From 1b30d537e09055e74e71b8b814ecd9eb8f0ecf16 Mon Sep 17 00:00:00 2001 From: farida azmy Date: Sun, 11 Apr 2021 10:41:28 +0200 Subject: [CONSUL] Update chart with service account Add service account to requirements, values and deployment/statefulset Issue-ID: OOM-2725 Signed-off-by: farida azmy Change-Id: Ib3c768d074f5cf64e2f213fd31ee4b8517a21c09 Signed-off-by: Abdelmuhaimen Seaudi --- kubernetes/consul/components/Makefile | 51 ++++++++++++++++++++++ .../components/consul-server/requirements.yaml | 6 +++ .../consul-server/templates/statefulset.yaml | 1 + .../consul/components/consul-server/values.yaml | 6 +++ 4 files changed, 64 insertions(+) create mode 100644 kubernetes/consul/components/Makefile (limited to 'kubernetes/consul/components') diff --git a/kubernetes/consul/components/Makefile b/kubernetes/consul/components/Makefile new file mode 100644 index 0000000000..e9159f32a9 --- /dev/null +++ b/kubernetes/consul/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/consul/components/consul-server/requirements.yaml b/kubernetes/consul/components/consul-server/requirements.yaml index 7afdbc936e..e43236def8 100644 --- a/kubernetes/consul/components/consul-server/requirements.yaml +++ b/kubernetes/consul/components/consul-server/requirements.yaml @@ -20,3 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/consul/components/consul-server/templates/statefulset.yaml b/kubernetes/consul/components/consul-server/templates/statefulset.yaml index 16fda3a510..8e872b9c87 100644 --- a/kubernetes/consul/components/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/components/consul-server/templates/statefulset.yaml @@ -74,3 +74,4 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/consul/components/consul-server/values.yaml b/kubernetes/consul/components/consul-server/values.yaml index 48a26effd7..d4e649444a 100644 --- a/kubernetes/consul/components/consul-server/values.yaml +++ b/kubernetes/consul/components/consul-server/values.yaml @@ -92,3 +92,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: consul-server + roles: + - read -- cgit 1.2.3-korg