Merge "[POLICY] Update chart with service account"
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
index 67d45f0..1f3e924 100644
--- a/kubernetes/aai/components/aai-babel/requirements.yaml
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -23,3 +23,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 9fe386a..db35406 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -113,7 +113,7 @@
             name: {{ include "common.fullname" . }}-logs
           - mountPath: /usr/share/filebeat/data
             name: aai-filebeat
-
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: localtime
           hostPath:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 7560efd..4a22467 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -85,3 +85,9 @@
       cpu: 2
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-babel
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml
@@ -24,3 +24,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 5e6f2bc..791bf61 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -162,7 +162,7 @@
           name: {{ include "common.fullname" . }}-logs
         - mountPath: /usr/share/filebeat/data
           name: {{ include "common.fullname" . }}-filebeat
-
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: localtime
         hostPath:
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 63c668f..03d034b 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -246,3 +246,9 @@
       cpu: 1
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-graphadmin
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-modelloader/requirements.yaml
+++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml
@@ -24,3 +24,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 0d24bfe..7509f88 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -87,6 +87,7 @@
           name: aai-filebeat
         resources:
 {{ include "common.resources" . }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: localtime
         hostPath:
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index b235ba1..5da0e57 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -84,3 +84,9 @@
       cpu: 1
       memory: 1536Mi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-modelloader
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-resources/requirements.yaml
+++ b/kubernetes/aai/components/aai-resources/requirements.yaml
@@ -27,3 +27,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 1297809..501a706 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -207,6 +207,7 @@
         - mountPath: /usr/share/filebeat/data
           name: {{ include "common.fullname" . }}-filebeat
         resources: {{ include "common.resources" . | nindent 12 }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: localtime
         hostPath:
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index f30b067..c2658a5 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -257,3 +257,9 @@
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-resources
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml
index cf22720..3d0f24c 100644
--- a/kubernetes/aai/components/aai-schema-service/requirements.yaml
+++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml
@@ -24,3 +24,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 25be4db..d439405 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -116,6 +116,7 @@
           name: {{ include "common.fullname" . }}-logs
         - mountPath: /usr/share/filebeat/data
           name: {{ include "common.fullname" . }}-filebeat
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: aai-common-aai-auth-mount
         secret:
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 50bd6c3..e7479b8 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -140,3 +140,9 @@
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-schema-service
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -27,3 +27,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 45ff270..7d0dfe3 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -175,7 +175,7 @@
           name: aai-sparky-filebeat
         resources:
 {{ include "common.resources" . }}
-
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: localtime
         hostPath:
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 98dca5d..420517f 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -144,3 +144,9 @@
       cpu: 0.5
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-sparky-be
+  roles:
+    - read
diff --git a/kubernetes/aai/components/aai-traversal/requirements.yaml b/kubernetes/aai/components/aai-traversal/requirements.yaml
index f9ba1c1..1552d53 100644
--- a/kubernetes/aai/components/aai-traversal/requirements.yaml
+++ b/kubernetes/aai/components/aai-traversal/requirements.yaml
@@ -27,3 +27,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index dc1c010..037f811 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -233,6 +233,7 @@
           name: {{ include "common.fullname" . }}-filebeat
         resources:
 {{ include "common.resources" . }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: localtime
         hostPath:
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index ad4279a..297de15 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -267,3 +267,9 @@
       cpu: 2
       memory: 4Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai-traversal
+  roles:
+    - read
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index 8b37ef7..1984399 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -62,3 +62,6 @@
     version: ~8.x-0
     repository: 'file://components/aai-traversal'
     condition: aai-traversal.enabled
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 2ca489f..4b08d10 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -115,7 +115,7 @@
       affinity:
 {{ toYaml .Values.affinity | indent 8 }}
       {{- end }}
-
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: localtime
           hostPath:
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index ed61778..1cb2970 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -392,3 +392,9 @@
       cpu: 2
       memory: 2Gi
   unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: aai
+  roles:
+    - read
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index a10b059..46f7d35 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -23,6 +23,8 @@
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
       - name: {{ include "common.name" . }}-db-readiness
         command:
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index a94bd4d..a3dc897 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -91,6 +91,10 @@
   db:
     externalSecret: *dbUserSecretName
     name: &mysqlDbName nbi
+  service:
+    name: nbi-galera
+    portName: nbi-galera
+    internalPort: 3306
   nameOverride: &nbi-galera nbi-galera
   replicaCount: 1
   persistence:
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index 8bcbc1f..c5f289f 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -33,6 +33,8 @@
       labels:
         control-plane: controller-manager
     spec:
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
       {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       containers:
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index 9a6abd4..8215ed9 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -23,6 +23,8 @@
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       volumes:
 {{- if .Values.global.addTestingComponents }}
         - name: cmp-servers-template-volume