diff options
13 files changed, 41 insertions, 4 deletions
diff --git a/kubernetes/msb/components/kube2msb/requirements.yaml b/kubernetes/msb/components/kube2msb/requirements.yaml index dbb7638914..dfda28d9c9 100644 --- a/kubernetes/msb/components/kube2msb/requirements.yaml +++ b/kubernetes/msb/components/kube2msb/requirements.yaml @@ -19,3 +19,4 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + diff --git a/kubernetes/msb/components/msb-consul/requirements.yaml b/kubernetes/msb/components/msb-consul/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-consul/requirements.yaml +++ b/kubernetes/msb/components/msb-consul/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-consul/templates/deployment.yaml b/kubernetes/msb/components/msb-consul/templates/deployment.yaml index 97dd1781f2..d03829d89d 100644 --- a/kubernetes/msb/components/msb-consul/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-consul/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -85,6 +84,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/msb/components/msb-consul/values.yaml b/kubernetes/msb/components/msb-consul/values.yaml index 1c7fa38171..258d49e30b 100644 --- a/kubernetes/msb/components/msb-consul/values.yaml +++ b/kubernetes/msb/components/msb-consul/values.yaml @@ -87,3 +87,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: msb-consul + roles: + - read diff --git a/kubernetes/msb/components/msb-discovery/requirements.yaml b/kubernetes/msb/components/msb-discovery/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-discovery/requirements.yaml +++ b/kubernetes/msb/components/msb-discovery/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml index e5e5f9eb0f..00d91fe646 100644 --- a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: - command: - /app/ready.py @@ -107,6 +106,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-log-conf configMap: diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index f0eabde79f..e9800233e3 100644 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -82,3 +82,9 @@ resources: cpu: 400m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-discovery + roles: + - read diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 113a174eb6..c30fc343de 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index 5faae36fb0..9345341437 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -116,3 +116,9 @@ resources: cpu: 200m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-eag + roles: + - read diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-iag/requirements.yaml +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 7bae325b1e..2a855c713f 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index 9b9f805802..21f22dd3ac 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -117,3 +117,9 @@ resources: cpu: 100m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-iag + roles: + - read |