From: mpriyank Date: Wed, 27 Aug 2025 13:35:22 +0000 (+0100) Subject: Updated the k8s objects with correct labels X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=03485961e0fa74a61ff79cefddd5ecae8f5a11dd;p=cps.git Updated the k8s objects with correct labels - added the label for app=cps-and-ncmp to all the kubernetes objects - also added the relevant components label based on the type of kubernetes object - added a custom service account cps-hazelcast-service-account to just provide the least amount of priviledges - added cps-hazelcast-rbac file so that the hazelcast members are able to discover using the k8s discovery service Issue-ID: CPS-2960 Change-Id: I32d76fc3a955bd846c5e6aa0d78b80b8995a9c42 Signed-off-by: mpriyank --- diff --git a/cps-charts/templates/cps-deployment.yaml b/cps-charts/templates/cps-deployment.yaml index a09fa7fa41..4fe8677464 100644 --- a/cps-charts/templates/cps-deployment.yaml +++ b/cps-charts/templates/cps-deployment.yaml @@ -2,6 +2,9 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "cps-and-ncmp.fullname" . }}-cps + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: cps-and-ncmp spec: replicas: {{ .Values.cps.replicas }} selector: @@ -14,6 +17,7 @@ spec: app: {{ include "cps-and-ncmp.name" . }} component: cps spec: + serviceAccountName: cps-hazelcast-service-account containers: - name: cps image: "{{ .Values.cps.image.repository }}:{{ .Values.cps.image.tag }}" diff --git a/cps-charts/templates/cps-hazelcast-rbac.yaml b/cps-charts/templates/cps-hazelcast-rbac.yaml new file mode 100644 index 0000000000..9a4852957c --- /dev/null +++ b/cps-charts/templates/cps-hazelcast-rbac.yaml @@ -0,0 +1,54 @@ +# Reference : https://raw.githubusercontent.com/hazelcast/hazelcast/master/kubernetes-rbac.yaml +# Simplified kubernetes-rbac.yaml with minimum necessary permissions granted to pods to query Kubernetes API. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cps-hazelcast-service-account + namespace: default + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: hazelcast + annotations: + description: "Hazelcast discovery via Kubernetes API to find cluster members - minimal RBAC" +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cps-hazelcast-role + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: hazelcast +rules: + - apiGroups: + - "" # core API group (pods, nodes, services, endpoints) + resources: + - endpoints # used to discover other hazelcast members using kubernetes services + - pods + - services + verbs: + - get + - list + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices # (for newer kubernetes versions) used to discover other hazelcast members using kubernetes services + verbs: + - get + - list + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cps-hazelcast-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cps-hazelcast-role +subjects: + - kind: ServiceAccount + name: cps-hazelcast-service-account + namespace: default \ No newline at end of file diff --git a/cps-charts/templates/cps-hazelcast-service.yaml b/cps-charts/templates/cps-hazelcast-service.yaml index 310f869493..2385b409af 100644 --- a/cps-charts/templates/cps-hazelcast-service.yaml +++ b/cps-charts/templates/cps-hazelcast-service.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: Service metadata: name: {{ include "cps-and-ncmp.name" . }}-cps-hazelcast + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: cps-and-ncmp spec: clusterIP: None selector: diff --git a/cps-charts/templates/cps-service.yaml b/cps-charts/templates/cps-service.yaml index c19df5cb11..de8bffd3a2 100644 --- a/cps-charts/templates/cps-service.yaml +++ b/cps-charts/templates/cps-service.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: Service metadata: name: {{ include "cps-and-ncmp.fullname" . }}-cps + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: cps-and-ncmp spec: type: {{ .Values.cps.service.type | default "ClusterIP" }} selector: diff --git a/cps-charts/templates/dmi-stub-deployment.yaml b/cps-charts/templates/dmi-stub-deployment.yaml index f0a59a9c0f..dd56bfa14e 100644 --- a/cps-charts/templates/dmi-stub-deployment.yaml +++ b/cps-charts/templates/dmi-stub-deployment.yaml @@ -4,6 +4,7 @@ metadata: name: {{ include "cps-and-ncmp.fullname" . }}-dmi-stub labels: app: {{ include "cps-and-ncmp.name" . }} + component: dmi-stub spec: replicas: {{ .Values.dmiStub.replicaCount }} selector: diff --git a/cps-charts/templates/dmi-stub-service.yaml b/cps-charts/templates/dmi-stub-service.yaml index bc8b0b64d8..79f727d96e 100644 --- a/cps-charts/templates/dmi-stub-service.yaml +++ b/cps-charts/templates/dmi-stub-service.yaml @@ -4,6 +4,7 @@ metadata: name: {{ include "cps-and-ncmp.fullname" . }}-dmi-stub labels: app: {{ include "cps-and-ncmp.name" . }} + component: dmi-stub spec: type: {{ .Values.dmiStub.service.type }} ports: diff --git a/cps-charts/templates/kafka-deployment.yaml b/cps-charts/templates/kafka-deployment.yaml index eb7e97e17b..46fa90e265 100644 --- a/cps-charts/templates/kafka-deployment.yaml +++ b/cps-charts/templates/kafka-deployment.yaml @@ -3,7 +3,8 @@ kind: Deployment metadata: name: {{ include "cps-and-ncmp.fullname" . }}-kafka labels: - app: kafka + app: {{ include "cps-and-ncmp.name" . }} + component: kafka spec: replicas: {{ .Values.kafka.replicaCount }} selector: diff --git a/cps-charts/templates/kafka-service.yaml b/cps-charts/templates/kafka-service.yaml index a2cdba364c..b50aadd7f5 100644 --- a/cps-charts/templates/kafka-service.yaml +++ b/cps-charts/templates/kafka-service.yaml @@ -3,7 +3,8 @@ kind: Service metadata: name: {{ include "cps-and-ncmp.fullname" . }}-kafka labels: - app: kafka + app: {{ include "cps-and-ncmp.name" . }} + component: kafka spec: type: {{ .Values.kafka.service.type }} ports: diff --git a/cps-charts/templates/postgres-init-configmap.yaml b/cps-charts/templates/postgres-init-configmap.yaml index 5a5344b08e..1a2aca6de2 100644 --- a/cps-charts/templates/postgres-init-configmap.yaml +++ b/cps-charts/templates/postgres-init-configmap.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: postgres-init-sql + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: postgres data: postgres-init.sql: |- {{ .Files.Get "config/postgres-init.sql" | indent 4 }} \ No newline at end of file diff --git a/cps-charts/templates/postgresql-deployment.yaml b/cps-charts/templates/postgresql-deployment.yaml index ecc2137205..3f888f73d8 100644 --- a/cps-charts/templates/postgresql-deployment.yaml +++ b/cps-charts/templates/postgresql-deployment.yaml @@ -2,6 +2,9 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "cps-and-ncmp.fullname" . }}-postgresql + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: postgres spec: replicas: 1 selector: diff --git a/cps-charts/templates/postgresql-service.yaml b/cps-charts/templates/postgresql-service.yaml index 1997c7d88e..ad6b0e64d0 100644 --- a/cps-charts/templates/postgresql-service.yaml +++ b/cps-charts/templates/postgresql-service.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: Service metadata: name: {{ include "cps-and-ncmp.fullname" . }}-postgresql + labels: + app: {{ include "cps-and-ncmp.name" . }} + component: postgres spec: type: ClusterIP selector: