summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/a1policymanagement/requirements.yaml3
-rw-r--r--kubernetes/a1policymanagement/templates/statefulset.yaml1
-rw-r--r--kubernetes/a1policymanagement/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml2
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml12
-rw-r--r--kubernetes/common/timescaledb/values.yaml6
-rw-r--r--kubernetes/msb/components/msb-discovery/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-eag/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml2
9 files changed, 29 insertions, 7 deletions
diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml
index ba5f5d5ea3..401f2e3c9f 100644
--- a/kubernetes/a1policymanagement/requirements.yaml
+++ b/kubernetes/a1policymanagement/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 54ee1515bc..1d25f31e7f 100644
--- a/kubernetes/a1policymanagement/templates/statefulset.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -106,6 +106,7 @@ spec:
- name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 4768349736..0f7c00d235 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -159,4 +159,8 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
-
+#Pods Service Account
+serviceAccount:
+ nameOverride: a1policymanagement
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 18ef89f1fd..252df407c1 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -74,7 +74,7 @@ global: # global defaults
- aai_keystore
# application image
-image: onap/aai-schema-service:1.9.1
+image: onap/aai-schema-service:1.9.2
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 9b63de434d..435c925eb2 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -31,6 +31,18 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: chowm-mount-path
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: {{ include "common.fullname" . }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index b6d2face3a..55acd92847 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -40,13 +40,15 @@ serviceAccount:
podSecurityContext: {}
# fsGroup: 2000
-securityContext: {}
+securityContext:
+ # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+ runAsUser: 70
+ runAsGroup: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
- # runAsUser: 1000
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml
index e981bbd091..f0eabde79f 100644
--- a/kubernetes/msb/components/msb-discovery/values.yaml
+++ b/kubernetes/msb/components/msb-discovery/values.yaml
@@ -21,7 +21,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_discovery:1.2.7
+image: onap/msb/msb_discovery:1.3.0
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index 0a343cf925..ef36b13742 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.8
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index baf2bec4bc..4610232e7b 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.8
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true