summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/consul/Makefile51
-rw-r--r--kubernetes/consul/components/Makefile51
-rw-r--r--kubernetes/consul/components/consul-server/requirements.yaml6
-rw-r--r--kubernetes/consul/components/consul-server/templates/statefulset.yaml1
-rw-r--r--kubernetes/consul/components/consul-server/values.yaml6
-rw-r--r--kubernetes/consul/requirements.yaml5
-rw-r--r--kubernetes/consul/templates/deployment.yaml1
-rw-r--r--kubernetes/consul/values.yaml6
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh2
-rwxr-xr-xkubernetes/robot/scripts/etescript/hvves-etescript.sh6
10 files changed, 130 insertions, 5 deletions
diff --git a/kubernetes/consul/Makefile b/kubernetes/consul/Makefile
new file mode 100644
index 0000000000..92102d2dfc
--- /dev/null
+++ b/kubernetes/consul/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/consul/components/Makefile b/kubernetes/consul/components/Makefile
new file mode 100644
index 0000000000..e9159f32a9
--- /dev/null
+++ b/kubernetes/consul/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/consul/components/consul-server/requirements.yaml b/kubernetes/consul/components/consul-server/requirements.yaml
index 7afdbc936e..e43236def8 100644
--- a/kubernetes/consul/components/consul-server/requirements.yaml
+++ b/kubernetes/consul/components/consul-server/requirements.yaml
@@ -20,3 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/components/consul-server/templates/statefulset.yaml b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
index 16fda3a510..8e872b9c87 100644
--- a/kubernetes/consul/components/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
@@ -74,3 +74,4 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/consul/components/consul-server/values.yaml b/kubernetes/consul/components/consul-server/values.yaml
index 48a26effd7..d4e649444a 100644
--- a/kubernetes/consul/components/consul-server/values.yaml
+++ b/kubernetes/consul/components/consul-server/values.yaml
@@ -92,3 +92,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul-server
+ roles:
+ - read
diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml
index 4d43035d04..1312294f29 100644
--- a/kubernetes/consul/requirements.yaml
+++ b/kubernetes/consul/requirements.yaml
@@ -26,4 +26,7 @@ dependencies:
- name: consul-server
version: ~8.x-0
repository: 'file://components/consul-server'
- condition: cds-command-executor.enabled
+ condition: consul-server.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index 31546abd49..c5d12a4693 100644
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
- mountPath: /consul/certs
name: consul-agent-certs-config
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: consul-agent-config-dir
emptyDir: {}
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index 0f5d2861cc..e2aa181efb 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -109,3 +109,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul
+ roles:
+ - read
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index 0247ad6125..f5dcbff6bf 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -106,7 +106,7 @@ docker_temp_server_start() {
"$@" --skip-networking --socket="${SOCKET}" &
mysql_note "Waiting for server startup"
local i
- for i in {30..0}; do
+ for i in $(seq 30 -1 0); do
# only use the root password if the database has already been initializaed
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=""
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
index b47051f7e2..63e90cdec6 100755
--- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -49,21 +49,21 @@ create_pkcs12_ca_and_server () {
}
copy_server_certs_to_hvves () {
- for f in {ca.p12,server.p12}
+ for f in ca.p12 server.p12
do
kubectl cp $1/$f $2/$3:$4
done
}
copy_client_certs_to_robot () {
- for f in {ca.pem,client.key,client.pem}
+ for f in ca.pem client.key client.pem
do
kubectl cp $1/$f $2/$3:$4
done
}
cleanup () {
- rm -f $1/{ca,server,client}.???
+ rm -f $1/ca.??? $1/server.??? s$1/client.???
}