aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl2
-rw-r--r--kubernetes/common/common/templates/_serviceMesh.tpl4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml6
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml6
-rw-r--r--kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml17
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml8
-rw-r--r--kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml4
-rw-r--r--kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml6
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml17
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml25
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml8
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml2
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/values.yaml2
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
48 files changed, 361 insertions, 28 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index a9ffd70f96..db276d546c 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -356,7 +356,7 @@ spec:
{{ toYaml $dot.Values.ingress.tls | indent 4 }}
{{- end -}}
{{- if $dot.Values.ingress.config -}}
-{{- if $dot.Values.ingress.config.tls -}}
+{{- if $dot.Values.ingress.config.tls }}
tls:
- hosts:
{{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index 3ba945ee8b..a3d269e4f2 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -95,7 +95,7 @@ true
spec:
selector:
matchLabels:
- app.kubernetes.io/name: <app-to-match> ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
+ app: <app-to-match> ("app" corresponds to a key defined in "common.labels", which is included in "common.service")
If common.useAuthorizationPolicies returns false:
Will not create an authorization policy
@@ -115,7 +115,7 @@ metadata:
spec:
selector:
matchLabels:
- app.kubernetes.io/name: {{ include "common.servicename" . }}
+ app: {{ include "common.servicename" . }}
action: ALLOW
rules:
{{- if $authorizedPrincipals }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
index 8f28dcaa25..9b1381fa8b 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
@@ -3,6 +3,7 @@
# Copyright (C) 2021 Nordix Foundation.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE PM-Mapper Helm charts
name: dcae-pm-mapper
version: 12.0.0
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index f3a7ae3977..0c90e3ae87 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -3,6 +3,7 @@
# Copyright (C) 2021 Nordix Foundation.
# Copyright (c) 2022 Nokia. All rights reserved.
# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -46,7 +47,7 @@ secrets:
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.9.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.10.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index da48074303..9a274153f2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -35,7 +35,7 @@ filebeatConfig:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.9.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 46eaca22e1..1ae79801ae 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -90,6 +90,11 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
flavor: small
diff --git a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index ab8c31ff20..3b64507880 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -99,10 +99,14 @@ service:
- name: http
port: 6969
-
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: policy-pap-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 47b0955f01..0c9fe5201a 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -74,6 +74,11 @@ affinity: {}
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# probe configuration parameters
liveness:
initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 808c60ef86..9f043ba930 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -64,6 +64,11 @@ affinity: {}
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# probe configuration parameters
liveness:
initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 99f6206b20..3d0754c656 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -86,6 +86,11 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index 28718505df..13e9472238 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -64,6 +64,11 @@ affinity: {}
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# probe configuration parameters
liveness:
initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index c2c43c7313..708bd7dad4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -84,6 +84,11 @@ affinity: {}
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# probe configuration parameters
liveness:
initialDelaySeconds: 20
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index fef8598ef7..4ec221369b 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -119,6 +119,12 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ - serviceAccount: policy-gui-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index e367dd0e15..3c71e78072 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -118,6 +118,11 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: policy-pap-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 6b6c576e6a..ddc81b6980 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -80,6 +80,11 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
server:
jvmOpts: -server -XshowSettings:vm
diff --git a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 330161e316..975f103ef9 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -89,7 +89,13 @@ ingress:
config:
ssl: "redirect"
-#resources: {}
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+ #resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
diff --git a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index a7fcdaf832..81456c58dc 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -64,6 +64,10 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
## Persist data to a persitent volume
persistence:
enabled: true
diff --git a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 6674effd62..a3bdba9b88 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -136,6 +136,12 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ - serviceAccount: portal-app-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..7158c0263f
--- /dev/null
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index e589c4b315..f20ad9ae41 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -102,6 +102,31 @@ service:
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: dcae-datafile-collector-read
+ - serviceAccount: dcae-datalake-admin-ui-read
+ - serviceAccount: dcae-datalake-des-read
+ - serviceAccount: dcae-datalake-feeder-read
+ - serviceAccount: dcae-heartbeat-read
+ - serviceAccount: dcae-hv-ves-collector-read
+ - serviceAccount: dcae-kpi-ms-read
+ - serviceAccount: dcae-pm-mapper-read
+ - serviceAccount: dcae-pmsh-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-restconf-collector-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-snmptrap-collector-read
+ - serviceAccount: dcae-son-handler-read
+ - serviceAccount: dcae-tcagen2-read
+ - serviceAccount: dcae-ves-collector-read
+ - serviceAccount: dcae-ves-mapper-read
+ - serviceAccount: dcae-ves-openapi-manager-read
+ - serviceAccount: message-router-read
+ - serviceAccount: oof-read
+ - serviceAccount: sdnc-read
+
flavor: small
resources:
small:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index adf4b3e04e..f6c2694992 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -39,8 +39,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.12.3
-backendInitImage: onap/sdc-backend-init:1.12.3
+image: onap/sdc-backend-all-plugins:1.12.4
+backendInitImage: onap/sdc-backend-init:1.12.4
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index c9eb535808..f58fca7a07 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -51,8 +51,8 @@ cassandra:
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.12.3
-cassandraInitImage: onap/sdc-cassandra-init:1.12.3
+image: onap/sdc-cassandra:1.12.4
+cassandraInitImage: onap/sdc-cassandra-init:1.12.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index 62987370d5..b548c05cf4 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -23,7 +23,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.12.3
+image: onap/sdc-frontend:1.12.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index e13d10ac3e..cd02020325 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.12.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.3
+image: onap/sdc-onboard-backend:1.12.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index eefb33989d..e6223d7f54 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -46,9 +46,11 @@ pnf:
port: 3904
protocol: http
uriPathPrefix: events
- topicName: unauthenticated.PNF_READY
- consumerGroup: consumerGroup
- consumerId: consumerId
+ pnfReadyTopicName: unauthenticated.PNF_READY
+ pnfUpdateTopicName: unauthenticated.PNF_UPDATE
+ consumerGroup: so-consumer
+ consumerId: so-bpmn-infra-pnfready
+ consumerIdUpdate: so-bpmn-infra-pnfupdate
topicListenerDelayInSeconds: 5
bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
msb-ip: msb-iag
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index c53741a3a3..9d69bb7215 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -57,7 +57,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.11.0
+image: onap/so/bpmn-infra:1.12.1
pullPolicy: Always
bpmn:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 868653b6cc..a3c5af2dbc 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.11.0
+image: onap/so/catalog-db-adapter:1.12.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
index 6dbb0a0fff..4e6adc4ef7 100644
--- a/kubernetes/so/components/so-cnfm-lcm/values.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -42,7 +42,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnfm-as-lcm:1.12.0
+image: onap/so/so-cnfm-as-lcm:1.12.1
pullPolicy: Always
aai:
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index a029a886d3..80abf04b2c 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.11.0
+image: onap/so/openstack-adapter:1.12.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 3eb96e1b8f..430d776b3f 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.11.0
+image: onap/so/request-db-adapter:1.12.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 8b17efc390..aef59cbe19 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -53,7 +53,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.12.0
+image: onap/so/sdc-controller:1.12.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 19e5c6f2c3..daf4db3a1c 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -59,7 +59,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.11.0
+image: onap/so/sdnc-adapter:1.12.1
pullPolicy: Always
org:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index d25f70a3bf..4a361c6516 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -139,7 +139,7 @@ dbCreds:
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.11.0
+image: onap/so/api-handler-infra:1.12.1
server:
aai:
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 4ae01bd82b..6dd917b554 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -48,7 +48,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:5.1.3
+image: onap/usecase-ui-server:5.2.1
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 325e5ccde2..4bdbd1b583 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -25,7 +25,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/usecase-ui:5.1.2
+image: onap/usecase-ui:5.2.1
pullPolicy: Always
# application configuration