aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aai/components/aai-babel/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-modelloader/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-schema-service/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-sparky-be/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-traversal/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml6
-rw-r--r--kubernetes/aai/requirements.yaml3
-rw-r--r--kubernetes/aai/templates/deployment.yaml2
-rw-r--r--kubernetes/aai/values.yaml6
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml1
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/values.yaml6
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml1
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml6
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml1
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml6
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml1
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml6
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml1
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml6
-rw-r--r--kubernetes/dmaap/components/message-router/requirements.yaml3
-rw-r--r--kubernetes/dmaap/components/message-router/templates/statefulset.yaml1
-rw-r--r--kubernetes/dmaap/components/message-router/values.yaml6
-rw-r--r--kubernetes/dmaap/requirements.yaml3
-rw-r--r--kubernetes/dmaap/values.yaml6
-rw-r--r--kubernetes/nbi/values.yaml4
-rw-r--r--kubernetes/oof/resources/config/conf/common_config.yaml8
-rwxr-xr-xkubernetes/oof/resources/config/conf/osdf_config.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-api/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml6
-rw-r--r--kubernetes/policy/components/policy-clamp-be/requirements.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml1
-rw-r--r--kubernetes/policy/components/policy-clamp-be/values.yaml6
-rw-r--r--kubernetes/policy/components/policy-clamp-fe/requirements.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml1
-rw-r--r--kubernetes/policy/components/policy-clamp-fe/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-distribution/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-distribution/templates/deployment.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-nexus/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/deployment.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-pap/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/requirements.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml6
-rwxr-xr-xkubernetes/policy/requirements.yaml3
-rwxr-xr-xkubernetes/policy/templates/job.yaml1
-rwxr-xr-xkubernetes/policy/values.yaml5
77 files changed, 261 insertions, 4 deletions
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
index 67d45f08b9..1f3e92413c 100644
--- a/kubernetes/aai/components/aai-babel/requirements.yaml
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 9fe386a3c6..db3540606b 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -113,7 +113,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 7560efde26..4a2246793e 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -85,3 +85,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-babel
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 5e6f2bc33d..791bf61004 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -162,7 +162,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 63c668fb9e..03d034bf05 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -246,3 +246,9 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-graphadmin
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-modelloader/requirements.yaml
+++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 0d24bfe957..7509f88090 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -87,6 +87,7 @@ spec:
name: aai-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index b235ba171c..5da0e5736f 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -84,3 +84,9 @@ resources:
cpu: 1
memory: 1536Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-modelloader
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-resources/requirements.yaml
+++ b/kubernetes/aai/components/aai-resources/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 1297809658..501a706f47 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -207,6 +207,7 @@ spec:
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index f30b067b2e..c2658a5503 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -257,3 +257,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-resources
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml
index cf22720435..3d0f24cb29 100644
--- a/kubernetes/aai/components/aai-schema-service/requirements.yaml
+++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 25be4db147..d4394057e8 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -116,6 +116,7 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
secret:
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 50bd6c38b8..e7479b8818 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -140,3 +140,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-schema-service
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 45ff270047..7d0dfe39e2 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -175,7 +175,7 @@ spec:
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 98dca5d11d..420517f8f0 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -144,3 +144,9 @@ resources:
cpu: 0.5
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-sparky-be
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml
index f9ba1c1fb7..1552d53276 100644
--- a/kubernetes/aai/components/aai-traversal/requirements.yaml
+++ b/kubernetes/aai/components/aai-traversal/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index dc1c010261..037f811f44 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -233,6 +233,7 @@ spec:
name: {{ include "common.fullname" . }}-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index ad4279a543..297de15308 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -267,3 +267,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index 8b37ef737d..198439992a 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -62,3 +62,6 @@ dependencies:
version: ~8.x-0
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 2ca489f2de..4b08d10e45 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -115,7 +115,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index ed617780f1..1cb297078e 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -392,3 +392,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
index 95f841632c..7c26bb83b1 100644
--- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index eaad403dc8..a0b6fdad8d 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 65242b4a4f..a3d42d2130 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -163,3 +163,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-bc
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
index d96058de91..97ba957f4f 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 40a4d7db93..dfb435ce04 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -102,6 +102,7 @@ spec:
mountPath: /var/log/onap/datarouter-node
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 1d55a13bd9..ee231a0c06 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -154,3 +154,9 @@ config:
# dr uses the EELF Logging framework https://github.com/att/EELF
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-dr-node
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
index ed03e05b2e..65867f50af 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
@@ -32,3 +32,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 5c94116bac..61678961cc 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -118,6 +118,7 @@ spec:
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap/datarouter-prov
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index a82eef85d4..7564ccfc78 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -154,3 +154,9 @@ resources:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-dr-prov
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml
index 68c3169e68..c212f38b39 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml
index 48a2eb197e..7cedbf89d1 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml
@@ -220,6 +220,7 @@ spec:
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
index 04d7cee705..5732c5de0e 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
@@ -219,3 +219,9 @@ resources:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router-kafka
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml
index 343812db25..20cc48f360 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
index 5ea5bc53b7..f5473ec589 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
@@ -187,6 +187,7 @@ spec:
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
index 64c29db935..6863acc7a2 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
@@ -151,3 +151,9 @@ resources:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router-zookeeper
+ roles:
+ - read
diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml
index 5adbb623bd..00d14549cd 100644
--- a/kubernetes/dmaap/components/message-router/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/requirements.yaml
@@ -33,3 +33,6 @@ dependencies:
- name: message-router-zookeeper
version: ~8.x-0
repository: 'file://components/message-router-zookeeper'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index c0d32a362b..9bad341792 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -137,6 +137,7 @@ spec:
name: jetty
{{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index d0b162b45e..7028bb1263 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -153,3 +153,9 @@ resources:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router
+ roles:
+ - read
diff --git a/kubernetes/dmaap/requirements.yaml b/kubernetes/dmaap/requirements.yaml
index d62273499e..268ff70467 100644
--- a/kubernetes/dmaap/requirements.yaml
+++ b/kubernetes/dmaap/requirements.yaml
@@ -33,3 +33,6 @@ dependencies:
version: ~8.x-0
repository: 'file://components/dmaap-dr-prov'
condition: dmaap-dr-prov.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index c1ba7547db..b7f0735c8d 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -54,3 +54,9 @@ dmaap-dr-node:
enabled: true
dmaap-dr-prov:
enabled: true
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap
+ roles:
+ - read
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index a94bd4df4a..a3dc897718 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -91,6 +91,10 @@ mariadb-galera:
db:
externalSecret: *dbUserSecretName
name: &mysqlDbName nbi
+ service:
+ name: nbi-galera
+ portName: nbi-galera
+ internalPort: 3306
nameOverride: &nbi-galera nbi-galera
replicaCount: 1
persistence:
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 78afa5e5f8..b1bd0edea4 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -151,3 +151,11 @@ PCI:
filter:
interval: 10
ml_enabled: false
+
+nxi_termination:
+ query_templates:
+ nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')"
+ nsi_with_profile: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')('service-instance-id','{{ printf "{{profile_id}}" }}')"
+ nssi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')"
+ nssi_with_nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')('service-instance-id','{{ printf "{{nsi_id}}" }}')"
+
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index 6df3ed948b..aff63428eb 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -55,6 +55,7 @@ aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+dslQueryPath: /aai/v23/dsl?format=
#DES api
desUrl: {{ .Values.config.desUrl }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
index 1c57aa449b..f320b219dc 100755
--- a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 586f468334..4d9ff9250e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -115,6 +115,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index aa1daf703f..eb6292a039 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -133,3 +133,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-apex-pdp
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml
index 7bc531a759..2365cd729a 100755
--- a/kubernetes/policy/components/policy-api/requirements.yaml
+++ b/kubernetes/policy/components/policy-api/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 899e74e674..de0558e4cd 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -107,6 +107,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index da983e5b5b..36eb5c4899 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -143,3 +143,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-api
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-clamp-be/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
index 88fd9d90eb..670f8cb65a 100644
--- a/kubernetes/policy/components/policy-clamp-be/requirements.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
index c243e30540..e61cca0e49 100644
--- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
index 71d2517be1..dcbe59c382 100644
--- a/kubernetes/policy/components/policy-clamp-be/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -156,3 +156,9 @@ resources:
cpu: 10m
memory: 3Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-be
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
index 88fd9d90eb..670f8cb65a 100644
--- a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
index 97c7919389..1349558651 100644
--- a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
@@ -91,6 +91,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
index 9712a38e10..a7c8d6defa 100644
--- a/kubernetes/policy/components/policy-clamp-fe/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -146,3 +146,9 @@ resources:
cpu: 10m
memory: 50Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-fe
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml
index 0006e4965a..db84102327 100755
--- a/kubernetes/policy/components/policy-distribution/requirements.yaml
+++ b/kubernetes/policy/components/policy-distribution/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 04db6d70c7..4745aac23b 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -121,6 +121,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 6788613ceb..fb6ef6e039 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -155,3 +155,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-distribution
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
index 29b1053600..6c540a4bcf 100755
--- a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index 7e9c6cfde8..d389246b5c 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -125,6 +125,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 4eb37c6106..38d398998c 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -188,3 +188,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-drools-pdp
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-nexus/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml
index 343812db25..20cc48f360 100755
--- a/kubernetes/policy/components/policy-nexus/requirements.yaml
+++ b/kubernetes/policy/components/policy-nexus/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
index 3d5d59fea2..4c945f4605 100755
--- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index 7801b525f2..3d77e67456 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -92,3 +92,9 @@ resources:
cpu: 2m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-nexus
+ roles:
+ - nothing
diff --git a/kubernetes/policy/components/policy-pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml
index 3f0071ab7c..18de3a6517 100755
--- a/kubernetes/policy/components/policy-pap/requirements.yaml
+++ b/kubernetes/policy/components/policy-pap/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index a02752c033..77474a8387 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -122,6 +122,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 18e0e3e171..3c4c3e5ec6 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -169,3 +169,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-pap
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
index 7bc531a759..2365cd729a 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index 73ae6dd55a..2da0035fa0 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -131,6 +131,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 64c00e9bed..9eda53ee9b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -152,3 +152,9 @@ resources:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-xacml-pdp
+ roles:
+ - read
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index 33447a2571..c98d4fc7a8 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -59,3 +59,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index ad195722b2..72c94f30c5 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -72,6 +72,7 @@ spec:
resources:
{{ include "common.resources" . }}
restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 678772c481..92344dd2fe 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -148,3 +148,8 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy
+ roles:
+ - read