diff options
Diffstat (limited to 'kubernetes')
143 files changed, 743 insertions, 415 deletions
diff --git a/kubernetes/a1policymanagement/templates/pv.yaml b/kubernetes/a1policymanagement/templates/pv.yaml index 904d863b03..0a3cbdeff5 100644 --- a/kubernetes/a1policymanagement/templates/pv.yaml +++ b/kubernetes/a1policymanagement/templates/pv.yaml @@ -16,27 +16,5 @@ ################################################################################ */}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if not .Values.persistence.storageClass -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/app -{{- end -}} -{{- end -}} + +{{ include "common.replicaPV" . }} diff --git a/kubernetes/a1policymanagement/templates/pvc.yaml b/kubernetes/a1policymanagement/templates/pvc.yaml deleted file mode 100644 index 4183edfdbb..0000000000 --- a/kubernetes/a1policymanagement/templates/pvc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - {{- if .Values.persistence.annotations }} - annotations: -{{ .Values.persistence.annotations | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.fullname" . }}-data -{{- end -}} diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml index 0d8399c8b3..54ee1515bc 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/statefulset.yaml @@ -17,17 +17,11 @@ ################################################################################ */}} -kind: Deployment +kind: StatefulSet apiVersion: apps/v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + serviceName: {{ include "common.servicename" . }} replicas: {{ index .Values.replicaCount }} selector: {{- include "common.selectors" . | nindent 4 }} template: @@ -108,8 +102,8 @@ spec: subPath: application_configuration.json - name: config mountPath: /opt/app/policy-agent/config/application.yaml - subPath: application.yaml - - name: vardata + subPath: application.yaml + - name: {{ include "common.fullname" . }} mountPath: "/var/policy-management-service/database" resources: {{ include "common.resources" . | nindent 10 }} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} @@ -123,6 +117,10 @@ spec: - name: config emptyDir: medium: Memory - - name: vardata - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} +{{- if not .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }} + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - {{include "common.PVCTemplate" . | indent 6 | trim }} +{{- end }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 08590d891c..4768349736 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -20,7 +20,8 @@ global: nodePortPrefix: 302 - + persistence: {} + secrets: - uid: controller-secret type: basicAuth diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index d630647883..1297809658 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: POST_JAVA_OPTS - value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}' + value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}' - name: TRUSTORE_ALL_PASSWORD value: {{ .Values.certInitializer.truststorePassword }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 717ea6679c..68b50e1ad6 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -83,7 +83,7 @@ then show databases like 'sdnctl'; END ) - if [ "x${sdnc_db_exists}" = "x" ] + if [ "${sdnc_db_exists}" = "" ] then echo "Installing SDNC database" ${SDNC_HOME}/bin/installSdncDb.sh @@ -92,7 +92,7 @@ END show databases like 'appcctl'; END ) - if [ "x${appc_db_exists}" = "x" ] + if [ "${appc_db_exists}" = "" ] then echo "Installing APPC database" ${APPC_HOME}/bin/installAppcDb.sh diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 83d00a7545..e3f88b1c37 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -143,7 +143,8 @@ dgbuilder: dbServiceName: *appc-db service: name: appc-dgbuilder - + serviceAccount: + nameOverride: appc-dgbuilder ingress: enabled: false service: diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml index d0ff6231b9..7a3a920087 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index c2e034204c..fd5265d2ce 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -190,6 +190,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index fe60b8023c..71f934fbe5 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -178,3 +178,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cds-blueprints-processor + roles: + - read diff --git a/kubernetes/cds/components/cds-command-executor/requirements.yaml b/kubernetes/cds/components/cds-command-executor/requirements.yaml index bd647a6c42..96ce828880 100755 --- a/kubernetes/cds/components/cds-command-executor/requirements.yaml +++ b/kubernetes/cds/components/cds-command-executor/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml index 40238c2513..523339ca70 100755 --- a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml @@ -86,6 +86,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index f867565915..12a7fe9b40 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -91,3 +91,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cds-command-executor + roles: + - read diff --git a/kubernetes/cds/components/cds-py-executor/requirements.yaml b/kubernetes/cds/components/cds-py-executor/requirements.yaml index 626de2fe33..6b7064caca 100755 --- a/kubernetes/cds/components/cds-py-executor/requirements.yaml +++ b/kubernetes/cds/components/cds-py-executor/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml index d7b2959fcb..754e0d0f50 100755 --- a/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml @@ -78,6 +78,7 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index af042c1605..b7338f88aa 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -110,3 +110,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cds-py-executor + roles: + - read diff --git a/kubernetes/cds/components/cds-sdc-listener/requirements.yaml b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml index bd647a6c42..96ce828880 100755 --- a/kubernetes/cds/components/cds-sdc-listener/requirements.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml index 7dca49c761..4ac847005e 100644 --- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml @@ -94,6 +94,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index e46539fb35..4a67317298 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -99,3 +99,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cds-sdc-listener + roles: + - read diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml index a4e5fe5603..8f6d158a17 100644 --- a/kubernetes/cds/components/cds-ui/requirements.yaml +++ b/kubernetes/cds/components/cds-ui/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml index 359c713ed4..6457ce3736 100644 --- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml @@ -99,6 +99,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 697602f209..e91e999259 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -127,3 +127,9 @@ resources: cpu: 200m memory: 200Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: cds-ui + roles: + - read diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index 5b652228a6..5f23a89867 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -e # first arg is `-f` or `--some-option` @@ -11,7 +12,7 @@ fi if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \ \! -user cassandra -exec chown cassandra '{}' + - exec gosu cassandra "$BASH_SOURCE" "$@" + exec gosu cassandra "$0" "$@" fi _ip_address() { @@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then authenticator \ ; do var="CASSANDRA_${yaml^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \ -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/' @@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then for rackdc in dc rack; do var="CASSANDRA_${rackdc^^}" - val="${!var}" + # eval presents no security issue here because of limited possible values of var + eval val=\$$var if [ "$val" ]; then _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \ -r 's/^('"$rackdc"'=).*/\1 '"$val"'/' diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl deleted file mode 100644 index f80b06b4d3..0000000000 --- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl +++ /dev/null @@ -1,189 +0,0 @@ -{{/* -# Copyright © 2021 Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{/* -In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each -certificate will be requested from separate init container - -Minimum example of array in target component values.yaml: -certificates: - - mountPath: /var/custom-certs - commonName: common-name - -Full example (other fields are ignored): -certificates: - - mountPath: /var/custom-certs - caName: RA - keystore: - outputType: - - jks - commonName: common-name - dnsNames: - - dns-name-1 - - dns-name-2 - ipAddresses: - - 192.168.0.1 - - 192.168.0.2 - emailAddresses: - - email-1@onap.org - - email-2@onap.org - uris: - - http://uri-1.onap.org - - http://uri-2.onap.org - subject: - organization: Linux-Foundation - country: US - locality: San Francisco - province: California - organizationalUnit: ONAP - -There also need to be some includes used in a target component deployment (indent values may need to be adjusted): - 1. In initContainers section: - {{ include "common.certServiceClient.initContainer" . | indent 6 }} - 2. In volumeMounts section of container using certificates: - {{ include "common.certServiceClient.volumeMounts" . | indent 10 }} - 3. In volumes section: - {{ include "common.certServiceClient.volumes" . | indent 8 }} - -*/}} - -{{- define "common.certServiceClient.initContainer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}} -{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} -{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}} -{{- range $index, $certificate := $dot.Values.certificates -}} -{{/*# General certifiacate attributes #*/}} -{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}} -{{/*# SAN's #*/}} -{{- $dnsNames := default (list) $certificate.dnsNames -}} -{{- $ipAddresses := default (list) $certificate.ipAddresses -}} -{{- $uris := default (list) $certificate.uris -}} -{{- $emailAddresses := default (list) $certificate.emailAddresses -}} -{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}} -{{- $sans := join "," $sansList }} -{{/*# Subject #*/}} -{{- $organization := $subchartGlobal.certificate.default.subject.organization -}} -{{- $country := $subchartGlobal.certificate.default.subject.country -}} -{{- $locality := $subchartGlobal.certificate.default.subject.locality -}} -{{- $province := $subchartGlobal.certificate.default.subject.province -}} -{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}} -{{- if $certificate.subject -}} -{{- $organization := $certificate.subject.organization -}} -{{- $country := $certificate.subject.country -}} -{{- $locality := $certificate.subject.locality -}} -{{- $province := $certificate.subject.province -}} -{{- $orgUnit := $certificate.subject.organizationalUnit -}} -{{- end -}} -{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}} -{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}} -{{- if $certificate.keystore -}} -{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}} -{{- $outputType = mustFirst ($outputTypeList) | upper -}} -{{- end -}} -{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}} -{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}} -{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}} -{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}} -{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}} -{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}} -{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}} -{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}} -{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}} -{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}} -{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}} -- name: certs-init-{{ $index }} - image: {{ include "repositoryGenerator.image.certserviceclient" $dot }} - imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} - env: - - name: REQUEST_URL - value: {{ $requestUrl | quote }} - - name: REQUEST_TIMEOUT - value: {{ $requestTimeout | quote }} - - name: OUTPUT_PATH - value: {{ $certPath | quote }} - - name: OUTPUT_TYPE - value: {{ $outputType | quote }} - - name: CA_NAME - value: {{ $caName | quote }} - - name: COMMON_NAME - value: {{ $commonName | quote }} - - name: SANS - value: {{ $sans | quote }} - - name: ORGANIZATION - value: {{ $organization | quote }} - - name: ORGANIZATION_UNIT - value: {{ $orgUnit | quote }} - - name: LOCATION - value: {{ $locality | quote }} - - name: STATE - value: {{ $province | quote }} - - name: COUNTRY - value: {{ $country | quote }} - - name: KEYSTORE_PATH - value: {{ $keystorePath | quote }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $keystorePasswordSecret | quote}} - key: {{ $keystorePasswordSecretKey | quote}} - - name: TRUSTSTORE_PATH - value: {{ $truststorePath | quote }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $truststorePasswordSecret | quote}} - key: {{ $truststorePasswordSecretKey | quote}} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: {{ $certPath }} - name: cmpv2-certs-volume-{{ $index }} - - mountPath: {{ $certificatesSecretMountPath }} - name: certservice-tls-volume -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "common.certServiceClient.volumes" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}} -{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} -{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}} -{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}} -- name: certservice-tls-volume - secret: - secretName: {{ $certificatesSecretName }} -{{ range $index, $certificate := $dot.Values.certificates -}} -- name: cmpv2-certs-volume-{{ $index }} - emptyDir: - medium: Memory -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "common.certServiceClient.volumeMounts" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}} -{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} -{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}} -{{- range $index, $certificate := $dot.Values.certificates -}} -{{- $mountPath := $certificate.mountPath -}} -- mountPath: {{ $mountPath }} - name: cmpv2-certs-volume-{{ $index }} -{{ end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 695e40616c..02595b348d 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -15,7 +15,6 @@ global: # Enabling CMPv2 cmpv2Enabled: true - CMPv2CertManagerIntegration: false certificate: default: @@ -35,17 +34,6 @@ global: keystorePasswordSecretKey: password truststorePasswordSecretName: oom-cert-service-truststore-password truststorePasswordSecretKey: password - certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 - certificatesSecretMountPath: /etc/onap/oom/certservice/certs/ - envVariables: - certPath: "/var/custom-certs" - # Certificate related - caName: "RA" - # Client configuration related - requestURL: "https://oom-cert-service:8443/v1/certificate/" - requestTimeout: "30000" - outputType: "P12" certPostProcessor: image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 0157b7063e..1bbab11af4 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: 'file://../repositoryGenerator' + - name: serviceAccount + version: ~8.x-0 + repository: 'file://../serviceAccount' diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index ad3e4cf128..6538ad0836 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -128,6 +128,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index ae1d85795d..0f91bbd882 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -186,3 +186,8 @@ resources: memory: 4Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dgbuilder + roles: + - read diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index fa4b007a5a..f130bb5118 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash + {{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics @@ -22,8 +23,15 @@ set -e while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" - USER=${!USER_VAR} - PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` +{{/* + # USER=${!USER_VAR} + # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` + # eval replacement of the bashism equivalents above might present a security issue here + # since it reads content from DB values filled by helm at the end of the script. + # These possible values has to be constrainted and/or limited by helm for a safe use of eval. +*/}} + eval USER=\$$USER_VAR + PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g") MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 91f21ab0c9..488db054a0 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -83,10 +83,6 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }} {{- end -}} -{{- define "repositoryGenerator.image.certserviceclient" -}} - {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }} -{{- end -}} - {{- define "repositoryGenerator.image.dcaepolicysync" -}} {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }} {{- end -}} @@ -143,7 +139,7 @@ {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{- $repoCreds := "" }} - {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- if $subchartDot.Values.global.repositoryCred }} {{- $repo := $subchartDot.Values.global.repository }} {{- $cred := $subchartDot.Values.global.repositoryCred }} {{- $mail := default "@" $cred.mail }} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 8a68f6dd9c..bf21e2da08 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -23,7 +23,6 @@ global: # common global images busyboxImage: busybox:1.32 curlImage: curlimages/curl:7.69.1 - certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest @@ -56,7 +55,6 @@ global: imageRepoMapping: busyboxImage: dockerHubRepository curlImage: dockerHubRepository - certServiceClientImage: repository envsubstImage: dockerHubRepository htpasswdImage: dockerHubRepository jreImage: repository diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 67bbfd6c6f..163877deca 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -1,5 +1,5 @@ #!/bin/bash -e -# + # Copyright 2020 Samsung Electronics Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -70,7 +70,8 @@ ingress_controller_ip() { deploy() { local ingress_ip=$(ingress_controller_ip) - pushd "$SPATH/bind9dns" > /dev/null + initdir = $(pwd) + cd $SPATH/bind9dns if [ $# -eq 0 ]; then local cl_domain="simpledemo.onap.org" else @@ -82,7 +83,7 @@ deploy() { shift fi helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ - popd > /dev/null + cd $initdir target_machine_notice_info } diff --git a/kubernetes/dcaegen2-services/Makefile b/kubernetes/dcaegen2-services/Makefile index bf267b7720..70bb031af3 100644 --- a/kubernetes/dcaegen2-services/Makefile +++ b/kubernetes/dcaegen2-services/Makefile @@ -1,4 +1,5 @@ # Copyright © 2020 Samsung Electronics +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,10 +14,12 @@ # limitations under the License. ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist +OUTPUT_DIR := $(ROOT_DIR)/../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +HELM_REPO := local + EXCLUDES := HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) @@ -40,8 +43,8 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi + @sleep 3 clean: @rm -f */requirements.lock diff --git a/kubernetes/dcaegen2-services/common/Makefile b/kubernetes/dcaegen2-services/common/Makefile index bf267b7720..4a6491d8cc 100644 --- a/kubernetes/dcaegen2-services/common/Makefile +++ b/kubernetes/dcaegen2-services/common/Makefile @@ -1,4 +1,5 @@ # Copyright © 2020 Samsung Electronics +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +HELM_REPO := local + EXCLUDES := HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) @@ -40,8 +43,8 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi + @sleep 3 clean: @rm -f */requirements.lock diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 310d9ae662..328a4c625f 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -495,7 +495,7 @@ spec: */}} {{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}} {{- $certDir := default "" .Values.certDirectory . -}} - {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}} + {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}} true {{- end -}} {{- end -}} diff --git a/kubernetes/dcaegen2-services/components/Makefile b/kubernetes/dcaegen2-services/components/Makefile index bf267b7720..98dfb97f8f 100644 --- a/kubernetes/dcaegen2-services/components/Makefile +++ b/kubernetes/dcaegen2-services/components/Makefile @@ -1,4 +1,5 @@ # Copyright © 2020 Samsung Electronics +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +HELM_REPO := local + EXCLUDES := HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) @@ -40,8 +43,8 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi + @sleep 5 clean: @rm -f */requirements.lock diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml index 929cdbbc5f..d45745404d 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2021 J. F. Lucas. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common' + repository: '@local' - name: certManagerCertificate version: ~8.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 223789a75f..64e4ba9b43 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -68,7 +68,6 @@ secrets: # It is used only when: # - certDirectory is set # - global cmpv2Enabled flag is set to true -# - global CertManagerIntegration flag is set to true # - flag useCmpv2Certificates is set to true # Disabled by default useCmpv2Certificates: false diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml index 3d8c24b131..0ebda2eed5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml @@ -1,6 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (C) 2021 Nordix Foundation. +# Copyright (c) 2021 AT&T. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +18,6 @@ apiVersion: v1 appVersion: "Honolulu" -description: A Helm chart for DCAE PMSH +description: DCAE PMSH Service name: dcae-pmsh -version: 8.0.0
\ No newline at end of file +version: 8.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml index 13f9a6aedd..4dfc837bf8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml @@ -30,4 +30,4 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml index 639fc2c740..80e79fe28e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,4 +25,4 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common' + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml new file mode 100644 index 0000000000..64b0d0f96a --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml @@ -0,0 +1,23 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE SliceAnalysis MS charts +name: dcae-slice-analysis-ms +version: 8.0.0 + diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml new file mode 100644 index 0000000000..9cab8e92e6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml @@ -0,0 +1,34 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: postgres + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: readinessCheck + version: ~8.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~8.x-0 + repository: '@local' + diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml index 504947525d..26be310888 100644 --- a/kubernetes/common/cmpv2Certificate/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml @@ -1,13 +1,20 @@ -# Copyright © 2021 Nokia -# +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml new file mode 100644 index 0000000000..02b5df8135 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.microserviceDeployment" . }} diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml index b10896d2ce..c4596e5b21 100644 --- a/kubernetes/common/cmpv2Certificate/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml @@ -1,24 +1,20 @@ -# Copyright © 2021 Nokia -# +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# ============LICENSE_END========================================================= +*/}} -dependencies: - - name: common - version: ~8.x-0 - repository: 'file://../common' - - name: repositoryGenerator - version: ~8.x-0 - repository: 'file://../repositoryGenerator' - - name: cmpv2Config - version: ~8.x-0 - repository: 'file://../cmpv2Config' +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml index 6641ec6954..ba0283dda5 100644 --- a/kubernetes/common/cmpv2Certificate/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml @@ -1,18 +1,20 @@ -# Copyright © 2021 Nokia -# +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 Wipro Limited. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# ============LICENSE_END========================================================= +*/}} -apiVersion: v1 -description: Template used to add cmpv2 certificates to components -name: cmpv2Certificate -version: 8.0.0 +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml new file mode 100644 index 0000000000..6790541bd9 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -0,0 +1,212 @@ +# ============= LICENSE_START ================================================ +# ============================================================================ +# Copyright (C) 2021 Wipro Limited. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============= LICENSE_END ================================================== + +################################################################# +# Global Configuration Defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat Configuration Defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# Secrets Configuration. +################################################################# +secrets: + - uid: &aafCredsUID aafcreds + type: basicAuth + login: '{{ .Values.aafCreds.identity }}' + password: '{{ .Values.aafCreds.password }}' + passwordPolicy: required + - uid: &pgUserCredsSecretUid pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sliceanalysisms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +################################aafcreds################################# +# InitContainer Images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application Configuration Defaults. +################################################################# +# Application Image +image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4 + +# Log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /var/log/ONAP/dcaegen2/services/sliceanalysisms + +# Directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /opt/app/sliceanalysisms/etc/cert/ + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +# Dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + - &postgresName dcae-sliceanalysisms-postgres + +# Probe Configuration +readiness: + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 1 + path: /healthcheck + scheme: HTTP + port: 8080 + +# Service Configuration +service: + type: ClusterIP + name: dcae-slice-analysis-ms + ports: + - name: https + port: 8080 + port_protocol: http + +# AAF Credentials +aafCreds: + identity: dcae@dcae.onap.org + password: demo123456! + +credentials: +- name: AAF_IDENTITY + uid: *aafCredsUID + key: login +- name: AAF_PASSWORD + uid: *aafCredsUID + key: password +- name: PG_USERNAME + uid: *pgUserCredsSecretUid + key: login +- name: PG_PASSWORD + uid: *pgUserCredsSecretUid + key: password + +# Initial Application Configuration +applicationConfig: + aafUsername: ${AAF_IDENTITY} + aafPassword: ${AAF_PASSWORD} + postgres.host: dcae-sliceanalysisms-pg-primary + postgres.port: 5432 + postgres.username: ${PG_USERNAME} + postgres.password: ${PG_PASSWORD} + trust_store_path: /opt/app/sliceanalysisms/etc/cert/trust.jks + trust_store_pass_path: /opt/app/sliceanalysisms/etc/cert/trust.pass + sliceanalysisms.pollingInterval: 20 + sliceanalysisms.pollingTimeout: 60 + cbsPollingInterval: 60 + sliceanalysisms.namespace: onap + sliceanalysisms.dmaap.server: ["message-router"] + sliceanalysisms.bufferTime: 60 + sliceanalysisms.cg: sliceanalysisms-cg + sliceanalysisms.cid: sliceanalysisms-cid + sliceanalysisms.configDb.service: http://config-db:8080 + sliceanalysisms.configDbEnabled: true + sliceanalysisms.aai.url: https://aai.onap.svc.cluster.local:8443/aai/v21 + sliceanalysisms.cps.url: https://cps:8088 + sliceanalysisms.samples: 3 + sliceanalysisms.minPercentageChange: 5 + sliceanalysisms.initialDelaySeconds: 120000 + streams_publishes: + CL_topic: + type: message-router + aaf_username: ${AAF_IDENTITY} + aaf_password: ${AAF_PASSWORD} + dmaap_info: + topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.DCAE_CL_OUTPUT + streams_subscribes: + performance_management_topic: + type: message-router + aaf_username: ${AAF_IDENTITY} + aaf_password: ${AAF_PASSWORD} + dmaap_info: + topic_url: https://message-router.onap.svc.cluster.local:3905/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS + intelligent_slicing_topic: + type: message-router + aaf_username: ${AAF_IDENTITY} + aaf_password: ${AAF_PASSWORD} + dmaap_info: + topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.ML_RESPONSE_TOPIC + dcae_cl_response_topic: + type: message-router + aaf_username: ${AAF_IDENTITY} + aaf_password: ${AAF_PASSWORD} + dmaap_info: + topic_url: https://message-router.onap.svc.cluster.local:3905/events/DCAE_CL_RSP + +applicationEnv: + STANDALONE: 'false' + +# Resource Limit Flavor -By Default Using Small +flavor: small +# Segregation for Different Environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} + +################################################################# +# Application configuration Overriding Defaults in the Postgres. +################################################################# +postgres: + nameOverride: *postgresName + service: + name: *postgresName + name2: dcae-sliceanalysisms-pg-primary + name3: dcae-sliceanalysisms-pg-replica + container: + name: + primary: dcae-sliceanalysisms-pg-primary + replica: dcae-sliceanalysisms-pg-replica + persistence: + mountSubPath: sliceanalysisms/data + mountInitPath: sliceanalysisms + config: + pgUserName: sliceanalysisms + pgDatabase: sliceanalysisms + pgUserExternalSecret: *pgUserCredsSecretName diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml index 021c357f35..02a2a674c3 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2020 J. F. Lucas. All rights reserved. +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,4 +25,4 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common' + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml index 929cdbbc5f..d45745404d 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2021 J. F. Lucas. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,7 @@ dependencies: repository: '@local' - name: dcaegen2-services-common version: ~8.x-0 - repository: 'file://../../common/dcaegen2-services-common' + repository: '@local' - name: certManagerCertificate version: ~8.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 9e08ea1a69..982d770595 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -61,7 +61,6 @@ tlsServer: true # It is used only when: # - certDirectory is set # - global cmpv2Enabled flag is set to true -# - global CertManagerIntegration flag is set to true # - flag useCmpv2Certificates is set to true # Disabled by default useCmpv2Certificates: false diff --git a/kubernetes/dcaegen2-services/requirements.yaml b/kubernetes/dcaegen2-services/requirements.yaml index faf0b69875..e59fe98205 100644 --- a/kubernetes/dcaegen2-services/requirements.yaml +++ b/kubernetes/dcaegen2-services/requirements.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2021 AT&T. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,25 +19,36 @@ dependencies: repository: '@local' - name: dcae-ms-healthcheck version: ~8.x-0 - repository: 'file://components/dcae-ms-healthcheck' + repository: '@local' + #repository: 'file://components/dcae-ms-healthcheck' condition: dcae-ms-healthcheck.enabled - name: dcae-pmsh version: ~8.x-0 - repository: 'file://components/dcae-pmsh' + repository: '@local' + #repository: 'file://components/dcae-pmsh' condition: dcae-pmsh.enabled - name: dcae-prh version: ~8.x-0 - repository: 'file://components/dcae-prh' + repository: '@local' + #repository: 'file://components/dcae-prh' condition: dcae-bootstrap.enabled - name: dcae-tcagen2 version: ~8.x-0 - repository: 'file://components/dcae-tcagen2' + repository: '@local' + #repository: 'file://components/dcae-tcagen2' condition: dcae-tcagen2.enabled - name: dcae-ves-collector version: ~8.x-0 - repository: 'file://components/dcae-ves-collector' + repository: '@local' + #repository: 'file://components/dcae-ves-collector' condition: dcae-ves-collector.enabled - name: dcae-hv-ves-collector version: ~8.x-0 - repository: 'file://components/dcae-hv-ves-collector' + repository: '@local' + #repository: 'file://components/dcae-hv-ves-collector' condition: dcae-hv-ves-collector.enabled + - name: dcae-slice-analysis-ms + version: ~8.x-0 + repository: '@local' + #repository: 'file://components/dcae-slice-analysis-ms' + condition: dcae-slice-analysis-ms.enabled diff --git a/kubernetes/dcaegen2-services/templates/configmap.yaml b/kubernetes/dcaegen2-services/templates/configmap.yaml index 32451cdee7..92662a251e 100644 --- a/kubernetes/dcaegen2-services/templates/configmap.yaml +++ b/kubernetes/dcaegen2-services/templates/configmap.yaml @@ -40,4 +40,4 @@ metadata: name: {{ include "common.release" . }}-dcae-external-repo-configmap-sa91-rel16 namespace: {{ include "common.namespace" . }} data: -{{ (.Files.Glob "resources/external/schema/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file +{{ (.Files.Glob "resources/external/schemas/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index 5682ce7194..50aa21741b 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -25,3 +25,5 @@ dcae-tcagen2: enabled: true dcae-ves-collector: enabled: true +dcae-slice-analysis-ms: + enabled: false diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json index 3c769fca5f..fb1a40edfd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json @@ -41,9 +41,6 @@ "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" }, "external_cert": { - "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}", - "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}", - "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}", "country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}", "organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}", "state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}", @@ -61,7 +58,7 @@ "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" }, "cmpv2_issuer": { - "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}", + "enabled": "true", "name": "{{ .Values.cmpv2issuer.name }}" } } diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 98511395b0..10fb4430ea 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -28,8 +28,6 @@ global: repositoryCred: user: docker password: docker - # Enabling CMPv2 with CertManager - CMPv2CertManagerIntegration: false cmpv2issuer: name: cmpv2-issuer-onap diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index a1431488b8..83914d423c 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -103,10 +103,10 @@ flavor: small resources: small: limits: - cpu: 2 - memory: 2Gi + cpu: 4000m + memory: 4Gi requests: - cpu: 1 + cpu: 1500m memory: 1Gi large: limits: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index d6c447240d..521cf2ff8b 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -20,7 +20,6 @@ global: addTestingComponents: &testing true centralizedLoggingEnabled: ¢ralizedLogging false - CMPv2CertManagerIntegration: false cassandra: enabled: true mariadb-galera: diff --git a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml index 643d3065c1..7b3603c041 100644 --- a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml +++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml @@ -1,5 +1,5 @@ # Copyright © 2020 Nordix Foundation -# Modifications Copyright © 2020 Nokia +# Modifications Copyright © 2020-2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,15 +35,17 @@ ################################################################# global: cmpv2Enabled: true - CMPv2CertManagerIntegration: true - platform: - certServiceClient: - envVariables: - # Certificate related - cmpv2Organization: "Linux-Foundation" - cmpv2OrganizationalUnit: "ONAP" - cmpv2Location: "San-Francisco" - cmpv2State: "California" - cmpv2Country: "US" - # Client configuration related - caName: "RA" + certificate: + default: + renewBefore: 720h #30 days + duration: 8760h #365 days + subject: + organization: "Linux-Foundation" + country: "US" + locality: "San-Francisco" + province: "California" + organizationalUnit: "ONAP" + issuer: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index d91284a6c3..0e2b13b473 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -194,7 +194,6 @@ global: # Enabling CMPv2 cmpv2Enabled: true - CMPv2CertManagerIntegration: false platform: certificates: clientSecretName: oom-cert-service-client-tls-secret @@ -204,17 +203,6 @@ global: keystorePasswordSecretKey: password truststorePasswordSecretName: oom-cert-service-certificates-password truststorePasswordSecretKey: password - certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 - certificatesSecretMountPath: /etc/onap/oom/certservice/certs/ - envVariables: - certPath: "/var/custom-certs" - # Certificate related - caName: "RA" - # Client configuration related - requestURL: "https://oom-cert-service:8443/v1/certificate/" - requestTimeout: "30000" - outputType: "P12" # Indicates offline deployment build # Set to true if you are rendering helm charts for offline deployment diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml index 9ba61a5f57..ae4ae81f02 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.CMPv2CertManagerIntegration }} +{{ if .Values.global.cmpv2Enabled }} # ============LICENSE_START======================================================= # Copyright (c) 2020 Nokia diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml index 3a993734e4..8bcbc1f7d0 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.CMPv2CertManagerIntegration }} +{{ if .Values.global.cmpv2Enabled }} # ============LICENSE_START======================================================= # Copyright (c) 2020 Nokia diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml index add5622f41..f976a80268 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.CMPv2CertManagerIntegration }} +{{ if .Values.global.cmpv2Enabled }} # ============LICENSE_START======================================================= # Copyright (c) 2020 Nokia diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml index 152bd68ba6..bc689cc68f 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml @@ -1,4 +1,4 @@ -{{ if .Values.global.CMPv2CertManagerIntegration }} +{{ if .Values.global.cmpv2Enabled }} # ============LICENSE_START======================================================= # Copyright (c) 2020 Nokia diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index fd34b1ef28..55c4d0beac 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -21,7 +21,6 @@ global: busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest repository: "nexus3.onap.org:10001" - CMPv2CertManagerIntegration: false namespace: onap diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml index d21fb791e2..a30dabbcc2 100644 --- a/kubernetes/platform/values.yaml +++ b/kubernetes/platform/values.yaml @@ -28,11 +28,6 @@ global: cmpv2Enabled: true addTestingComponents: false - certService: - certServiceClient: - secret: - name: oom-cert-service-client-tls-secret - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index c4a21b927f..411ed8e667 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -eo pipefail shopt -s nullglob @@ -30,10 +31,15 @@ file_env() { mysql_error "Both $var and $fileVar are set (but are exclusive)" fi local val="$def" + # val="${!var}" + # val="$(< "${!fileVar}")" + # eval replacement of the bashism equivalents above presents no security issue here + # since var and fileVar variables contents are derived from the file_env() function arguments. + # This method is only called inside this script with a limited number of possible values. if [ "${!var:-}" ]; then - val="${!var}" + eval val=\$$var elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" + val="$(< "$(eval echo "\$$fileVar")")" fi export "$var"="$val" unset "$fileVar" @@ -323,7 +329,7 @@ _main() { # If container is started as root user, restart as dedicated mysql user if [ "$(id -u)" = "0" ]; then mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "$BASH_SOURCE" "$@" + exec gosu mysql "$0" "$@" fi # there's no database, so it needs to be initialized diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh index f4f6b04e4c..623870b9f3 100755 --- a/kubernetes/robot/instantiate-k8s.sh +++ b/kubernetes/robot/instantiate-k8s.sh @@ -1,4 +1,5 @@ #!/bin/bash + # Copyright 2019 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +THIS_DIR="$( cd "$( dirname "$0" )" >/dev/null 2>&1 && pwd )" NAMESPACE= FOLDER= @@ -138,13 +139,13 @@ kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/stack kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/results.json "$OUTPUT_DIRECTORY"/results.json kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/log.html "$OUTPUT_DIRECTORY"/log.html -pushd . +initdir=$(pwd) # echo -e "import hashlib\nwith open(\"README.md\", \"r\") as f: bytes = f.read()\nreadable_hash = hashlib.sha256(bytes).hexdigest()\nprint(readable_hash)" | python cd "$OUTPUT_DIRECTORY" tar -czvf vnf_heat_results.tar.gz * -popd +cd $initdir echo "VNF test results: $OUTPUT_DIRECTORY/vnf_heat_results.tar.gz" diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml index b36d051041..b684a0e11f 100644 --- a/kubernetes/sdc/components/sdc-be/requirements.yaml +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 346534ce57..d731a56c5c 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -197,6 +197,7 @@ spec: requests: cpu: 3m memory: 20Mi + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 3e5c58b0bc..070583bfc2 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -161,3 +161,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdc-be + roles: + - read diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml index 8febe6fac4..7d9ea04952 100644 --- a/kubernetes/sdc/components/sdc-cs/requirements.yaml +++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index bb218bbfae..fb849b9f25 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -96,6 +96,7 @@ spec: requests: cpu: 200m memory: 300Mi + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 2308f95fb2..fed4769202 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -103,3 +103,9 @@ persistence: ingress: enabled: false + +#Pods Service Account +serviceAccount: + nameOverride: sdc-cs + roles: + - read diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml index b36d051041..b684a0e11f 100644 --- a/kubernetes/sdc/components/sdc-fe/requirements.yaml +++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 407d61c904..dcb17d0ba2 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -189,6 +189,7 @@ spec: requests: cpu: 3m memory: 20Mi + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 82afc4d3db..e9b2eee8db 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -143,3 +143,9 @@ resources: cpu: 80m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdc-fe + roles: + - read diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml index b36d051041..b684a0e11f 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 257f8b79a5..2bd53ff91b 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -213,6 +213,7 @@ spec: requests: cpu: 3m memory: 20Mi + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f09958e811..aa7d535db3 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -175,3 +175,9 @@ resources: cpu: 80m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdc-onboarding-be + roles: + - read diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml index b36d051041..b684a0e11f 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index de75092f8a..343bda8ff9 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -144,6 +144,7 @@ spec: value: "{{ .Values.config.serverSSLTrustStoreType }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index d4414f1986..8b61567114 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -160,3 +160,9 @@ resources: cpu: 80m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdc-wfd-be + roles: + - read diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml index b36d051041..b684a0e11f 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index b8073d723d..d221c07612 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -178,6 +178,7 @@ spec: requests: cpu: 3m memory: 20Mi + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 3cc9b9542f..d8ee5c8285 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -139,3 +139,9 @@ resources: cpu: 80m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdc-wfd-fe + roles: + - read diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 0c82f9581d..ac0e6ed868 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -21,9 +21,6 @@ dependencies: - name: certInitializer version: ~8.x-0 repository: '@local' - - name: cmpv2Certificate - version: ~8.x-0 - repository: '@local' - name: certManagerCertificate version: ~8.x-0 repository: '@local' diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties index 57a16bd488..303e504aa9 100644 --- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties +++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties @@ -23,7 +23,6 @@ topic=unauthenticated.SEC_FAULT_OUTPUT contenttype=application/json group=myG id=C1 -timeout=50000 limit=10000 [pnfRegistration] @@ -41,5 +40,4 @@ topic=unauthenticated.VES_PNFREG_OUTPUT contenttype=application/json group=myG id=C1 -timeout=50000 limit=10000 diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml index c4eca61e35..acf9012099 100644 --- a/kubernetes/sdnc/templates/certificates.yaml +++ b/kubernetes/sdnc/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{ if .Values.global.cmpv2Enabled }} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 8a7259ba0d..f0ee8a9456 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -155,7 +155,6 @@ spec: name: {{ include "common.name" . }}-readiness {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} -{{ include "common.certServiceClient.initContainer" . | indent 6 }} - name: {{ include "common.name" . }}-chown image: {{ include "repositoryGenerator.image.busybox" . }} command: @@ -178,7 +177,7 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} + {{- if .Values.global.cmpv2Enabled }} {{- $linkCommand := include "common.certManager.linkVolumeMounts" . }} lifecycle: postStart: @@ -312,8 +311,7 @@ spec: value: "{{ .Values.config.sdnr.netconfCallHome.enabled | default "false" }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} -{{ include "common.certServiceClient.volumeMounts" . | indent 10 }} -{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if .Values.global.cmpv2Enabled }} {{ include "common.certManager.volumeMounts" . | indent 10 }} {{- end }} - mountPath: /etc/localtime @@ -437,8 +435,7 @@ spec: emptyDir: {} {{ else }} {{ include "common.certInitializer.volumes" . | nindent 8 }} -{{ include "common.certServiceClient.volumes" . | nindent 8 }} -{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if .Values.global.cmpv2Enabled }} {{ include "common.certManager.volumes" . | nindent 8 }} {{- end }} volumeClaimTemplates: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index b22b6758d2..6ab96adde7 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -30,8 +30,6 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - # Enabling CMPv2 with CertManager - CMPv2CertManagerIntegration: false ################################################################# # Secrets metaconfig @@ -461,6 +459,8 @@ dgbuilder: dbServiceName: mariadb-galera # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + serviceAccount: + nameOverride: sdnc-dgbuilder mariadb-galera: service: name: sdnc-dgbuilder diff --git a/kubernetes/so/components/so-admin-cockpit/requirements.yaml b/kubernetes/so/components/so-admin-cockpit/requirements.yaml index 730d75ae80..724526613d 100755 --- a/kubernetes/so/components/so-admin-cockpit/requirements.yaml +++ b/kubernetes/so/components/so-admin-cockpit/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml index 9de1b50c8c..4b46721c2a 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml @@ -118,6 +118,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml index d59189b98b..6cba922571 100644 --- a/kubernetes/so/components/so-admin-cockpit/values.yaml +++ b/kubernetes/so/components/so-admin-cockpit/values.yaml @@ -159,3 +159,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-admin-cockpit + roles: + - read diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml index f8b1d7445e..f8c29f83f8 100755 --- a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml @@ -24,3 +24,7 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' + diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index 142ae725d6..d6584250e2 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -81,6 +81,7 @@ spec: mountPath: /app/config readOnly: true {{ include "so.helpers.livenessProbe" .| indent 8 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml index 310cb9f323..724fcbd032 100644 --- a/kubernetes/so/components/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -158,3 +158,9 @@ appc: key: VIlbtVl6YLhNUrtU secret: 64AG2hF4pYeG2pq7CT6XwUOT service: ueb + +#Pods Service Account +serviceAccount: + nameOverride: so-appc-orchestrator + roles: + - read diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-bpmn-infra/requirements.yaml +++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 6e117cd8bf..2609e99781 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -103,6 +103,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 3e59cbfd74..09ad91191d 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -165,3 +165,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-bpmn-infra + roles: + - read diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index f756448e2b..30e55511cc 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -87,6 +87,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index 6308e9f8de..f3d6bdbcb9 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -148,3 +148,9 @@ config: nodeSelector: {} tolerations: [] affinity: {} + +serviceAccount: + nameOverride: so-catalog-db-adapter + roles: + - read + diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml index ce294949a2..6f2b29e6ba 100755 --- a/kubernetes/so/components/so-cnf-adapter/requirements.yaml +++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml @@ -28,3 +28,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml index 0d80b2a9ae..340571a59b 100755 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -104,6 +104,7 @@ spec: timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index 2d6d57b2f1..f3d53c974c 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -165,3 +165,8 @@ nodeSelector: {} tolerations: [] affinity: {} +#Pods Service Account +serviceAccount: + nameOverride: so-cnf-adapter + roles: + - read diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml index f8b1d7445e..421fe7e290 100755 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index c33dcb7f32..6465af4e4a 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -83,6 +83,7 @@ spec: successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} ports: {{ include "common.containerPorts" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 363ce40cae..57bf2f3c17 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -161,3 +161,9 @@ nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-etsi-nfvo-ns-lcm + roles: + - read diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml index f8b1d7445e..421fe7e290 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml index 29ebd97229..3272bfd299 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml @@ -78,6 +78,7 @@ spec: - containerPort: {{ .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml index b8a7776da6..42554bb5a2 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml @@ -109,3 +109,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-etsi-sol003-adapter + roles: + - read diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml index c769961059..4f8f4d9f26 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml @@ -96,6 +96,7 @@ spec: - containerPort: {{ .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml index d43bffd71b..31b925576b 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml @@ -134,3 +134,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-etsi-sol005-adapter + roles: + - read diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml index a9e9697689..b182a7008b 100755 --- a/kubernetes/so/components/so-mariadb/requirements.yaml +++ b/kubernetes/so/components/so-mariadb/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: readinessCheck version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml index 0eeba7b61a..178dff0261 100644 --- a/kubernetes/so/components/so-mariadb/templates/job.yaml +++ b/kubernetes/so/components/so-mariadb/templates/job.yaml @@ -60,6 +60,7 @@ spec: readOnly: true - name: backup-storage mountPath: /var/data/mariadb + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index 2dfd5b831f..58e34b78d6 100755 --- a/kubernetes/so/components/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -181,3 +181,9 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: so/migration + +#Pods Service Account +serviceAccount: + nameOverride: so-mariadb + roles: + - read diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index dde03a4aad..f41352e63f 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -93,6 +93,7 @@ spec: timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index c9f13b9d76..583f9ad3e8 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -155,3 +155,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-nssmf-adapter + roles: + - read diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml index 12f93f95a6..4d6d760eef 100644 --- a/kubernetes/so/components/so-oof-adapter/requirements.yaml +++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml index 62ebfff99f..5e8869ce11 100755 --- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -83,6 +83,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index 5de0866b9a..240f05f204 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -139,3 +139,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-oof-adapter + roles: + - read diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-openstack-adapter/requirements.yaml +++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index 6e117cd8bf..2609e99781 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -103,6 +103,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 29fc50b2b2..ff0277bf14 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -152,3 +152,9 @@ config: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-openstack-adapter + roles: + - read diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-request-db-adapter/requirements.yaml +++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index f756448e2b..30e55511cc 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -87,6 +87,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index c117a7434a..61ec26d1f6 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -133,3 +133,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-request-db-adapter + roles: + - read diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-sdc-controller/requirements.yaml +++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 6e117cd8bf..2609e99781 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -103,6 +103,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index b1d7173a62..4b6eceecdd 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -141,3 +141,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-sdc-controller + roles: + - read diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml index f8b1d7445e..421fe7e290 100755 --- a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 7b32cb6050..703186e292 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -107,6 +107,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index 9a67ef8220..8f3565ed3e 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -162,3 +162,9 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-sdnc-adapter + roles: + - read diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml index ff6f19ddde..1ea0239014 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: soHelpers version: ~8.x-0 repository: 'file://../soHelpers' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml index ac4f574bec..9a6b79c440 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -48,6 +48,7 @@ spec: successThreshold: {{ .Values.livenessProbe.successThreshold}} failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: {{- include "common.containerPorts" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 83ec78d857..8e8236cfb4 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -84,3 +84,9 @@ livenessProbe: nodeSelector: {} tolerations: [] affinity: {} + +#Pods Service Account +serviceAccount: + nameOverride: so-ve-vnfm-adapter + roles: + - read diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 06fc6e9eb5..f2fc70c1f9 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -91,3 +91,6 @@ dependencies: version: ~8.x-0 repository: 'file://components/so-etsi-sol005-adapter' condition: so-etsi-sol005-adapter.enabled + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh index 52ba27ddca..3a9ef84834 100755 --- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh +++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh @@ -37,7 +37,7 @@ trap "kill -TERM $JBOSS_PID" INT trap "kill -QUIT $JBOSS_PID" QUIT trap "kill -PIPE $JBOSS_PID" PIPE trap "kill -TERM $JBOSS_PID" TERM -if [ "x$JBOSS_PIDFILE" != "x" ]; then +if [ "$JBOSS_PIDFILE" != "" ]; then echo $JBOSS_PID > $JBOSS_PIDFILE fi # Wait until the background process exits @@ -60,6 +60,6 @@ if [ "$JBOSS_STATUS" -ne 10 ]; then # Wait for a complete shudown wait $JBOSS_PID 2>/dev/null fi -if [ "x$JBOSS_PIDFILE" != "x" ]; then +if [ "$JBOSS_PIDFILE" != "" ]; then grep "$JBOSS_PID" $JBOSS_PIDFILE && rm $JBOSS_PIDFILE fi diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 6e117cd8bf..2609e99781 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -103,6 +103,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index ba98c344ac..f0bb7d1fe5 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -378,3 +378,9 @@ so-etsi-sol005-adapter: so-etsi-sol003-adapter: enabled: true + +#Pods Service Account +serviceAccount: + nameOverride: so + roles: + - read |