resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.dcae_ns | default "" }}
- name: ONAP_NAMESPACE
value: {{ include "common.namespace" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-dcae-inputs-input
configMap:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bootstrap
+ roles:
+ - read
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
readOnly: true
securityContext:
privileged: True
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
mountPath: /dockerdata-nfs
mountSubPath: dcae-cm/data
volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-cloudify-manager
+ roles:
+ - create
+
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- name: {{ include "common.fullname" . }}-logs-i
mountPath: /var/log/onap/config-binding-service
{{ end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-fb-conf
configMap:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-config-binding-service
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-dashboard
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+serviceAccount:
+ nameOverride: dcae-deployment-handler
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ include "common.release" . }}
- name: DEPLOY_LABEL
value: cfydeployment
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
# If empty, use the common namespace
# dcae_ns: "onap"
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-healthcheck
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-inventory-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-policy-handler
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: "/opt/cert/cacert.pem"
- name: SCH_ARGS
value: "prod /opt/config.json"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
\ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-servicechange-handler
+ roles:
+ - read
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
configMap:
requests:
cpu: 1
memory: 1Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-openapi-manager
+ roles:
+ - read
dcae-servicechange-handler:
enabled: true
dcae-ves-openapi-manager:
- enabled: true
\ No newline at end of file
+ enabled: true
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server: