When running the OOM scripts on a RBAC enabled kubernetes,
readiness probes failed to check dependencies status as they
don't have the needed access rights.
Note for the reviewer :
The fix has been tested on a rancher installation (k8s 1.8)
and on a kubeadm installation (k8s 1.8), but not a previous
versions of k8s. There might be issues with the command when
used on pre RBAC (<1.6) versions of k8s. This should be tested
with such version if early backward compatibility should be a
concern.
Change-Id: I7a915fc08927cd0fc0d5ea70a75f44c1380de926
Issue-ID: OOM-349
Signed-off-by: Anaël Closson <ac2550@intl.att.com>
fi
}
+create_service_account() {
+ cmd=`echo kubectl create clusterrolebinding $1-$2-admin-binding --clusterrole=cluster-admin --serviceaccount=$1-$2:default`
+ eval ${cmd}
+ check_return_code $cmd
+}
create_namespace() {
cmd=`echo kubectl create namespace $1-$2`
printf "\nCreating namespace **********\n"
create_namespace $NS $i
+ printf "\nCreating service account **********\n"
+ create_service_account $NS $i
+
printf "\nCreating registry secret **********\n"
create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
printf "Namespace $_NS deleted.\n\n"
}
+delete_service_account() {
+ kubectl delete clusterrolebinding $1-$2-admin-binding
+ printf "Service account $1-$2-admin-binding deleted.\n\n"
+}
+
delete_registry_key() {
kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
}
delete_app_helm $NS $i
delete_namespace $NS $i
+ delete_service_account $NS $i
done
Code Review / oom.git / commitdiff