.11.0
+image: onap/so/sdnc-adapter:1.12.1
 pullPolicy: Always
 
 org:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index d25f70a3bf..4a361c6516 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -139,7 +139,7 @@ dbCreds:
   userName: so_user
   adminName: so_admin
 
-image: onap/so/api-handler-infra:1.11.0
+image: onap/so/api-handler-infra:1.12.1
 
 server:
   aai:
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 4ae01bd82b..6dd917b554 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -48,7 +48,7 @@ flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:5.1.3
+image: onap/usecase-ui-server:5.2.1
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 325e5ccde2..4bdbd1b583 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -25,7 +25,7 @@ subChartsOnly:
 flavor: small
 
 # application image
-image: onap/usecase-ui:5.1.2
+image: onap/usecase-ui:5.2.1
 pullPolicy: Always
 
 # application configuration