summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai')
-rw-r--r--kubernetes/aai/.helmignore22
-rw-r--r--kubernetes/aai/components/aai-babel/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml25
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml15
-rw-r--r--kubernetes/aai/components/aai-modelloader/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml26
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml15
-rw-r--r--kubernetes/aai/components/aai-schema-service/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-sparky-be/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-traversal/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml24
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml15
-rw-r--r--kubernetes/aai/requirements.yaml3
-rw-r--r--kubernetes/aai/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/values.yaml6
25 files changed, 199 insertions, 5 deletions
diff --git a/kubernetes/aai/.helmignore b/kubernetes/aai/.helmignore
new file mode 100644
index 0000000000..7ddbad7ef4
--- /dev/null
+++ b/kubernetes/aai/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
index 67d45f08b9..1f3e92413c 100644
--- a/kubernetes/aai/components/aai-babel/requirements.yaml
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 9fe386a3c6..db3540606b 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -113,7 +113,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index a7f707deed..74c79ec05e 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -85,3 +85,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-babel
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 8ed7ce83bc..610290061f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -32,6 +32,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -45,6 +51,7 @@ spec:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-graphadmin
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
initContainers:
- command:
@@ -89,6 +96,10 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
@@ -125,6 +136,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -162,7 +185,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index ad6ef3c984..89c4b024d6 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -126,6 +126,14 @@ flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the graphadmin deployment
config:
@@ -207,6 +215,7 @@ service:
internalPort: 8449
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
@@ -249,3 +258,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-graphadmin
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-modelloader/requirements.yaml
+++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 0d24bfe957..7509f88090 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -87,6 +87,7 @@ spec:
name: aai-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 38eab954a9..c0806fea0d 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -84,3 +84,9 @@ resources:
cpu: 1
memory: 1536Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-modelloader
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-resources/requirements.yaml
+++ b/kubernetes/aai/components/aai-resources/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index d630647883..fd4b1c3dc1 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -29,6 +29,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -72,6 +78,7 @@ spec:
{{- end }}
spec:
hostname: aai-resources
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
@@ -122,9 +129,13 @@ spec:
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
+ value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -173,6 +184,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
@@ -207,6 +230,7 @@ spec:
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 776f8be4b4..e244e76753 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -164,6 +164,14 @@ flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the resources deployment
config:
@@ -223,6 +231,7 @@ service:
internalPort: 8447
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
@@ -260,3 +269,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-resources
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-schema-service/requirements.yaml
+++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 25be4db147..d4394057e8 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -116,6 +116,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
secret:
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 13d257a5c1..8a7d17f8dc 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -140,3 +140,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-schema-service
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 3768e629e7..7c09dcd228 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -177,7 +177,7 @@ spec:
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index a27fc44388..342df7a5d5 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -144,3 +144,9 @@ resources:
cpu: 0.5
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-sparky-be
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-traversal/requirements.yaml
+++ b/kubernetes/aai/components/aai-traversal/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index dc1c010261..277fb4bfbb 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -29,6 +29,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -91,6 +97,7 @@ spec:
{{- end }}
spec:
hostname: aai-traversal
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
@@ -144,6 +151,10 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -194,6 +205,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -233,6 +256,7 @@ spec:
name: {{ include "common.fullname" . }}-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index c1746be9ed..fc4ff7a983 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -145,6 +145,14 @@ pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
api_list:
- 11
@@ -245,6 +253,7 @@ service:
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
@@ -267,3 +276,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index 8b37ef737d..198439992a 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -62,3 +62,6 @@ dependencies:
version: ~8.x-0
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 85b1111e65..80fcebbef7 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -117,7 +117,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index a463e47f19..684e592d30 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -397,3 +397,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read