Merge "[POLICY] Update chart with service account"
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
index 67d45f0..1f3e924 100644
--- a/kubernetes/aai/components/aai-babel/requirements.yaml
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -23,3 +23,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 9fe386a..db35406 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -113,7 +113,7 @@
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 7560efd..4a22467 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -85,3 +85,9 @@
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-babel
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
@@ -24,3 +24,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 5e6f2bc..791bf61 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -162,7 +162,7 @@
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 63c668f..03d034b 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -246,3 +246,9 @@
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-graphadmin
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-modelloader/requirements.yaml
+++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml
@@ -24,3 +24,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 0d24bfe..7509f88 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -87,6 +87,7 @@
name: aai-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index b235ba1..5da0e57 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -84,3 +84,9 @@
cpu: 1
memory: 1536Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-modelloader
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-resources/requirements.yaml
+++ b/kubernetes/aai/components/aai-resources/requirements.yaml
@@ -27,3 +27,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 1297809..501a706 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -207,6 +207,7 @@
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index f30b067..c2658a5 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -257,3 +257,9 @@
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-resources
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-schema-service/requirements.yaml
+++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml
@@ -24,3 +24,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 25be4db..d439405 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -116,6 +116,7 @@
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
secret:
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 50bd6c3..e7479b8 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -140,3 +140,9 @@
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-schema-service
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -27,3 +27,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 45ff270..7d0dfe3 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -175,7 +175,7 @@
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 98dca5d..420517f 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -144,3 +144,9 @@
cpu: 0.5
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-sparky-be
+ roles:
+ - read
diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-traversal/requirements.yaml
+++ b/kubernetes/aai/components/aai-traversal/requirements.yaml
@@ -27,3 +27,6 @@
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index dc1c010..037f811 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -233,6 +233,7 @@
name: {{ include "common.fullname" . }}-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index ad4279a..297de15 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -267,3 +267,9 @@
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index 8b37ef7..1984399 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -62,3 +62,6 @@
version: ~8.x-0
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 2ca489f..4b08d10 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -115,7 +115,7 @@
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index ed61778..1cb2970 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -392,3 +392,9 @@
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index a10b059..46f7d35 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -23,6 +23,8 @@
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index a94bd4d..a3dc897 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -91,6 +91,10 @@
db:
externalSecret: *dbUserSecretName
name: &mysqlDbName nbi
+ service:
+ name: nbi-galera
+ portName: nbi-galera
+ internalPort: 3306
nameOverride: &nbi-galera nbi-galera
replicaCount: 1
persistence:
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index 8bcbc1f..c5f289f 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -33,6 +33,8 @@
labels:
control-plane: controller-manager
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index 9a6abd4..8215ed9 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -23,6 +23,8 @@
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
volumes:
{{- if .Values.global.addTestingComponents }}
- name: cmp-servers-template-volume