From c117837c568716c43c5adf26a2fe3ceb88f915c9 Mon Sep 17 00:00:00 2001
From: farida azmy <farida.azmy.ext@orange.com>
Date: Sun, 11 Apr 2021 12:55:33 +0200
Subject: [PATCH] [POLICY] Update chart with service account

Add service account to requirements.yaml, values.yaml and
deployment/statefulset

Issue-ID: OOM-2725
Signed-off-by: farida azmy <farida.azmy.ext@orange.com>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I67c689d65ff004c3919256449d0bfaf976514a93
---
 kubernetes/policy/components/policy-apex-pdp/requirements.yaml      | 3 +++
 .../policy/components/policy-apex-pdp/templates/statefulset.yaml    | 1 +
 kubernetes/policy/components/policy-apex-pdp/values.yaml            | 6 ++++++
 kubernetes/policy/components/policy-api/requirements.yaml           | 3 +++
 kubernetes/policy/components/policy-api/templates/deployment.yaml   | 1 +
 kubernetes/policy/components/policy-api/values.yaml                 | 6 ++++++
 kubernetes/policy/components/policy-clamp-be/requirements.yaml      | 3 +++
 .../policy/components/policy-clamp-be/templates/deployment.yaml     | 1 +
 kubernetes/policy/components/policy-clamp-be/values.yaml            | 6 ++++++
 kubernetes/policy/components/policy-clamp-fe/requirements.yaml      | 3 +++
 .../policy/components/policy-clamp-fe/templates/deployment.yaml     | 1 +
 kubernetes/policy/components/policy-clamp-fe/values.yaml            | 6 ++++++
 kubernetes/policy/components/policy-distribution/requirements.yaml  | 3 +++
 .../policy/components/policy-distribution/templates/deployment.yaml | 1 +
 kubernetes/policy/components/policy-distribution/values.yaml        | 6 ++++++
 kubernetes/policy/components/policy-drools-pdp/requirements.yaml    | 3 +++
 .../policy/components/policy-drools-pdp/templates/statefulset.yaml  | 1 +
 kubernetes/policy/components/policy-drools-pdp/values.yaml          | 6 ++++++
 kubernetes/policy/components/policy-nexus/requirements.yaml         | 3 +++
 kubernetes/policy/components/policy-nexus/templates/deployment.yaml | 1 +
 kubernetes/policy/components/policy-nexus/values.yaml               | 6 ++++++
 kubernetes/policy/components/policy-pap/requirements.yaml           | 3 +++
 kubernetes/policy/components/policy-pap/templates/deployment.yaml   | 1 +
 kubernetes/policy/components/policy-pap/values.yaml                 | 6 ++++++
 kubernetes/policy/components/policy-xacml-pdp/requirements.yaml     | 3 +++
 .../policy/components/policy-xacml-pdp/templates/deployment.yaml    | 1 +
 kubernetes/policy/components/policy-xacml-pdp/values.yaml           | 6 ++++++
 kubernetes/policy/requirements.yaml                                 | 3 +++
 kubernetes/policy/templates/job.yaml                                | 1 +
 kubernetes/policy/values.yaml                                       | 5 +++++
 30 files changed, 99 insertions(+)

diff --git a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
index 1c57aa449b..f320b219dc 100755
--- a/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 586f468334..4d9ff9250e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -115,6 +115,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index aa1daf703f..eb6292a039 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -133,3 +133,9 @@ resources:
       cpu: 20m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-apex-pdp
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml
index 7bc531a759..2365cd729a 100755
--- a/kubernetes/policy/components/policy-api/requirements.yaml
+++ b/kubernetes/policy/components/policy-api/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 899e74e674..de0558e4cd 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -107,6 +107,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index da983e5b5b..36eb5c4899 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -143,3 +143,9 @@ resources:
       cpu: 200m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-api
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-clamp-be/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
index 88fd9d90eb..670f8cb65a 100644
--- a/kubernetes/policy/components/policy-clamp-be/requirements.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
index c243e30540..e61cca0e49 100644
--- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
index 71d2517be1..dcbe59c382 100644
--- a/kubernetes/policy/components/policy-clamp-be/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -156,3 +156,9 @@ resources:
       cpu: 10m
       memory: 3Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-clamp-be
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
index 88fd9d90eb..670f8cb65a 100644
--- a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
index 97c7919389..1349558651 100644
--- a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
@@ -91,6 +91,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap:
diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
index 9712a38e10..a7c8d6defa 100644
--- a/kubernetes/policy/components/policy-clamp-fe/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -146,3 +146,9 @@ resources:
       cpu: 10m
       memory: 50Mi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-clamp-fe
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml
index 0006e4965a..db84102327 100755
--- a/kubernetes/policy/components/policy-distribution/requirements.yaml
+++ b/kubernetes/policy/components/policy-distribution/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 04db6d70c7..4745aac23b 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -121,6 +121,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 6788613ceb..fb6ef6e039 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -155,3 +155,9 @@ resources:
       cpu: 200m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-distribution
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
index 29b1053600..6c540a4bcf 100755
--- a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index 7e9c6cfde8..d389246b5c 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -125,6 +125,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 4eb37c6106..38d398998c 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -188,3 +188,9 @@ resources:
       cpu: 200m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-drools-pdp
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-nexus/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml
index 343812db25..20cc48f360 100755
--- a/kubernetes/policy/components/policy-nexus/requirements.yaml
+++ b/kubernetes/policy/components/policy-nexus/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
index 3d5d59fea2..4c945f4605 100755
--- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
@@ -83,6 +83,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
       volumes:
         - name: localtime
           hostPath:
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index 7801b525f2..3d77e67456 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -92,3 +92,9 @@ resources:
       cpu: 2m
       memory: 1Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-nexus
+  roles:
+    - nothing
diff --git a/kubernetes/policy/components/policy-pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml
index 3f0071ab7c..18de3a6517 100755
--- a/kubernetes/policy/components/policy-pap/requirements.yaml
+++ b/kubernetes/policy/components/policy-pap/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index a02752c033..77474a8387 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -122,6 +122,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 18e0e3e171..3c4c3e5ec6 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -169,3 +169,9 @@ resources:
       cpu: 200m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-pap
+  roles:
+    - read
diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
index 7bc531a759..2365cd729a 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index 73ae6dd55a..2da0035fa0 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -131,6 +131,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
 {{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 64c00e9bed..9eda53ee9b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -152,3 +152,9 @@ resources:
       cpu: 200m
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-xacml-pdp
+  roles:
+    - read
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index 33447a2571..c98d4fc7a8 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -59,3 +59,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index ad195722b2..72c94f30c5 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -72,6 +72,7 @@ spec:
         resources:
 {{ include "common.resources" . }}
       restartPolicy: Never
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-config
           configMap:
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 678772c481..92344dd2fe 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -148,3 +148,8 @@ resources:
       memory: 2Gi
   unlimited: {}
 
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy
+  roles:
+    - read
-- 
2.16.6