diff options
77 files changed, 261 insertions, 4 deletions
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml index 67d45f08b9..1f3e92413c 100644 --- a/kubernetes/aai/components/aai-babel/requirements.yaml +++ b/kubernetes/aai/components/aai-babel/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 9fe386a3c6..db3540606b 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -113,7 +113,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 7560efde26..4a2246793e 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -85,3 +85,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-babel + roles: + - read diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml +++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 5e6f2bc33d..791bf61004 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -162,7 +162,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 63c668fb9e..03d034bf05 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -246,3 +246,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-graphadmin + roles: + - read diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-modelloader/requirements.yaml +++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 0d24bfe957..7509f88090 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -87,6 +87,7 @@ spec: name: aai-filebeat resources: {{ include "common.resources" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index b235ba171c..5da0e5736f 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -84,3 +84,9 @@ resources: cpu: 1 memory: 1536Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-modelloader + roles: + - read diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-resources/requirements.yaml +++ b/kubernetes/aai/components/aai-resources/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 1297809658..501a706f47 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -207,6 +207,7 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index f30b067b2e..c2658a5503 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -257,3 +257,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-resources + roles: + - read diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-schema-service/requirements.yaml +++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index 25be4db147..d4394057e8 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -116,6 +116,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: aai-common-aai-auth-mount secret: diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 50bd6c38b8..e7479b8818 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -140,3 +140,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-schema-service + roles: + - read diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 45ff270047..7d0dfe39e2 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -175,7 +175,7 @@ spec: name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 98dca5d11d..420517f8f0 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -144,3 +144,9 @@ resources: cpu: 0.5 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-sparky-be + roles: + - read diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-traversal/requirements.yaml +++ b/kubernetes/aai/components/aai-traversal/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index dc1c010261..037f811f44 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -233,6 +233,7 @@ spec: name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index ad4279a543..297de15308 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -267,3 +267,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-traversal + roles: + - read diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml index 8b37ef737d..198439992a 100644 --- a/kubernetes/aai/requirements.yaml +++ b/kubernetes/aai/requirements.yaml @@ -62,3 +62,6 @@ dependencies: version: ~8.x-0 repository: 'file://components/aai-traversal' condition: aai-traversal.enabled + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 2ca489f2de..4b08d10e45 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -115,7 +115,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index ed617780f1..1cb297078e 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -392,3 +392,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai + roles: + - read diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml index 95f841632c..7c26bb83b1 100644 --- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index eaad403dc8..a0b6fdad8d 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -114,6 +114,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 65242b4a4f..a3d42d2130 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -163,3 +163,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dmaap-bc + roles: + - read diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml index d96058de91..97ba957f4f 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 40a4d7db93..dfb435ce04 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -102,6 +102,7 @@ spec: mountPath: /var/log/onap/datarouter-node imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 1d55a13bd9..ee231a0c06 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -154,3 +154,9 @@ config: # dr uses the EELF Logging framework https://github.com/att/EELF # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF logLevel: "INFO" + +#Pods Service Account +serviceAccount: + nameOverride: dmaap-dr-node + roles: + - read diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index ed03e05b2e..65867f50af 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -32,3 +32,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 5c94116bac..61678961cc 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -118,6 +118,7 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap/datarouter-prov + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index a82eef85d4..7564ccfc78 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -154,3 +154,9 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dmaap-dr-prov + roles: + - read diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml index 68c3169e68..c212f38b39 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml index 48a2eb197e..7cedbf89d1 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml @@ -220,6 +220,7 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml index 04d7cee705..5732c5de0e 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml @@ -219,3 +219,9 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: message-router-kafka + roles: + - read diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml index 343812db25..20cc48f360 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml index 5ea5bc53b7..f5473ec589 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml @@ -187,6 +187,7 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml index 64c29db935..6863acc7a2 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml @@ -151,3 +151,9 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: message-router-zookeeper + roles: + - read diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml index 5adbb623bd..00d14549cd 100644 --- a/kubernetes/dmaap/components/message-router/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/requirements.yaml @@ -33,3 +33,6 @@ dependencies: - name: message-router-zookeeper version: ~8.x-0 repository: 'file://components/message-router-zookeeper' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index c0d32a362b..9bad341792 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -137,6 +137,7 @@ spec: name: jetty {{- end }} resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index d0b162b45e..7028bb1263 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -153,3 +153,9 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: message-router + roles: + - read diff --git a/kubernetes/dmaap/requirements.yaml b/kubernetes/dmaap/requirements.yaml index d62273499e..268ff70467 100644 --- a/kubernetes/dmaap/requirements.yaml +++ b/kubernetes/dmaap/requirements.yaml @@ -33,3 +33,6 @@ dependencies: version: ~8.x-0 repository: 'file://components/dmaap-dr-prov' condition: dmaap-dr-prov.enabled + - name: serviceAccount + version: ~8.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index c1ba7547db..b7f0735c8d 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -54,3 +54,9 @@ dmaap-dr-node: enabled: true dmaap-dr-prov: enabled: true + +#Pods Service Account +serviceAccount: + nameOverride: dmaap + roles: + - read diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index a94bd4df4a..a3dc897718 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -91,6 +91,10 @@ mariadb-galera: db: externalSecret: *dbUserSecretName name: &mysqlDbName nbi + service: + name: nbi-galera + portName: nbi-galera + internalPort: 3306 nameOverride: &nbi-galera nbi-galera replicaCount: 1 persistence: diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 78afa5e5f8..b1bd0edea4 100644 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -151,3 +151,11 @@ PCI: filter: interval: 10 ml_enabled: false + +nxi_termination: + query_templates: + nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')" + nsi_with_profile: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')('service-instance-id','{{ printf "{{profile_id}}" }}')" + nssi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')" + nssi_with_nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')('service-instance-id','{{ printf "{{nsi_id}}" }}')" + diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index 6df3ed948b..aff63428eb 100755 --- a/kubernetes/oof/resources/config/conf/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml @@ -55,6 +55,7 @@ aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} controllerQueryUrl: {{ .Values.config.controllerQueryUrl }} aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} +dslQueryPath: /aai/v23/dsl?format= #DES api desUrl: {{ .Values.config.desUrl }} diff --git a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml index 1c57aa449b..f320b219dc 100755 --- a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 586f468334..4d9ff9250e 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -115,6 +115,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index aa1daf703f..eb6292a039 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -133,3 +133,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-apex-pdp + roles: + - read diff --git a/kubernetes/policy/components/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml index 7bc531a759..2365cd729a 100755 --- a/kubernetes/policy/components/policy-api/requirements.yaml +++ b/kubernetes/policy/components/policy-api/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 899e74e674..de0558e4cd 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -107,6 +107,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index da983e5b5b..36eb5c4899 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -143,3 +143,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-api + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-be/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml index 88fd9d90eb..670f8cb65a 100644 --- a/kubernetes/policy/components/policy-clamp-be/requirements.yaml +++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index c243e30540..e61cca0e49 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -114,6 +114,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 71d2517be1..dcbe59c382 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -156,3 +156,9 @@ resources: cpu: 10m memory: 3Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-be + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml index 88fd9d90eb..670f8cb65a 100644 --- a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml index 97c7919389..1349558651 100644 --- a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml @@ -91,6 +91,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 9712a38e10..a7c8d6defa 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -146,3 +146,9 @@ resources: cpu: 10m memory: 50Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-fe + roles: + - read diff --git a/kubernetes/policy/components/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml index 0006e4965a..db84102327 100755 --- a/kubernetes/policy/components/policy-distribution/requirements.yaml +++ b/kubernetes/policy/components/policy-distribution/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 04db6d70c7..4745aac23b 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -121,6 +121,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 6788613ceb..fb6ef6e039 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -155,3 +155,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-distribution + roles: + - read diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml index 29b1053600..6c540a4bcf 100755 --- a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index 7e9c6cfde8..d389246b5c 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 4eb37c6106..38d398998c 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -188,3 +188,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-drools-pdp + roles: + - read diff --git a/kubernetes/policy/components/policy-nexus/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml index 343812db25..20cc48f360 100755 --- a/kubernetes/policy/components/policy-nexus/requirements.yaml +++ b/kubernetes/policy/components/policy-nexus/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index 3d5d59fea2..4c945f4605 100755 --- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -83,6 +83,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index 7801b525f2..3d77e67456 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -92,3 +92,9 @@ resources: cpu: 2m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-nexus + roles: + - nothing diff --git a/kubernetes/policy/components/policy-pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml index 3f0071ab7c..18de3a6517 100755 --- a/kubernetes/policy/components/policy-pap/requirements.yaml +++ b/kubernetes/policy/components/policy-pap/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index a02752c033..77474a8387 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -122,6 +122,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 18e0e3e171..3c4c3e5ec6 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -169,3 +169,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-pap + roles: + - read diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml index 7bc531a759..2365cd729a 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 73ae6dd55a..2da0035fa0 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -131,6 +131,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 64c00e9bed..9eda53ee9b 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -152,3 +152,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-xacml-pdp + roles: + - read diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 33447a2571..c98d4fc7a8 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -59,3 +59,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index ad195722b2..72c94f30c5 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -72,6 +72,7 @@ spec: resources: {{ include "common.resources" . }} restartPolicy: Never + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 678772c481..92344dd2fe 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -148,3 +148,8 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy + roles: + - read |