summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnaël Closson <ac2550@intl.att.com>2017-10-09 14:52:24 +0200
committerAnaël Closson <ac2550@intl.att.com>2017-10-09 15:56:03 +0200
commit40cdf49a6888326a1af68530203847662fcfe398 (patch)
treec28ef702a02e6d2f1f82d81f1eb1de205427df89
parent3d2e45507ea65ec3217d6a462cb8adaa249f9c25 (diff)
Containers not starting fails on RBAC enabled k8s
When running the OOM scripts on a RBAC enabled kubernetes, readiness probes failed to check dependencies status as they don't have the needed access rights. Note for the reviewer : The fix has been tested on a rancher installation (k8s 1.8) and on a kubeadm installation (k8s 1.8), but not a previous versions of k8s. There might be issues with the command when used on pre RBAC (<1.6) versions of k8s. This should be tested with such version if early backward compatibility should be a concern. Change-Id: I7a915fc08927cd0fc0d5ea70a75f44c1380de926 Issue-ID: OOM-349 Signed-off-by: Anaël Closson <ac2550@intl.att.com>
-rwxr-xr-xkubernetes/oneclick/createAll.bash8
-rwxr-xr-xkubernetes/oneclick/deleteAll.bash6
2 files changed, 14 insertions, 0 deletions
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 8d41ee45a6..c23f01456a 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -26,6 +26,11 @@ check_return_code(){
fi
}
+create_service_account() {
+ cmd=`echo kubectl create clusterrolebinding $1-$2-admin-binding --clusterrole=cluster-admin --serviceaccount=$1-$2:default`
+ eval ${cmd}
+ check_return_code $cmd
+}
create_namespace() {
cmd=`echo kubectl create namespace $1-$2`
@@ -164,6 +169,9 @@ for i in ${HELM_APPS[@]}; do
printf "\nCreating namespace **********\n"
create_namespace $NS $i
+ printf "\nCreating service account **********\n"
+ create_service_account $NS $i
+
printf "\nCreating registry secret **********\n"
create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index c0e696c491..53f2d4d9fa 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -12,6 +12,11 @@ delete_namespace() {
printf "Namespace $_NS deleted.\n\n"
}
+delete_service_account() {
+ kubectl delete clusterrolebinding $1-$2-admin-binding
+ printf "Service account $1-$2-admin-binding deleted.\n\n"
+}
+
delete_registry_key() {
kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
}
@@ -76,6 +81,7 @@ for i in ${HELM_APPS[@]}; do
delete_app_helm $NS $i
delete_namespace $NS $i
+ delete_service_account $NS $i
done