From 40cdf49a6888326a1af68530203847662fcfe398 Mon Sep 17 00:00:00 2001
From: Anaël Closson <ac2550@intl.att.com>
Date: Mon, 9 Oct 2017 14:52:24 +0200
Subject: Containers not starting fails on RBAC enabled k8s
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When running the OOM scripts on a RBAC enabled kubernetes,
readiness probes failed to check dependencies status as they
don't have the needed access rights.

Note for the reviewer :
 The fix has been tested on a rancher installation (k8s 1.8)
 and on a kubeadm installation (k8s 1.8), but not a previous
 versions of k8s. There might be issues with the command when
 used on pre RBAC (<1.6) versions of k8s. This should be tested
 with such version if early backward compatibility should be a
 concern.

Change-Id: I7a915fc08927cd0fc0d5ea70a75f44c1380de926
Issue-ID: OOM-349
Signed-off-by: Anaël Closson <ac2550@intl.att.com>
---
 kubernetes/oneclick/createAll.bash | 8 ++++++++
 kubernetes/oneclick/deleteAll.bash | 6 ++++++
 2 files changed, 14 insertions(+)

(limited to 'kubernetes/oneclick')

diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 8d41ee45a6..c23f01456a 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -26,6 +26,11 @@ check_return_code(){
   fi
 }
 
+create_service_account() {
+  cmd=`echo kubectl create clusterrolebinding $1-$2-admin-binding --clusterrole=cluster-admin --serviceaccount=$1-$2:default`
+  eval ${cmd}
+  check_return_code $cmd
+}
 
 create_namespace() {
   cmd=`echo kubectl create namespace $1-$2`
@@ -164,6 +169,9 @@ for i in ${HELM_APPS[@]}; do
   printf "\nCreating namespace **********\n"
   create_namespace $NS $i
 
+  printf "\nCreating service account **********\n"
+  create_service_account $NS $i
+
   printf "\nCreating registry secret **********\n"
   create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
 
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index c0e696c491..53f2d4d9fa 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -12,6 +12,11 @@ delete_namespace() {
   printf "Namespace $_NS deleted.\n\n"
 }
 
+delete_service_account() {
+    kubectl delete clusterrolebinding $1-$2-admin-binding
+    printf "Service account $1-$2-admin-binding deleted.\n\n"
+}
+
 delete_registry_key() {
   kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
 }
@@ -76,6 +81,7 @@ for i in ${HELM_APPS[@]}; do
 
   delete_app_helm $NS $i
   delete_namespace $NS $i
+  delete_service_account $NS $i
 
 done
 
-- 
cgit 1.2.3-korg