summaryrefslogtreecommitdiffstats
path: root/kubernetes/consul
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/consul')
-rw-r--r--kubernetes/consul/Makefile51
-rw-r--r--kubernetes/consul/components/Makefile51
-rw-r--r--kubernetes/consul/components/consul-server/requirements.yaml6
-rw-r--r--kubernetes/consul/components/consul-server/templates/statefulset.yaml1
-rw-r--r--kubernetes/consul/components/consul-server/values.yaml6
-rw-r--r--kubernetes/consul/requirements.yaml5
-rw-r--r--kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem2
-rw-r--r--kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem2
-rw-r--r--kubernetes/consul/templates/deployment.yaml1
-rw-r--r--kubernetes/consul/values.yaml6
10 files changed, 128 insertions, 3 deletions
diff --git a/kubernetes/consul/Makefile b/kubernetes/consul/Makefile
new file mode 100644
index 0000000000..92102d2dfc
--- /dev/null
+++ b/kubernetes/consul/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/consul/components/Makefile b/kubernetes/consul/components/Makefile
new file mode 100644
index 0000000000..e9159f32a9
--- /dev/null
+++ b/kubernetes/consul/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/consul/components/consul-server/requirements.yaml b/kubernetes/consul/components/consul-server/requirements.yaml
index 7afdbc936e..e43236def8 100644
--- a/kubernetes/consul/components/consul-server/requirements.yaml
+++ b/kubernetes/consul/components/consul-server/requirements.yaml
@@ -20,3 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/components/consul-server/templates/statefulset.yaml b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
index 16fda3a510..8e872b9c87 100644
--- a/kubernetes/consul/components/consul-server/templates/statefulset.yaml
+++ b/kubernetes/consul/components/consul-server/templates/statefulset.yaml
@@ -74,3 +74,4 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/consul/components/consul-server/values.yaml b/kubernetes/consul/components/consul-server/values.yaml
index 48a26effd7..d4e649444a 100644
--- a/kubernetes/consul/components/consul-server/values.yaml
+++ b/kubernetes/consul/components/consul-server/values.yaml
@@ -92,3 +92,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul-server
+ roles:
+ - read
diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml
index 4d43035d04..1312294f29 100644
--- a/kubernetes/consul/requirements.yaml
+++ b/kubernetes/consul/requirements.yaml
@@ -26,4 +26,7 @@ dependencies:
- name: consul-server
version: ~8.x-0
repository: 'file://components/consul-server'
- condition: cds-command-executor.enabled
+ condition: consul-server.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
index 5696aa3570..b842710c11 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
+++ b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.crt.pem
@@ -1,6 +1,6 @@
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
subject=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
issuer=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
-----BEGIN CERTIFICATE-----
diff --git a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
index c7e386e55f..95de561981 100644
--- a/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
+++ b/kubernetes/consul/resources/config/consul-agent-config/certs/client-cert-onap.key.pem
@@ -1,6 +1,6 @@
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbEKYweVNHsWR1
diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml
index 31546abd49..c5d12a4693 100644
--- a/kubernetes/consul/templates/deployment.yaml
+++ b/kubernetes/consul/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
- mountPath: /consul/certs
name: consul-agent-certs-config
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: consul-agent-config-dir
emptyDir: {}
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index 0f5d2861cc..e2aa181efb 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -109,3 +109,9 @@ securityContext:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul
+ roles:
+ - read