summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/cert-wrapper/values.yaml2
-rw-r--r--kubernetes/common/certInitializer/Chart.yaml3
-rw-r--r--kubernetes/common/certInitializer/templates/job.yaml1
-rw-r--r--kubernetes/common/certInitializer/values.yaml6
-rw-r--r--kubernetes/common/elasticsearch/Chart.yaml3
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-server-block.yaml6
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml3
-rw-r--r--kubernetes/common/elasticsearch/values.yaml25
-rw-r--r--kubernetes/common/etcd-init/Chart.yaml5
-rw-r--r--kubernetes/common/etcd-init/templates/job.yaml1
-rw-r--r--kubernetes/common/etcd-init/values.yaml6
-rw-r--r--kubernetes/common/mariadb-init/Chart.yaml5
-rw-r--r--kubernetes/common/mariadb-init/templates/job.yaml1
-rw-r--r--kubernetes/common/mariadb-init/values.yaml6
-rw-r--r--kubernetes/common/network-name-gen/Chart.yaml5
-rw-r--r--kubernetes/common/network-name-gen/templates/deployment.yaml1
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rw-r--r--kubernetes/common/postgres-init/Chart.yaml5
-rw-r--r--kubernetes/common/postgres-init/templates/job.yaml1
-rw-r--r--kubernetes/common/postgres-init/values.yaml6
20 files changed, 52 insertions, 41 deletions
diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml
index fcece0e3f5..34f3ad5eea 100644
--- a/kubernetes/common/cert-wrapper/values.yaml
+++ b/kubernetes/common/cert-wrapper/values.yaml
@@ -15,3 +15,5 @@
certInitializer:
nameOverride: cert-initializer
createCertsCM: true
+ serviceAccount:
+ nameOverride: cert-initializer \ No newline at end of file
diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml
index e1bb478d8a..d70b1de52b 100644
--- a/kubernetes/common/certInitializer/Chart.yaml
+++ b/kubernetes/common/certInitializer/Chart.yaml
@@ -29,3 +29,6 @@ dependencies:
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml
index 84a3e87098..3120455300 100644
--- a/kubernetes/common/certInitializer/templates/job.yaml
+++ b/kubernetes/common/certInitializer/templates/job.yaml
@@ -36,6 +36,7 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }}
- name: ingress-scripts
mountPath: /ingress
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 747c94f4d1..0fde2cf532 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -70,3 +70,9 @@ envVarToCheck: cadi_keystore_password_p12
# We had to move this CM to a separate chart to reduce the total size of our charts
# as it exceeds the default helm limits.
certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: certinitializer
+ roles:
+ - read \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
index d0219617c7..82c8ccd056 100644
--- a/kubernetes/common/elasticsearch/Chart.yaml
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -35,9 +35,6 @@ dependencies:
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: certInitializer
- version: ~13.x-0
- repository: 'file://../certInitializer'
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
index 49ce0ef76a..e7520aeed6 100644
--- a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
+++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
@@ -21,11 +21,5 @@ kind: ConfigMap
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
server-block.conf: |-
-{{ if .Values.global.aafEnabled }}
-{{ .Values.nginx.serverBlock.https | indent 4 }}
-{{ else }}
{{ .Values.nginx.serverBlock.http | indent 4 }}
-
-
-{{ end }}
{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 05e09cb696..43eb92dd1e 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -64,7 +64,6 @@ spec:
securityContext:
privileged: true
{{- end }}
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
@@ -85,7 +84,6 @@ spec:
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -172,4 +170,3 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index 6c46f32c96..c3352ae424 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -17,7 +17,6 @@
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
nodePortPrefix: 302
clusterName: cluster.local
@@ -261,30 +260,6 @@ service:
##
#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: elasticsearch-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "elastic"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.elastic"
- fqi: "elastic@elastic.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd {{ .Values.credsPath }};
- mkdir -p certs;
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
- openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
- cp {{ .Values.fqi_namespace }}.key certs/key.pem;
- chmod -R 755 certs;
-
-#################################################################
# subcharts configuration defaults.
#################################################################
diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml
index 6605f519f1..166b4172d3 100644
--- a/kubernetes/common/etcd-init/Chart.yaml
+++ b/kubernetes/common/etcd-init/Chart.yaml
@@ -25,4 +25,7 @@ dependencies:
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
index 4b8e2e5fdd..a517264d57 100644
--- a/kubernetes/common/etcd-init/templates/job.yaml
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -98,6 +98,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml
index 6ccfb3e5d7..721bcb70f3 100644
--- a/kubernetes/common/etcd-init/values.yaml
+++ b/kubernetes/common/etcd-init/values.yaml
@@ -73,6 +73,12 @@ resources:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: etcd-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml
index f4d9c2d4af..fe134578df 100644
--- a/kubernetes/common/mariadb-init/Chart.yaml
+++ b/kubernetes/common/mariadb-init/Chart.yaml
@@ -25,4 +25,7 @@ dependencies:
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index e638415548..a899d93a28 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -101,6 +101,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 1d699bd5ae..2d5de97e7c 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -136,6 +136,12 @@ resources:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: mariadb-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
diff --git a/kubernetes/common/network-name-gen/Chart.yaml b/kubernetes/common/network-name-gen/Chart.yaml
index 4bc06f9fa5..88336f49c3 100644
--- a/kubernetes/common/network-name-gen/Chart.yaml
+++ b/kubernetes/common/network-name-gen/Chart.yaml
@@ -33,4 +33,7 @@ dependencies:
- name: mariadb-init
version: ~13.x-0
repository: 'file://../mariadb-init'
- condition: global.mariadbGalera.globalCluster \ No newline at end of file
+ condition: global.mariadbGalera.globalCluster
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 71b7846dc9..940132f477 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -102,6 +102,7 @@ spec:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 8b8848b8aa..e3fdb80e71 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -72,6 +72,8 @@ mariadb-init:
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nengdb-init
+ serviceAccount:
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml
index 34f5352ea8..59008d37bb 100644
--- a/kubernetes/common/postgres-init/Chart.yaml
+++ b/kubernetes/common/postgres-init/Chart.yaml
@@ -25,4 +25,7 @@ dependencies:
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 15260f0b16..09c21fe9e5 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -102,6 +102,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index d6d51f0b51..1b9e72b8d7 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -90,6 +90,12 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: postgres-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-update-config' \ No newline at end of file