diff options
28 files changed, 90 insertions, 4 deletions
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml index 67d45f08b9..1f3e92413c 100644 --- a/kubernetes/aai/components/aai-babel/requirements.yaml +++ b/kubernetes/aai/components/aai-babel/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 9fe386a3c6..db3540606b 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -113,7 +113,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 7560efde26..4a2246793e 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -85,3 +85,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-babel + roles: + - read diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml +++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 5e6f2bc33d..791bf61004 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -162,7 +162,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 63c668fb9e..03d034bf05 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -246,3 +246,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-graphadmin + roles: + - read diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-modelloader/requirements.yaml +++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 0d24bfe957..7509f88090 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -87,6 +87,7 @@ spec: name: aai-filebeat resources: {{ include "common.resources" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index b235ba171c..5da0e5736f 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -84,3 +84,9 @@ resources: cpu: 1 memory: 1536Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-modelloader + roles: + - read diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-resources/requirements.yaml +++ b/kubernetes/aai/components/aai-resources/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 1297809658..501a706f47 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -207,6 +207,7 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index f30b067b2e..c2658a5503 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -257,3 +257,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-resources + roles: + - read diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml index cf22720435..3d0f24cb29 100644 --- a/kubernetes/aai/components/aai-schema-service/requirements.yaml +++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index 25be4db147..d4394057e8 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -116,6 +116,7 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: aai-common-aai-auth-mount secret: diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 50bd6c38b8..e7479b8818 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -140,3 +140,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-schema-service + roles: + - read diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 45ff270047..7d0dfe39e2 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -175,7 +175,7 @@ spec: name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 98dca5d11d..420517f8f0 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -144,3 +144,9 @@ resources: cpu: 0.5 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-sparky-be + roles: + - read diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml index f9ba1c1fb7..1552d53276 100644 --- a/kubernetes/aai/components/aai-traversal/requirements.yaml +++ b/kubernetes/aai/components/aai-traversal/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index dc1c010261..037f811f44 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -233,6 +233,7 @@ spec: name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index ad4279a543..297de15308 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -267,3 +267,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai-traversal + roles: + - read diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml index 8b37ef737d..198439992a 100644 --- a/kubernetes/aai/requirements.yaml +++ b/kubernetes/aai/requirements.yaml @@ -62,3 +62,6 @@ dependencies: version: ~8.x-0 repository: 'file://components/aai-traversal' condition: aai-traversal.enabled + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 2ca489f2de..4b08d10e45 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -115,7 +115,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index ed617780f1..1cb297078e 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -392,3 +392,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: aai + roles: + - read diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index a10b0592de..46f7d3521c 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-db-readiness command: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index a94bd4df4a..a3dc897718 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -91,6 +91,10 @@ mariadb-galera: db: externalSecret: *dbUserSecretName name: &mysqlDbName nbi + service: + name: nbi-galera + portName: nbi-galera + internalPort: 3306 nameOverride: &nbi-galera nbi-galera replicaCount: 1 persistence: diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml index 8bcbc1f7d0..c5f289f2d9 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -33,6 +33,8 @@ spec: labels: control-plane: controller-manager spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 9a6abd4eb9..8215ed949e 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" volumes: {{- if .Values.global.addTestingComponents }} - name: cmp-servers-template-volume |