diff options
Diffstat (limited to 'kubernetes/contrib')
25 files changed, 139 insertions, 76 deletions
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml index d6f5f56197..b7c4d1e7f8 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml index c0c6b914fb..3b4dad55ec 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml @@ -74,6 +74,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml index a7234caceb..4cf03b2482 100755 --- a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml +++ b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml @@ -80,3 +80,9 @@ service: externalPort: 5432 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: awx-postgres + roles: + - read diff --git a/kubernetes/contrib/components/awx/requirements.yaml b/kubernetes/contrib/components/awx/requirements.yaml index b015bd1216..222db3890e 100755 --- a/kubernetes/contrib/components/awx/requirements.yaml +++ b/kubernetes/contrib/components/awx/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: awx-postgres version: ~8.x-0 repository: 'file://components/awx-postgres' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml index 1f2c093742..9910aa4634 100644 --- a/kubernetes/contrib/components/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/templates/statefulset.yaml @@ -180,7 +180,7 @@ spec: cpu: 500m memory: 1Gi serviceAccount: {{ include "common.fullname" . }} - serviceAccountName: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - configMap: defaultMode: 420 diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index 02642fd3fd..0a247c5743 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -109,3 +109,9 @@ service: externalPort: 5672 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: awx + roles: + - read diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml index 8762d969f9..284108c256 100644 --- a/kubernetes/contrib/components/ejbca/requirements.yaml +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -29,3 +29,6 @@ dependencies: - name: cmpv2Config version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index 2c672e2f07..94c95d6c30 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh waitForEjbcaToStart() { until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index fc163ee2e2..6bd5b259ea 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -94,6 +94,7 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - configMap: name: "{{ include "common.fullname" . }}-config-script" diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 57d1e7848e..52e0e750a0 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -124,3 +124,9 @@ resources: cpu: 20m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: ejbca + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml b/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml index c23e29a11d..05bbfc7738 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/resources/config/initializers/custom_fields.yml @@ -1,8 +1,8 @@ -external-key: +external-key: description: "The external-key uniquely identify the resources to a service within ONAP." filterable: true label: ONAP external key - on_objects: + on_objects: - ipam.models.IPAddress required: true type: text diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml index f1209cdb56..302166fcd6 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml @@ -138,6 +138,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml index 92f97c2620..27cd811ec1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml @@ -112,3 +112,9 @@ readiness: periodSeconds: 10 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-app + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml index 7bdf46f252..2d115f74bf 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml @@ -61,6 +61,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml index de131d30d0..a7d0dadbf1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml @@ -81,3 +81,9 @@ service: nodePort: 20 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-nginx + roles: + - read diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml index 50ff87c18b..1b6f2d7c93 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml index 2caddeba49..8e05524fd1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml @@ -64,6 +64,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml index 572e23d53c..7e0a324aa1 100755 --- a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml +++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml @@ -80,3 +80,9 @@ service: externalPort: 5432 resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: netbox-postgres + roles: + - read diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md index dced68d7c6..72f522a000 100644 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md @@ -14,10 +14,10 @@ See post deploy info 1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke) ~~~yaml dns: - provider: coredns - upstreamnameservers: - - <cluster_ip>:31555 + provider: coredns + upstreamnameservers: + - <cluster_ip>:31555 ~~~ 2. You can edit coredns configuration with command: - kubectl -n kube-system edit configmap coredns + kubectl -n kube-system edit configmap coredns diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 460c046632..3c66feeb46 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # Copyright 2020 Samsung Electronics Co., Ltd. # @@ -24,23 +24,24 @@ SPATH="$( dirname "$( which "$0" )" )" usage() { cat << ==usage $0 [cluster_domain] [lb_ip] [helm_chart_args] ... - [cluster_domain] Default value simpledemo.onap.org - [lb_ip] Default value LoadBalancer IP - [helm_chart_args] ... Optional arguments passed to helm install command + [cluster_domain] Default value simpledemo.onap.org + [lb_ip] Default value LoadBalancer IP + [helm_chart_args] ... Optional arguments passed to helm install command $0 --help This message $0 --info Display howto configure target machine ==usage } -target_machine_notice_info() { +target_machine_notice_info() +{ cat << ==infodeploy Extra DNS server already deployed: 1. You can add the DNS server to the target machine using following commands: - sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT - sudo sysctl -w net.ipv4.conf.all.route_localnet=1 - sudo sysctl -w net.ipv4.ip_forward=1 + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine ==infodeploy } @@ -48,51 +49,51 @@ Extra DNS server already deployed: list_node_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - break - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + break + fi + done } ingress_controller_ip() { - local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) - if [ -z $metal_ns ]; then - echo $CLUSTER_IP - else - list_node_with_external_addrs - fi + local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) + if [ -z $metal_ns ]; then + echo $CLUSTER_IP + else + list_node_with_external_addrs + fi } deploy() { - local ingress_ip=$(ingress_controller_ip) - initdir = $(pwd) - cd $SPATH/bind9dns - if [ $# -eq 0 ]; then - local cl_domain="simpledemo.onap.org" - else - local cl_domain=$1 - shift - fi - if [ $# -ne 0 ]; then - ingress_ip=$1 - shift - fi - helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ - cd $initdir - target_machine_notice_info + local ingress_ip=$(ingress_controller_ip) + initdir = $(pwd) + cd $SPATH/bind9dns + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + if [ $# -ne 0 ]; then + ingress_ip=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ + cd $initdir + target_machine_notice_info } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then target_machine_notice_info else - deploy $@ + deploy $@ fi diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh index bf2bc121a7..c62e2a51bd 100755 --- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -1,4 +1,5 @@ -#!/bin/bash -e +#!/bin/sh -e + # # Copyright 2020 Samsung Electronics Co., Ltd. # @@ -15,7 +16,8 @@ # limitations under the License. # -usage() { +usage() +{ cat << ==usage $0 Automatic configuration using external addresess from nodes $0 --help This message @@ -27,14 +29,14 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges find_nodes_with_external_addrs() { - local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') - for worker in $WORKER_NODES; do - local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') - local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') - if [ $internal_ip != $external_ip ]; then - echo $external_ip - fi - done + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + fi + done } generate_config_map() @@ -56,32 +58,32 @@ CNFEOF } generate_config_from_single_addr() { - generate_config_map "$1 - $1" + generate_config_map "$1 - $1" } install_metallb() { - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml - kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml - # Only when install - kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml + # Only when install + kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" } automatic_configuration() { - install_metallb - generate_config_from_single_addr $(find_nodes_with_external_addrs) + install_metallb + generate_config_from_single_addr $(find_nodes_with_external_addrs) } manual_configuration() { - install_metallb - generate_config_map $@ + install_metallb + generate_config_map $@ } if [ $# -eq 1 ] && [ "$1" = "-h" ]; then - usage + usage if [ $# -eq 1 ] && [ "$1" = "--help" ]; then - usage + usage elif [ $# -eq 0 ]; then - automatic_configuration + automatic_configuration else - manual_configuration $@ + manual_configuration $@ fi diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh index 543e918cfa..9705ee6ea8 100755 --- a/kubernetes/contrib/tools/check-for-staging-images.sh +++ b/kubernetes/contrib/tools/check-for-staging-images.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright © 2020 Samsung Electronics # diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh index 2ee123b36a..a8938a96ee 100755 --- a/kubernetes/contrib/tools/rke/rke_setup.sh +++ b/kubernetes/contrib/tools/rke/rke_setup.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/sh + ############################################################################# # Copyright © 2019 Bell. # |