summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl21
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml4
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml9
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml44
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml6
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml6
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/values.yaml6
-rw-r--r--kubernetes/sdnc/components/sdnc-web/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml6
-rw-r--r--kubernetes/sdnc/components/ueb-listener/requirements.yaml3
-rw-r--r--kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml1
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml6
-rw-r--r--kubernetes/sdnc/requirements.yaml5
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml1
-rw-r--r--kubernetes/sdnc/values.yaml6
26 files changed, 112 insertions, 40 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 2d68b38771..8738b1099e 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -207,14 +207,27 @@ The sidecar is included if .Values.policies is set. The
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter
+list of policyID or filter. An optional policyRelease parameter can be specified
+to override the default policy helm release (used for retreiving the secret containing
+pdp username and password)
+
+Following is example policy config override
+
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ duration: 300
+ policyRelease: "onap"
+ policyID: |
+ '["onap.vfirewall.tca","onap.vdns.tca"]'
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
{{- $logDir := default "" .Values.logDirectory -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
-{{- $policy := default "" .Values.policies -}}
+{{- $commonRelease := print (include "common.release" .) -}}
+{{- $policy := default dict .Values.policies -}}
+{{- $policyRls := default $commonRelease $policy.policyRelease -}}
{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
apiVersion: apps/v1
@@ -384,12 +397,12 @@ spec:
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index 2c523e6dd7..043a7b09a8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -39,7 +39,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.6.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
@@ -120,7 +120,7 @@ applicationConfig:
aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
aai.aaiClientConfiguration.aaiBasePath: "/aai/v23"
aai.aaiClientConfiguration.aaiPnfPath: "/network/pnfs/pnf"
- aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/$${undefined}{customer}/service-subscriptions/service-subscription/$${undefined}{serviceType}/service-instances/service-instance/$${undefined}{serviceInstanceId}"
+ aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/{{customer}}/service-subscriptions/service-subscription/{{serviceType}}/service-instances/service-instance/{{serviceInstanceId}}"
aai.aaiClientConfiguration.aaiHeaders:
X-FromAppId: "prh"
X-TransactionId: "9999"
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index a26c66366b..09529c8bb8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -91,8 +91,9 @@ service:
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
#policies:
# duration: 300
+# policyRelease: "onap"
# policyID: |
-# '["onap.vfirewall.tca","abc"]'
+# '["onap.vfirewall.tca","onap.vdns.tca"]'
# filter: |
# '["DCAE.Config_vfirewall_.*"]'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 011c92124b..ec322dd61f 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -112,7 +112,7 @@ default_k8s_location: central
componentImages:
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.6.1
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
index 97ba957f4f..b7e9dceba7 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
- name: serviceAccount
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 1d0015ed7f..20030a79c8 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -103,4 +103,4 @@ AAFAction = publish
CadiEnabled = false
#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index dfb435ce04..90db648028 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -23,7 +23,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -38,11 +38,10 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
@@ -65,7 +64,7 @@ spec:
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
@@ -103,7 +102,7 @@ spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index ee231a0c06..ced70050a3 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -21,6 +21,25 @@ global:
aafEnabled: true
#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-dr-node-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-dr-node
+ fqi: dmaap-dr-node@dmaap-dr.onap.org
+ public_fqdn: dmaap-dr.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -78,32 +97,9 @@ persistence:
app.kubernetes.io/component: event-logs
#################################################################
-# AAF part
-#################################################################
-aafConfig:
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: 0.0
- cadi_latitude: 0.0
- app_ns: org.osaaf.aaf
- permission_user: 1000
- permission_group: 1001
- secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
- credsPath: /opt/app/osaaf/local
-
-#################################################################
# Secrets metaconfig
#################################################################
-secrets:
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
+secrets: {}
ingress:
enabled: false
diff --git a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
index ddc115dbbe..69b0fd3bb8 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index c32a6a6230..0d180ec029 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -127,3 +127,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-dmaap-listener
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
index 3cfb5257ca..1f0dbdeced 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index b8d59f96c9..13c53d3fe1 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -129,3 +129,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ansible-server
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
index 3f33591953..1cc295e2c3 100644
--- a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
index 4cf61f518e..803434cf09 100644
--- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
@@ -69,6 +69,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml
index d9afd1aab0..eb11d646b3 100644
--- a/kubernetes/sdnc/components/sdnc-prom/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml
@@ -94,3 +94,9 @@ ingress:
enabled: false
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-prom
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
index 7e75730415..3d7968123b 100644
--- a/kubernetes/sdnc/components/sdnc-web/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
index f168997d3f..21416c9b5f 100644
--- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index 8514641a1c..3d9f86192f 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -127,3 +127,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-web
+ roles:
+ - read
diff --git a/kubernetes/sdnc/components/ueb-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
index bdf33d53ea..2c0b1081dd 100644
--- a/kubernetes/sdnc/components/ueb-listener/requirements.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
index 911985fe2b..603f3a3f99 100644
--- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index 5838809efe..c35095c158 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -137,3 +137,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ueb-listener
+ roles:
+ - read
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index ac0e6ed868..f5f6226b06 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -1,3 +1,4 @@
+
# Copyright © 2017 Amdocs, Bell Canada,
# Copyright © 2020 highstreet technologies GmbH
# Copyright © 2021 Nokia
@@ -13,7 +14,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~8.x-0
@@ -67,3 +67,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 39407e3f5a..01d51a21f6 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -401,6 +401,7 @@ spec:
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 6ab96adde7..1529aa808c 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -625,3 +625,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc
+ roles:
+ - read