diff options
21 files changed, 82 insertions, 6 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 2d68b38771..8738b1099e 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -207,14 +207,27 @@ The sidecar is included if .Values.policies is set. The Policy-sync sidecar polls PolicyEngine (PDP) periodically based on .Values.policies.duration and configuration retrieved is shared with DCAE Microservice container by common volume. Policy can be retrieved based on -list of policyID or filter +list of policyID or filter. An optional policyRelease parameter can be specified +to override the default policy helm release (used for retreiving the secret containing +pdp username and password) + +Following is example policy config override + +dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 +policies: + duration: 300 + policyRelease: "onap" + policyID: | + '["onap.vfirewall.tca","onap.vdns.tca"]' */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} {{- $logDir := default "" .Values.logDirectory -}} {{- $certDir := default "" .Values.certDirectory . -}} {{- $tlsServer := default "" .Values.tlsServer -}} -{{- $policy := default "" .Values.policies -}} +{{- $commonRelease := print (include "common.release" .) -}} +{{- $policy := default dict .Values.policies -}} +{{- $policyRls := default $commonRelease $policy.policyRelease -}} {{- $drFeedConfig := default "" .Values.drFeedConfig -}} apiVersion: apps/v1 @@ -384,12 +397,12 @@ spec: - name: POLICY_SYNC_PDP_USER valueFrom: secretKeyRef: - name: onap-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-api-creds key: login - name: POLICY_SYNC_PDP_PASS valueFrom: secretKeyRef: - name: onap-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-api-creds key: password - name: POLICY_SYNC_PDP_URL value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index a26c66366b..09529c8bb8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -91,8 +91,9 @@ service: #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 #policies: # duration: 300 +# policyRelease: "onap" # policyID: | -# '["onap.vfirewall.tca","abc"]' +# '["onap.vfirewall.tca","onap.vdns.tca"]' # filter: | # '["DCAE.Config_vfirewall_.*"]' diff --git a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index ddc115dbbe..69b0fd3bb8 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -114,6 +114,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index c32a6a6230..0d180ec029 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -127,3 +127,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-dmaap-listener + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml index 3cfb5257ca..1f0dbdeced 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index b8d59f96c9..13c53d3fe1 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -129,3 +129,9 @@ resources: cpu: 1 memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-ansible-server + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml index 3f33591953..1cc295e2c3 100644 --- a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml index 4cf61f518e..803434cf09 100644 --- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml @@ -69,6 +69,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml index d9afd1aab0..eb11d646b3 100644 --- a/kubernetes/sdnc/components/sdnc-prom/values.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml @@ -94,3 +94,9 @@ ingress: enabled: false resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-prom + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml index 7e75730415..3d7968123b 100644 --- a/kubernetes/sdnc/components/sdnc-web/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml index f168997d3f..21416c9b5f 100644 --- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 8514641a1c..3d9f86192f 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -127,3 +127,9 @@ resources: cpu: 1 memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-web + roles: + - read diff --git a/kubernetes/sdnc/components/ueb-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/ueb-listener/requirements.yaml +++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml index 911985fe2b..603f3a3f99 100644 --- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 5838809efe..c35095c158 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -137,3 +137,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-ueb-listener + roles: + - read diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index ac0e6ed868..f5f6226b06 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -1,3 +1,4 @@ + # Copyright © 2017 Amdocs, Bell Canada, # Copyright © 2020 highstreet technologies GmbH # Copyright © 2021 Nokia @@ -13,7 +14,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - dependencies: - name: common version: ~8.x-0 @@ -67,3 +67,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 39407e3f5a..01d51a21f6 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -401,6 +401,7 @@ spec: {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 6ab96adde7..1529aa808c 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -625,3 +625,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc + roles: + - read diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml index 46793e7b75..922643404c 100755 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -29,6 +29,8 @@ server: port: {{ index .Values.containerPort }} tomcat: max-threads: 50 +multicloud: + endpoint: http://multicloud-k8s.{{ include "common.namespace" . }}:9015 mso: site-name: localSite logPath: ./logs/cnf-adapter |