summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/a1policymanagement/templates/pv.yaml26
-rw-r--r--kubernetes/a1policymanagement/templates/pvc.yaml41
-rw-r--r--kubernetes/a1policymanagement/templates/statefulset.yaml (renamed from kubernetes/a1policymanagement/templates/deployment.yaml)26
-rw-r--r--kubernetes/a1policymanagement/values.yaml3
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml2
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh4
-rw-r--r--kubernetes/appc/values.yaml3
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/requirements.yaml3
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml1
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml6
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/requirements.yaml3
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/templates/deployment.yaml1
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/values.yaml6
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/requirements.yaml3
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/templates/deployment.yaml1
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/values.yaml6
-rwxr-xr-xkubernetes/cds/components/cds-sdc-listener/requirements.yaml3
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml1
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/values.yaml6
-rw-r--r--kubernetes/cds/components/cds-ui/requirements.yaml3
-rw-r--r--kubernetes/cds/components/cds-ui/templates/deployment.yaml1
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml6
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh9
-rw-r--r--kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl189
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml12
-rw-r--r--kubernetes/common/dgbuilder/requirements.yaml3
-rw-r--r--kubernetes/common/dgbuilder/templates/deployment.yaml1
-rw-r--r--kubernetes/common/dgbuilder/values.yaml5
-rwxr-xr-xkubernetes/common/mariadb-init/resources/config/db_init.sh12
-rw-r--r--kubernetes/common/repositoryGenerator/templates/_repository.tpl6
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml2
-rwxr-xr-xkubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh7
-rw-r--r--kubernetes/dcaegen2-services/Makefile9
-rw-r--r--kubernetes/dcaegen2-services/common/Makefile7
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl2
-rw-r--r--kubernetes/dcaegen2-services/components/Makefile7
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml1
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml23
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml34
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml (renamed from kubernetes/common/cmpv2Certificate/values.yaml)13
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml20
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml (renamed from kubernetes/common/cmpv2Certificate/requirements.yaml)22
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml (renamed from kubernetes/common/cmpv2Certificate/Chart.yaml)16
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml212
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml1
-rw-r--r--kubernetes/dcaegen2-services/requirements.yaml24
-rw-r--r--kubernetes/dcaegen2-services/templates/configmap.yaml2
-rw-r--r--kubernetes/dcaegen2-services/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json5
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml8
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml1
-rw-r--r--kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml28
-rwxr-xr-xkubernetes/onap/values.yaml12
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml1
-rw-r--r--kubernetes/platform/values.yaml5
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh12
-rwxr-xr-xkubernetes/robot/instantiate-k8s.sh7
-rw-r--r--kubernetes/sdc/components/sdc-be/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/deployment.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml6
-rw-r--r--kubernetes/sdc/components/sdc-cs/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-cs/templates/job.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml6
-rw-r--r--kubernetes/sdc/components/sdc-fe/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/deployment.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml6
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml6
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/values.yaml6
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml6
-rw-r--r--kubernetes/sdnc/requirements.yaml3
-rw-r--r--kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties2
-rw-r--r--kubernetes/sdnc/templates/certificates.yaml2
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml9
-rw-r--r--kubernetes/sdnc/values.yaml4
-rwxr-xr-xkubernetes/so/components/so-admin-cockpit/requirements.yaml3
-rw-r--r--kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml1
-rw-r--r--kubernetes/so/components/so-admin-cockpit/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-appc-orchestrator/requirements.yaml4
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml1
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml5
-rwxr-xr-xkubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml3
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml1
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-mariadb/requirements.yaml3
-rw-r--r--kubernetes/so/components/so-mariadb/templates/job.yaml1
-rwxr-xr-xkubernetes/so/components/so-mariadb/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/values.yaml6
-rw-r--r--kubernetes/so/components/so-oof-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml3
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/values.yaml6
-rwxr-xr-xkubernetes/so/requirements.yaml3
-rwxr-xr-xkubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh4
-rwxr-xr-xkubernetes/so/templates/deployment.yaml1
-rwxr-xr-xkubernetes/so/values.yaml6
143 files changed, 743 insertions, 415 deletions
diff --git a/kubernetes/a1policymanagement/templates/pv.yaml b/kubernetes/a1policymanagement/templates/pv.yaml
index 904d863b03..0a3cbdeff5 100644
--- a/kubernetes/a1policymanagement/templates/pv.yaml
+++ b/kubernetes/a1policymanagement/templates/pv.yaml
@@ -16,27 +16,5 @@
################################################################################
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if not .Values.persistence.storageClass -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/app
-{{- end -}}
-{{- end -}}
+
+{{ include "common.replicaPV" . }}
diff --git a/kubernetes/a1policymanagement/templates/pvc.yaml b/kubernetes/a1policymanagement/templates/pvc.yaml
deleted file mode 100644
index 4183edfdbb..0000000000
--- a/kubernetes/a1policymanagement/templates/pvc.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-################################################################################
-# Copyright (c) 2021 Nordix Foundation. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- {{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
- {{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.fullname" . }}-data
-{{- end -}}
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 0d8399c8b3..54ee1515bc 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -17,17 +17,11 @@
################################################################################
*/}}
-kind: Deployment
+kind: StatefulSet
apiVersion: apps/v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ index .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
@@ -108,8 +102,8 @@ spec:
subPath: application_configuration.json
- name: config
mountPath: /opt/app/policy-agent/config/application.yaml
- subPath: application.yaml
- - name: vardata
+ subPath: application.yaml
+ - name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
@@ -123,6 +117,10 @@ spec:
- name: config
emptyDir:
medium: Memory
- - name: vardata
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+{{- if not .Values.persistence.enabled }}
+ - name: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - {{include "common.PVCTemplate" . | indent 6 | trim }}
+{{- end }}
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 08590d891c..4768349736 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -20,7 +20,8 @@
global:
nodePortPrefix: 302
-
+ persistence: {}
+
secrets:
- uid: controller-secret
type: basicAuth
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index d630647883..1297809658 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -122,7 +122,7 @@ spec:
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
+ value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 717ea6679c..68b50e1ad6 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -83,7 +83,7 @@ then
show databases like 'sdnctl';
END
)
- if [ "x${sdnc_db_exists}" = "x" ]
+ if [ "${sdnc_db_exists}" = "" ]
then
echo "Installing SDNC database"
${SDNC_HOME}/bin/installSdncDb.sh
@@ -92,7 +92,7 @@ END
show databases like 'appcctl';
END
)
- if [ "x${appc_db_exists}" = "x" ]
+ if [ "${appc_db_exists}" = "" ]
then
echo "Installing APPC database"
${APPC_HOME}/bin/installAppcDb.sh
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 83d00a7545..e3f88b1c37 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -143,7 +143,8 @@ dgbuilder:
dbServiceName: *appc-db
service:
name: appc-dgbuilder
-
+ serviceAccount:
+ nameOverride: appc-dgbuilder
ingress:
enabled: false
service:
diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
index d0ff6231b9..7a3a920087 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index c2e034204c..fd5265d2ce 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -190,6 +190,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index fe60b8023c..71f934fbe5 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -178,3 +178,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-blueprints-processor
+ roles:
+ - read
diff --git a/kubernetes/cds/components/cds-command-executor/requirements.yaml b/kubernetes/cds/components/cds-command-executor/requirements.yaml
index bd647a6c42..96ce828880 100755
--- a/kubernetes/cds/components/cds-command-executor/requirements.yaml
+++ b/kubernetes/cds/components/cds-command-executor/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
index 40238c2513..523339ca70 100755
--- a/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml
@@ -86,6 +86,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml
index f867565915..12a7fe9b40 100755
--- a/kubernetes/cds/components/cds-command-executor/values.yaml
+++ b/kubernetes/cds/components/cds-command-executor/values.yaml
@@ -91,3 +91,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-command-executor
+ roles:
+ - read
diff --git a/kubernetes/cds/components/cds-py-executor/requirements.yaml b/kubernetes/cds/components/cds-py-executor/requirements.yaml
index 626de2fe33..6b7064caca 100755
--- a/kubernetes/cds/components/cds-py-executor/requirements.yaml
+++ b/kubernetes/cds/components/cds-py-executor/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml
index d7b2959fcb..754e0d0f50 100755
--- a/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml
@@ -78,6 +78,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml
index af042c1605..b7338f88aa 100755
--- a/kubernetes/cds/components/cds-py-executor/values.yaml
+++ b/kubernetes/cds/components/cds-py-executor/values.yaml
@@ -110,3 +110,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-py-executor
+ roles:
+ - read
diff --git a/kubernetes/cds/components/cds-sdc-listener/requirements.yaml b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml
index bd647a6c42..96ce828880 100755
--- a/kubernetes/cds/components/cds-sdc-listener/requirements.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
index 7dca49c761..4ac847005e 100644
--- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml
@@ -94,6 +94,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index e46539fb35..4a67317298 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -99,3 +99,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-sdc-listener
+ roles:
+ - read
diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index a4e5fe5603..8f6d158a17 100644
--- a/kubernetes/cds/components/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 359c713ed4..6457ce3736 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -99,6 +99,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 697602f209..e91e999259 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -127,3 +127,9 @@ resources:
cpu: 200m
memory: 200Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-ui
+ roles:
+ - read
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 5b652228a6..5f23a89867 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
set -e
# first arg is `-f` or `--some-option`
@@ -11,7 +12,7 @@ fi
if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
\! -user cassandra -exec chown cassandra '{}' +
- exec gosu cassandra "$BASH_SOURCE" "$@"
+ exec gosu cassandra "$0" "$@"
fi
_ip_address() {
@@ -71,7 +72,8 @@ if [ "$1" = 'cassandra' ]; then
authenticator \
; do
var="CASSANDRA_${yaml^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
@@ -80,7 +82,8 @@ if [ "$1" = 'cassandra' ]; then
for rackdc in dc rack; do
var="CASSANDRA_${rackdc^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
deleted file mode 100644
index f80b06b4d3..0000000000
--- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-{{/*
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{/*
-In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
-certificate will be requested from separate init container
-
-Minimum example of array in target component values.yaml:
-certificates:
- - mountPath: /var/custom-certs
- commonName: common-name
-
-Full example (other fields are ignored):
-certificates:
- - mountPath: /var/custom-certs
- caName: RA
- keystore:
- outputType:
- - jks
- commonName: common-name
- dnsNames:
- - dns-name-1
- - dns-name-2
- ipAddresses:
- - 192.168.0.1
- - 192.168.0.2
- emailAddresses:
- - email-1@onap.org
- - email-2@onap.org
- uris:
- - http://uri-1.onap.org
- - http://uri-2.onap.org
- subject:
- organization: Linux-Foundation
- country: US
- locality: San Francisco
- province: California
- organizationalUnit: ONAP
-
-There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
- 1. In initContainers section:
- {{ include "common.certServiceClient.initContainer" . | indent 6 }}
- 2. In volumeMounts section of container using certificates:
- {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- 3. In volumes section:
- {{ include "common.certServiceClient.volumes" . | indent 8 }}
-
-*/}}
-
-{{- define "common.certServiceClient.initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{/*# General certifiacate attributes #*/}}
-{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default (list) $certificate.dnsNames -}}
-{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
-{{- $uris := default (list) $certificate.uris -}}
-{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
-{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
-{{- $sans := join "," $sansList }}
-{{/*# Subject #*/}}
-{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
-{{- $country := $subchartGlobal.certificate.default.subject.country -}}
-{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
-{{- $province := $subchartGlobal.certificate.default.subject.province -}}
-{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
-{{- if $certificate.subject -}}
-{{- $organization := $certificate.subject.organization -}}
-{{- $country := $certificate.subject.country -}}
-{{- $locality := $certificate.subject.locality -}}
-{{- $province := $certificate.subject.province -}}
-{{- $orgUnit := $certificate.subject.organizationalUnit -}}
-{{- end -}}
-{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
-{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
-{{- if $certificate.keystore -}}
-{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
-{{- $outputType = mustFirst ($outputTypeList) | upper -}}
-{{- end -}}
-{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
-{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
-{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
-{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
-{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
-{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
-{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
-{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
-{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
-- name: certs-init-{{ $index }}
- image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- env:
- - name: REQUEST_URL
- value: {{ $requestUrl | quote }}
- - name: REQUEST_TIMEOUT
- value: {{ $requestTimeout | quote }}
- - name: OUTPUT_PATH
- value: {{ $certPath | quote }}
- - name: OUTPUT_TYPE
- value: {{ $outputType | quote }}
- - name: CA_NAME
- value: {{ $caName | quote }}
- - name: COMMON_NAME
- value: {{ $commonName | quote }}
- - name: SANS
- value: {{ $sans | quote }}
- - name: ORGANIZATION
- value: {{ $organization | quote }}
- - name: ORGANIZATION_UNIT
- value: {{ $orgUnit | quote }}
- - name: LOCATION
- value: {{ $locality | quote }}
- - name: STATE
- value: {{ $province | quote }}
- - name: COUNTRY
- value: {{ $country | quote }}
- - name: KEYSTORE_PATH
- value: {{ $keystorePath | quote }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $keystorePasswordSecret | quote}}
- key: {{ $keystorePasswordSecretKey | quote}}
- - name: TRUSTSTORE_PATH
- value: {{ $truststorePath | quote }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $truststorePasswordSecret | quote}}
- key: {{ $truststorePasswordSecretKey | quote}}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: {{ $certPath }}
- name: cmpv2-certs-volume-{{ $index }}
- - mountPath: {{ $certificatesSecretMountPath }}
- name: certservice-tls-volume
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
-- name: certservice-tls-volume
- secret:
- secretName: {{ $certificatesSecretName }}
-{{ range $index, $certificate := $dot.Values.certificates -}}
-- name: cmpv2-certs-volume-{{ $index }}
- emptyDir:
- medium: Memory
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumeMounts" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{- $mountPath := $certificate.mountPath -}}
-- mountPath: {{ $mountPath }}
- name: cmpv2-certs-volume-{{ $index }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 695e40616c..02595b348d 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -15,7 +15,6 @@ global:
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
certificate:
default:
@@ -35,17 +34,6 @@ global:
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 0157b7063e..1bbab11af4 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: 'file://../serviceAccount'
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index ad3e4cf128..6538ad0836 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -128,6 +128,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index ae1d85795d..0f91bbd882 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -186,3 +186,8 @@ resources:
memory: 4Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dgbuilder
+ roles:
+ - read
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index fa4b007a5a..f130bb5118 100755
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
@@ -22,8 +23,15 @@ set -e
while read DB ; do
USER_VAR="MYSQL_USER_${DB^^}"
PASS_VAR="MYSQL_PASSWORD_${DB^^}"
- USER=${!USER_VAR}
- PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+{{/*
+ # USER=${!USER_VAR}
+ # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+ # eval replacement of the bashism equivalents above might present a security issue here
+ # since it reads content from DB values filled by helm at the end of the script.
+ # These possible values has to be constrainted and/or limited by helm for a safe use of eval.
+*/}}
+ eval USER=\$$USER_VAR
+ PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g")
MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} )
echo "Creating database ${DB} and user ${USER}..."
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 91f21ab0c9..488db054a0 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -83,10 +83,6 @@
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.certserviceclient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
-{{- end -}}
-
{{- define "repositoryGenerator.image.dcaepolicysync" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }}
{{- end -}}
@@ -143,7 +139,7 @@
{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- $repoCreds := "" }}
- {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- if $subchartDot.Values.global.repositoryCred }}
{{- $repo := $subchartDot.Values.global.repository }}
{{- $cred := $subchartDot.Values.global.repositoryCred }}
{{- $mail := default "@" $cred.mail }}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 8a68f6dd9c..bf21e2da08 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -23,7 +23,6 @@ global:
# common global images
busyboxImage: busybox:1.32
curlImage: curlimages/curl:7.69.1
- certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
@@ -56,7 +55,6 @@ global:
imageRepoMapping:
busyboxImage: dockerHubRepository
curlImage: dockerHubRepository
- certServiceClientImage: repository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
jreImage: repository
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 67bbfd6c6f..163877deca 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -1,5 +1,5 @@
#!/bin/bash -e
-#
+
# Copyright 2020 Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -70,7 +70,8 @@ ingress_controller_ip() {
deploy() {
local ingress_ip=$(ingress_controller_ip)
- pushd "$SPATH/bind9dns" > /dev/null
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
if [ $# -eq 0 ]; then
local cl_domain="simpledemo.onap.org"
else
@@ -82,7 +83,7 @@ deploy() {
shift
fi
helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- popd > /dev/null
+ cd $initdir
target_machine_notice_info
}
diff --git a/kubernetes/dcaegen2-services/Makefile b/kubernetes/dcaegen2-services/Makefile
index bf267b7720..70bb031af3 100644
--- a/kubernetes/dcaegen2-services/Makefile
+++ b/kubernetes/dcaegen2-services/Makefile
@@ -1,4 +1,5 @@
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,10 +14,12 @@
# limitations under the License.
ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
+OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
@@ -40,8 +43,8 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
diff --git a/kubernetes/dcaegen2-services/common/Makefile b/kubernetes/dcaegen2-services/common/Makefile
index bf267b7720..4a6491d8cc 100644
--- a/kubernetes/dcaegen2-services/common/Makefile
+++ b/kubernetes/dcaegen2-services/common/Makefile
@@ -1,4 +1,5 @@
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,6 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
@@ -40,8 +43,8 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 310d9ae662..328a4c625f 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -495,7 +495,7 @@ spec:
*/}}
{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
true
{{- end -}}
{{- end -}}
diff --git a/kubernetes/dcaegen2-services/components/Makefile b/kubernetes/dcaegen2-services/components/Makefile
index bf267b7720..98dfb97f8f 100644
--- a/kubernetes/dcaegen2-services/components/Makefile
+++ b/kubernetes/dcaegen2-services/components/Makefile
@@ -1,4 +1,5 @@
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,6 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
@@ -40,8 +43,8 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 5
clean:
@rm -f */requirements.lock
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
index 929cdbbc5f..d45745404d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 223789a75f..64e4ba9b43 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -68,7 +68,6 @@ secrets:
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml
index 3d8c24b131..0ebda2eed5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml
@@ -1,6 +1,7 @@
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Nordix Foundation.
+# Copyright (c) 2021 AT&T. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,6 +18,6 @@
apiVersion: v1
appVersion: "Honolulu"
-description: A Helm chart for DCAE PMSH
+description: DCAE PMSH Service
name: dcae-pmsh
-version: 8.0.0 \ No newline at end of file
+version: 8.0.0
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
index 13f9a6aedd..4dfc837bf8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
@@ -30,4 +30,4 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
index 639fc2c740..80e79fe28e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,4 +25,4 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml
new file mode 100644
index 0000000000..64b0d0f96a
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml
@@ -0,0 +1,23 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE SliceAnalysis MS charts
+name: dcae-slice-analysis-ms
+version: 8.0.0
+
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
new file mode 100644
index 0000000000..9cab8e92e6
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
@@ -0,0 +1,34 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml
index 504947525d..26be310888 100644
--- a/kubernetes/common/cmpv2Certificate/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml
@@ -1,13 +1,20 @@
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml
new file mode 100644
index 0000000000..02b5df8135
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml
index b10896d2ce..c4596e5b21 100644
--- a/kubernetes/common/cmpv2Certificate/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml
@@ -1,24 +1,20 @@
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
-dependencies:
- - name: common
- version: ~8.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: 'file://../repositoryGenerator'
- - name: cmpv2Config
- version: ~8.x-0
- repository: 'file://../cmpv2Config'
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml
index 6641ec6954..ba0283dda5 100644
--- a/kubernetes/common/cmpv2Certificate/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml
@@ -1,18 +1,20 @@
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
-apiVersion: v1
-description: Template used to add cmpv2 certificates to components
-name: cmpv2Certificate
-version: 8.0.0
+{{ include "common.service" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
new file mode 100644
index 0000000000..6790541bd9
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -0,0 +1,212 @@
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sliceanalysisms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/sliceanalysisms
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/sliceanalysisms/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-sliceanalysisms-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /healthcheck
+ scheme: HTTP
+ port: 8080
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-slice-analysis-ms
+ ports:
+ - name: https
+ port: 8080
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: PG_USERNAME
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ aafUsername: ${AAF_IDENTITY}
+ aafPassword: ${AAF_PASSWORD}
+ postgres.host: dcae-sliceanalysisms-pg-primary
+ postgres.port: 5432
+ postgres.username: ${PG_USERNAME}
+ postgres.password: ${PG_PASSWORD}
+ trust_store_path: /opt/app/sliceanalysisms/etc/cert/trust.jks
+ trust_store_pass_path: /opt/app/sliceanalysisms/etc/cert/trust.pass
+ sliceanalysisms.pollingInterval: 20
+ sliceanalysisms.pollingTimeout: 60
+ cbsPollingInterval: 60
+ sliceanalysisms.namespace: onap
+ sliceanalysisms.dmaap.server: ["message-router"]
+ sliceanalysisms.bufferTime: 60
+ sliceanalysisms.cg: sliceanalysisms-cg
+ sliceanalysisms.cid: sliceanalysisms-cid
+ sliceanalysisms.configDb.service: http://config-db:8080
+ sliceanalysisms.configDbEnabled: true
+ sliceanalysisms.aai.url: https://aai.onap.svc.cluster.local:8443/aai/v21
+ sliceanalysisms.cps.url: https://cps:8088
+ sliceanalysisms.samples: 3
+ sliceanalysisms.minPercentageChange: 5
+ sliceanalysisms.initialDelaySeconds: 120000
+ streams_publishes:
+ CL_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.DCAE_CL_OUTPUT
+ streams_subscribes:
+ performance_management_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ intelligent_slicing_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.ML_RESPONSE_TOPIC
+ dcae_cl_response_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/DCAE_CL_RSP
+
+applicationEnv:
+ STANDALONE: 'false'
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: dcae-sliceanalysisms-pg-primary
+ name3: dcae-sliceanalysisms-pg-replica
+ container:
+ name:
+ primary: dcae-sliceanalysisms-pg-primary
+ replica: dcae-sliceanalysisms-pg-replica
+ persistence:
+ mountSubPath: sliceanalysisms/data
+ mountInitPath: sliceanalysisms
+ config:
+ pgUserName: sliceanalysisms
+ pgDatabase: sliceanalysisms
+ pgUserExternalSecret: *pgUserCredsSecretName
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
index 021c357f35..02a2a674c3 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,4 +25,4 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
index 929cdbbc5f..d45745404d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 9e08ea1a69..982d770595 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -61,7 +61,6 @@ tlsServer: true
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
diff --git a/kubernetes/dcaegen2-services/requirements.yaml b/kubernetes/dcaegen2-services/requirements.yaml
index faf0b69875..e59fe98205 100644
--- a/kubernetes/dcaegen2-services/requirements.yaml
+++ b/kubernetes/dcaegen2-services/requirements.yaml
@@ -1,4 +1,5 @@
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,25 +19,36 @@ dependencies:
repository: '@local'
- name: dcae-ms-healthcheck
version: ~8.x-0
- repository: 'file://components/dcae-ms-healthcheck'
+ repository: '@local'
+ #repository: 'file://components/dcae-ms-healthcheck'
condition: dcae-ms-healthcheck.enabled
- name: dcae-pmsh
version: ~8.x-0
- repository: 'file://components/dcae-pmsh'
+ repository: '@local'
+ #repository: 'file://components/dcae-pmsh'
condition: dcae-pmsh.enabled
- name: dcae-prh
version: ~8.x-0
- repository: 'file://components/dcae-prh'
+ repository: '@local'
+ #repository: 'file://components/dcae-prh'
condition: dcae-bootstrap.enabled
- name: dcae-tcagen2
version: ~8.x-0
- repository: 'file://components/dcae-tcagen2'
+ repository: '@local'
+ #repository: 'file://components/dcae-tcagen2'
condition: dcae-tcagen2.enabled
- name: dcae-ves-collector
version: ~8.x-0
- repository: 'file://components/dcae-ves-collector'
+ repository: '@local'
+ #repository: 'file://components/dcae-ves-collector'
condition: dcae-ves-collector.enabled
- name: dcae-hv-ves-collector
version: ~8.x-0
- repository: 'file://components/dcae-hv-ves-collector'
+ repository: '@local'
+ #repository: 'file://components/dcae-hv-ves-collector'
condition: dcae-hv-ves-collector.enabled
+ - name: dcae-slice-analysis-ms
+ version: ~8.x-0
+ repository: '@local'
+ #repository: 'file://components/dcae-slice-analysis-ms'
+ condition: dcae-slice-analysis-ms.enabled
diff --git a/kubernetes/dcaegen2-services/templates/configmap.yaml b/kubernetes/dcaegen2-services/templates/configmap.yaml
index 32451cdee7..92662a251e 100644
--- a/kubernetes/dcaegen2-services/templates/configmap.yaml
+++ b/kubernetes/dcaegen2-services/templates/configmap.yaml
@@ -40,4 +40,4 @@ metadata:
name: {{ include "common.release" . }}-dcae-external-repo-configmap-sa91-rel16
namespace: {{ include "common.namespace" . }}
data:
-{{ (.Files.Glob "resources/external/schema/sa91-rel16/*").AsConfig | indent 2 }} \ No newline at end of file
+{{ (.Files.Glob "resources/external/schemas/sa91-rel16/*").AsConfig | indent 2 }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index 5682ce7194..50aa21741b 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -25,3 +25,5 @@ dcae-tcagen2:
enabled: true
dcae-ves-collector:
enabled: true
+dcae-slice-analysis-ms:
+ enabled: false
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
index 3c769fca5f..fb1a40edfd 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
@@ -41,9 +41,6 @@
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
},
"external_cert": {
- "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
- "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
- "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
"country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
"organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
"state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
@@ -61,7 +58,7 @@
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
},
"cmpv2_issuer": {
- "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}",
+ "enabled": "true",
"name": "{{ .Values.cmpv2issuer.name }}"
}
}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index 98511395b0..10fb4430ea 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -28,8 +28,6 @@ global:
repositoryCred:
user: docker
password: docker
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
cmpv2issuer:
name: cmpv2-issuer-onap
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index a1431488b8..83914d423c 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -103,10 +103,10 @@ flavor: small
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: 4000m
+ memory: 4Gi
requests:
- cpu: 1
+ cpu: 1500m
memory: 1Gi
large:
limits:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index d6c447240d..521cf2ff8b 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -20,7 +20,6 @@
global:
addTestingComponents: &testing true
centralizedLoggingEnabled: &centralizedLogging false
- CMPv2CertManagerIntegration: false
cassandra:
enabled: true
mariadb-galera:
diff --git a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
index 643d3065c1..7b3603c041 100644
--- a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
+++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
@@ -1,5 +1,5 @@
# Copyright © 2020 Nordix Foundation
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -35,15 +35,17 @@
#################################################################
global:
cmpv2Enabled: true
- CMPv2CertManagerIntegration: true
- platform:
- certServiceClient:
- envVariables:
- # Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index d91284a6c3..0e2b13b473 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -194,7 +194,6 @@ global:
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
platform:
certificates:
clientSecretName: oom-cert-service-client-tls-secret
@@ -204,17 +203,6 @@ global:
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-certificates-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
# Indicates offline deployment build
# Set to true if you are rendering helm charts for offline deployment
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index 9ba61a5f57..ae4ae81f02 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index 3a993734e4..8bcbc1f7d0 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
index add5622f41..f976a80268 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
index 152bd68ba6..bc689cc68f 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index fd34b1ef28..55c4d0beac 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -21,7 +21,6 @@ global:
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
repository: "nexus3.onap.org:10001"
- CMPv2CertManagerIntegration: false
namespace: onap
diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml
index d21fb791e2..a30dabbcc2 100644
--- a/kubernetes/platform/values.yaml
+++ b/kubernetes/platform/values.yaml
@@ -28,11 +28,6 @@ global:
cmpv2Enabled: true
addTestingComponents: false
- certService:
- certServiceClient:
- secret:
- name: oom-cert-service-client-tls-secret
-
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index c4a21b927f..411ed8e667 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
set -eo pipefail
shopt -s nullglob
@@ -30,10 +31,15 @@ file_env() {
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
if [ "${!var:-}" ]; then
- val="${!var}"
+ eval val=\$$var
elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
+ val="$(< "$(eval echo "\$$fileVar")")"
fi
export "$var"="$val"
unset "$fileVar"
@@ -323,7 +329,7 @@ _main() {
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$BASH_SOURCE" "$@"
+ exec gosu mysql "$0" "$@"
fi
# there's no database, so it needs to be initialized
diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh
index f4f6b04e4c..623870b9f3 100755
--- a/kubernetes/robot/instantiate-k8s.sh
+++ b/kubernetes/robot/instantiate-k8s.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+THIS_DIR="$( cd "$( dirname "$0" )" >/dev/null 2>&1 && pwd )"
NAMESPACE=
FOLDER=
@@ -138,13 +139,13 @@ kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/stack
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/results.json "$OUTPUT_DIRECTORY"/results.json
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/log.html "$OUTPUT_DIRECTORY"/log.html
-pushd .
+initdir=$(pwd)
# echo -e "import hashlib\nwith open(\"README.md\", \"r\") as f: bytes = f.read()\nreadable_hash = hashlib.sha256(bytes).hexdigest()\nprint(readable_hash)" | python
cd "$OUTPUT_DIRECTORY"
tar -czvf vnf_heat_results.tar.gz *
-popd
+cd $initdir
echo "VNF test results: $OUTPUT_DIRECTORY/vnf_heat_results.tar.gz"
diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml
index b36d051041..b684a0e11f 100644
--- a/kubernetes/sdc/components/sdc-be/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-be/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
index 346534ce57..d731a56c5c 100644
--- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -197,6 +197,7 @@ spec:
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 3e5c58b0bc..070583bfc2 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -161,3 +161,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-be
+ roles:
+ - read
diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml
index 8febe6fac4..7d9ea04952 100644
--- a/kubernetes/sdc/components/sdc-cs/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
index bb218bbfae..fb849b9f25 100644
--- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
@@ -96,6 +96,7 @@ spec:
requests:
cpu: 200m
memory: 300Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 2308f95fb2..fed4769202 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -103,3 +103,9 @@ persistence:
ingress:
enabled: false
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-cs
+ roles:
+ - read
diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml
index b36d051041..b684a0e11f 100644
--- a/kubernetes/sdc/components/sdc-fe/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
index 407d61c904..dcb17d0ba2 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
@@ -189,6 +189,7 @@ spec:
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index 82afc4d3db..e9b2eee8db 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -143,3 +143,9 @@ resources:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-fe
+ roles:
+ - read
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml
index b36d051041..b684a0e11f 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 257f8b79a5..2bd53ff91b 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -213,6 +213,7 @@ spec:
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index f09958e811..aa7d535db3 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -175,3 +175,9 @@ resources:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-onboarding-be
+ roles:
+ - read
diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml
index b36d051041..b684a0e11f 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index de75092f8a..343bda8ff9 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -144,6 +144,7 @@ spec:
value: "{{ .Values.config.serverSSLTrustStoreType }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index d4414f1986..8b61567114 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -160,3 +160,9 @@ resources:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-be
+ roles:
+ - read
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
index b36d051041..b684a0e11f 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
index b8073d723d..d221c07612 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -178,6 +178,7 @@ spec:
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index 3cc9b9542f..d8ee5c8285 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -139,3 +139,9 @@ resources:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-fe
+ roles:
+ - read
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 0c82f9581d..ac0e6ed868 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -21,9 +21,6 @@ dependencies:
- name: certInitializer
version: ~8.x-0
repository: '@local'
- - name: cmpv2Certificate
- version: ~8.x-0
- repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
index 57a16bd488..303e504aa9 100644
--- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
@@ -23,7 +23,6 @@ topic=unauthenticated.SEC_FAULT_OUTPUT
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
[pnfRegistration]
@@ -41,5 +40,4 @@ topic=unauthenticated.VES_PNFREG_OUTPUT
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
index c4eca61e35..acf9012099 100644
--- a/kubernetes/sdnc/templates/certificates.yaml
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -14,6 +14,6 @@
# limitations under the License.
*/}}
-{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 8a7259ba0d..f0ee8a9456 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -155,7 +155,6 @@ spec:
name: {{ include "common.name" . }}-readiness
{{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
-{{ include "common.certServiceClient.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
@@ -178,7 +177,7 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+ {{- if .Values.global.cmpv2Enabled }}
{{- $linkCommand := include "common.certManager.linkVolumeMounts" . }}
lifecycle:
postStart:
@@ -312,8 +311,7 @@ spec:
value: "{{ .Values.config.sdnr.netconfCallHome.enabled | default "false" }}"
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
-{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- mountPath: /etc/localtime
@@ -437,8 +435,7 @@ spec:
emptyDir: {}
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
-{{ include "common.certServiceClient.volumes" . | nindent 8 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumes" . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index b22b6758d2..6ab96adde7 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -30,8 +30,6 @@ global:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
#################################################################
# Secrets metaconfig
@@ -461,6 +459,8 @@ dgbuilder:
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ serviceAccount:
+ nameOverride: sdnc-dgbuilder
mariadb-galera:
service:
name: sdnc-dgbuilder
diff --git a/kubernetes/so/components/so-admin-cockpit/requirements.yaml b/kubernetes/so/components/so-admin-cockpit/requirements.yaml
index 730d75ae80..724526613d 100755
--- a/kubernetes/so/components/so-admin-cockpit/requirements.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
index 9de1b50c8c..4b46721c2a 100644
--- a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
@@ -118,6 +118,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml
index d59189b98b..6cba922571 100644
--- a/kubernetes/so/components/so-admin-cockpit/values.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/values.yaml
@@ -159,3 +159,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-admin-cockpit
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml
index f8b1d7445e..f8c29f83f8 100755
--- a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml
@@ -24,3 +24,7 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
index 142ae725d6..d6584250e2 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
@@ -81,6 +81,7 @@ spec:
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml
index 310cb9f323..724fcbd032 100644
--- a/kubernetes/so/components/so-appc-orchestrator/values.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml
@@ -158,3 +158,9 @@ appc:
key: VIlbtVl6YLhNUrtU
secret: 64AG2hF4pYeG2pq7CT6XwUOT
service: ueb
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-appc-orchestrator
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-bpmn-infra/requirements.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index 6e117cd8bf..2609e99781 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -103,6 +103,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 3e59cbfd74..09ad91191d 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -165,3 +165,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-bpmn-infra
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index f756448e2b..30e55511cc 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -87,6 +87,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 6308e9f8de..f3d6bdbcb9 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -148,3 +148,9 @@ config:
nodeSelector: {}
tolerations: []
affinity: {}
+
+serviceAccount:
+ nameOverride: so-catalog-db-adapter
+ roles:
+ - read
+
diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
index ce294949a2..6f2b29e6ba 100755
--- a/kubernetes/so/components/so-cnf-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
index 0d80b2a9ae..340571a59b 100755
--- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -104,6 +104,7 @@ spec:
timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
index 2d6d57b2f1..f3d53c974c 100755
--- a/kubernetes/so/components/so-cnf-adapter/values.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -165,3 +165,8 @@ nodeSelector: {}
tolerations: []
affinity: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-cnf-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
index f8b1d7445e..421fe7e290 100755
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index c33dcb7f32..6465af4e4a 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{ include "common.containerPorts" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index 363ce40cae..57bf2f3c17 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -161,3 +161,9 @@ nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-nfvo-ns-lcm
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml
index f8b1d7445e..421fe7e290 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
index 29ebd97229..3272bfd299 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
@@ -78,6 +78,7 @@ spec:
- containerPort: {{ .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
index b8a7776da6..42554bb5a2 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
@@ -109,3 +109,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-sol003-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
index c769961059..4f8f4d9f26 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
@@ -96,6 +96,7 @@ spec:
- containerPort: {{ .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
index d43bffd71b..31b925576b 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
@@ -134,3 +134,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-sol005-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml
index a9e9697689..b182a7008b 100755
--- a/kubernetes/so/components/so-mariadb/requirements.yaml
+++ b/kubernetes/so/components/so-mariadb/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml
index 0eeba7b61a..178dff0261 100644
--- a/kubernetes/so/components/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/job.yaml
@@ -60,6 +60,7 @@ spec:
readOnly: true
- name: backup-storage
mountPath: /var/data/mariadb
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 2dfd5b831f..58e34b78d6 100755
--- a/kubernetes/so/components/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -181,3 +181,9 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: so/migration
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-mariadb
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index dde03a4aad..f41352e63f 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -93,6 +93,7 @@ spec:
timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index c9f13b9d76..583f9ad3e8 100755
--- a/kubernetes/so/components/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -155,3 +155,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-nssmf-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml
index 12f93f95a6..4d6d760eef 100644
--- a/kubernetes/so/components/so-oof-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
index 62ebfff99f..5e8869ce11 100755
--- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml
index 5de0866b9a..240f05f204 100755
--- a/kubernetes/so/components/so-oof-adapter/values.yaml
+++ b/kubernetes/so/components/so-oof-adapter/values.yaml
@@ -139,3 +139,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-oof-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-openstack-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index 6e117cd8bf..2609e99781 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -103,6 +103,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index 29fc50b2b2..ff0277bf14 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -152,3 +152,9 @@ config:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-openstack-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-request-db-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index f756448e2b..30e55511cc 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -87,6 +87,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index c117a7434a..61ec26d1f6 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -133,3 +133,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-request-db-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-sdc-controller/requirements.yaml
+++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 6e117cd8bf..2609e99781 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -103,6 +103,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index b1d7173a62..4b6eceecdd 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -141,3 +141,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-sdc-controller
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml
index f8b1d7445e..421fe7e290 100755
--- a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index 7b32cb6050..703186e292 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -107,6 +107,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 9a67ef8220..8f3565ed3e 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -162,3 +162,9 @@ ingress:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-sdnc-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml
index ff6f19ddde..1ea0239014 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
index ac4f574bec..9a6b79c440 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
@@ -48,6 +48,7 @@ spec:
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
ports: {{- include "common.containerPorts" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
index 83ec78d857..8e8236cfb4 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
@@ -84,3 +84,9 @@ livenessProbe:
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-ve-vnfm-adapter
+ roles:
+ - read
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index 06fc6e9eb5..f2fc70c1f9 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -91,3 +91,6 @@ dependencies:
version: ~8.x-0
repository: 'file://components/so-etsi-sol005-adapter'
condition: so-etsi-sol005-adapter.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
index 52ba27ddca..3a9ef84834 100755
--- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
+++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
@@ -37,7 +37,7 @@ trap "kill -TERM $JBOSS_PID" INT
trap "kill -QUIT $JBOSS_PID" QUIT
trap "kill -PIPE $JBOSS_PID" PIPE
trap "kill -TERM $JBOSS_PID" TERM
-if [ "x$JBOSS_PIDFILE" != "x" ]; then
+if [ "$JBOSS_PIDFILE" != "" ]; then
echo $JBOSS_PID > $JBOSS_PIDFILE
fi
# Wait until the background process exits
@@ -60,6 +60,6 @@ if [ "$JBOSS_STATUS" -ne 10 ]; then
# Wait for a complete shudown
wait $JBOSS_PID 2>/dev/null
fi
-if [ "x$JBOSS_PIDFILE" != "x" ]; then
+if [ "$JBOSS_PIDFILE" != "" ]; then
grep "$JBOSS_PID" $JBOSS_PIDFILE && rm $JBOSS_PIDFILE
fi
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 6e117cd8bf..2609e99781 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -103,6 +103,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ba98c344ac..f0bb7d1fe5 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -378,3 +378,9 @@ so-etsi-sol005-adapter:
so-etsi-sol003-adapter:
enabled: true
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so
+ roles:
+ - read