From 37481801565c24fd5651a812adac5387f8e50e2f Mon Sep 17 00:00:00 2001 From: farida azmy Date: Sun, 11 Apr 2021 15:41:32 +0200 Subject: [DCAEGEN2] Update chart with service account Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy Co-authored-by: Sylvain Desbureaux Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi --- kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml | 3 +++ .../dcaegen2/components/dcae-bootstrap/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml | 6 ++++++ .../dcaegen2/components/dcae-cloudify-manager/requirements.yaml | 3 +++ .../components/dcae-cloudify-manager/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml | 7 +++++++ .../components/dcae-config-binding-service/requirements.yaml | 3 +++ .../dcae-config-binding-service/templates/deployment.yaml | 1 + .../dcaegen2/components/dcae-config-binding-service/values.yaml | 6 ++++++ kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml | 3 +++ .../dcaegen2/components/dcae-dashboard/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-dashboard/values.yaml | 6 ++++++ .../dcaegen2/components/dcae-deployment-handler/requirements.yaml | 3 +++ .../components/dcae-deployment-handler/templates/deployment.yaml | 1 + .../dcaegen2/components/dcae-deployment-handler/values.yaml | 5 +++++ kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml | 3 +++ .../components/dcae-healthcheck/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml | 5 +++++ .../dcaegen2/components/dcae-inventory-api/requirements.yaml | 3 +++ .../components/dcae-inventory-api/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml | 6 ++++++ .../dcaegen2/components/dcae-policy-handler/requirements.yaml | 3 +++ .../components/dcae-policy-handler/templates/deployment.yaml | 1 + kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml | 6 ++++++ .../components/dcae-servicechange-handler/requirements.yaml | 3 +++ .../dcae-servicechange-handler/templates/deployment.yaml | 1 + .../dcaegen2/components/dcae-servicechange-handler/values.yaml | 8 +++++++- .../components/dcae-ves-openapi-manager/requirements.yaml | 3 +++ .../components/dcae-ves-openapi-manager/templates/deployment.yaml | 1 + .../dcaegen2/components/dcae-ves-openapi-manager/values.yaml | 8 +++++++- kubernetes/dcaegen2/values.yaml | 2 +- 31 files changed, 102 insertions(+), 3 deletions(-) (limited to 'kubernetes/dcaegen2') diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index 353f4eaccb..b6eeb5bb45 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -32,3 +32,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index d95883ab09..4addb2b863 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -136,6 +136,7 @@ spec: value: {{ .Values.dcae_ns | default "" }} - name: ONAP_NAMESPACE value: {{ include "common.namespace" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-dcae-inputs-input configMap: diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index f3e6c29d53..b012ee4942 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -137,3 +137,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "onap" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-bootstrap + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml index 413f997905..877839e40a 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: cmpv2Config version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 204a3e27d7..f5fc9cac30 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -169,6 +169,7 @@ spec: readOnly: true securityContext: privileged: True + serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index e6567d9ac2..17ba5ec71e 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -127,3 +127,10 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: dcae-cm/data volumeReclaimPolicy: Retain + +#Pods Service Account +serviceAccount: + nameOverride: dcae-cloudify-manager + roles: + - create + diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml index be5f059ed9..f2c5b021ba 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 65d0b36927..c7e1d70030 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -167,6 +167,7 @@ spec: - name: {{ include "common.fullname" . }}-logs-i mountPath: /var/log/onap/config-binding-service {{ end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-fb-conf configMap: diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 1d421427c3..719e73f43c 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -91,3 +91,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-config-binding-service + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml index 2fe847961d..8759678489 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index e93f8d8fb9..dbb6c67580 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -161,6 +161,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 6640f78e9a..a083b519d6 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -119,3 +119,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-dashboard + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml index f19e4127c8..78bcd76a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1b39dc6e2f..1ad42e02b2 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -154,6 +154,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index fc4d07d39d..3435462c1d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -91,3 +91,8 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +serviceAccount: + nameOverride: dcae-deployment-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml index 0697ceb1d6..3762a2acea 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml index 9514f41b86..641dfdf926 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml @@ -74,6 +74,7 @@ spec: value: {{ include "common.release" . }} - name: DEPLOY_LABEL value: cfydeployment + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index 221e579943..1c6cff0657 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -67,3 +67,8 @@ resources: # If empty, use the common namespace # dcae_ns: "onap" +#Pods Service Account +serviceAccount: + nameOverride: dcae-healthcheck + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 63ac56cca4..32d8b5b035 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index d25d63c361..7c3746a0a3 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -152,6 +152,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 1bc13efc55..fe39269c27 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -110,3 +110,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-inventory-api + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml index f19e4127c8..78bcd76a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index 916c5f673f..b8c24355e6 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -145,6 +145,7 @@ spec: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf subPath: filebeat.yml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - emptyDir: {} name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 8f6a1a7da9..00ce47b451 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -92,3 +92,9 @@ resources: # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace # dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-policy-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml index be5f059ed9..f2c5b021ba 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index 7c55628f25..6c4e695228 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -106,6 +106,7 @@ spec: value: "/opt/cert/cacert.pem" - name: SCH_ARGS value: "prod /opt/config.json" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-sch-config configMap: diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index c363626666..8686db49ba 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -85,4 +85,10 @@ resources: unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace -# dcae_ns: "dcae" \ No newline at end of file +# dcae_ns: "dcae" + +#Pods Service Account +serviceAccount: + nameOverride: dcae-servicechange-handler + roles: + - read diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml index 16f38f80a8..9a3009ddec 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml @@ -24,3 +24,6 @@ dependencies: - name: readinessCheck version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml index f2826a77a0..1c6e3593ac 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml @@ -52,6 +52,7 @@ spec: volumeMounts: - name: schema-map mountPath: {{ .Values.schemaMap.directory }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: schema-map configMap: diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml index 2209feb729..873579ee97 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml @@ -64,4 +64,10 @@ resources: requests: cpu: 1 memory: 1Gi - unlimited: {} \ No newline at end of file + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcae-ves-openapi-manager + roles: + - read diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index f82b410e1b..17b077b987 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -68,4 +68,4 @@ dcae-policy-handler: dcae-servicechange-handler: enabled: true dcae-ves-openapi-manager: - enabled: true \ No newline at end of file + enabled: true -- cgit 1.2.3-korg