From 5093301c1d25daaa2e9a42fd7d1ed09c06693208 Mon Sep 17 00:00:00 2001 From: farida azmy Date: Sun, 12 Sep 2021 12:56:40 +0200 Subject: [PATCH] [DCAEMOD] Update chart with service account Add service account to requirements, values & deployment/statefulset Issue-ID: OOM-2827 Signed-off-by: farida azmy Change-Id: Icdf48ad2b443b0c360ee89b13cae5a0db6c74dce --- kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml | 3 +++ .../dcaemod/components/dcaemod-designtool/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-designtool/values.yaml | 6 ++++++ .../dcaemod/components/dcaemod-distributor-api/requirements.yaml | 3 +++ .../components/dcaemod-distributor-api/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml | 6 ++++++ .../dcaemod/components/dcaemod-genprocessor/requirements.yaml | 3 +++ .../components/dcaemod-genprocessor/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml | 6 ++++++ kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml | 3 +++ .../components/dcaemod-healthcheck/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml | 5 +++++ .../dcaemod/components/dcaemod-nifi-registry/requirements.yaml | 3 +++ .../components/dcaemod-nifi-registry/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml | 6 ++++++ .../dcaemod/components/dcaemod-onboarding-api/requirements.yaml | 3 +++ .../components/dcaemod-onboarding-api/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml | 6 ++++++ kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml | 3 +++ .../components/dcaemod-runtime-api/templates/deployment.yaml | 1 + kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml | 6 ++++++ 21 files changed, 69 insertions(+) diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml index 0972e6b6b9..233f6e4651 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml index bd2766f6db..556ac90e02 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml @@ -84,5 +84,6 @@ spec: value: {{ .Values.config.nifiJarsIndexURL }} - name: NIFI_DCAE_DISTRIBUTOR_API_URL value: {{ .Values.config.distributorAPIURL }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index 74c7bdb223..86aad57b1b 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -90,3 +90,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-designtool + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml index 696b43a536..f36c2af002 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml @@ -72,5 +72,6 @@ spec: - name : ONBOARDING_API_URL value: {{ .Values.config.onboardingAPIURL }} resources: {{ include "common.resources" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index 541f239d77..61ccfdef79 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -89,3 +89,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-distributor-api + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index 40b0f3edc4..26f6586688 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -72,6 +72,7 @@ spec: - mountPath: /www/data name: genprocessor-data readOnly: true + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: genprocessor-data persistentVolumeClaim: diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 4b79525c83..81c5888f10 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -96,3 +96,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-genprocessor + roles: + - read + diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml index 0697ceb1d6..3762a2acea 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 0eaa2296bb..f46dc5f287 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -58,6 +58,7 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index 6a4fd542e7..bbc72a5b08 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -64,4 +64,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-healthcheck + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml index 90561ac231..53f1de59bc 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml @@ -69,6 +69,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }} - name: NIFI_REGISTRY_DB_PASS {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: flow-storage persistentVolumeClaim: diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml index 25b3b9e318..a0bbacc7ef 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml @@ -88,3 +88,9 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-nifi-registry + roles: + - read diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml index 7416c8cf4f..9320cd04ca 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml index b795f6b736..5c7d1b6d0d 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml @@ -78,5 +78,6 @@ spec: value: "5432" - name: PG_DB_NAME value: dcae_onboarding_db + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 9401bf5340..c36e9b7129 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -114,3 +114,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-onboarding-api + roles: + - read + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml index b242fbf51d..268442616b 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 42f596db1e..d5c37e9858 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -71,6 +71,7 @@ spec: value: {{ .Values.config.bpResourcesCpuLimit }} - name: BP_RESOURCES_MEMORY_LIMIT value: {{ .Values.config.bpResourcesMemoryLimit }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 22c4cdb3b2..e54608b30e 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -93,3 +93,9 @@ resources: memory: 2Gi unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: dcaemod-runtime-api + roles: + - read + -- 2.16.6