[DCAEGEN2] Update chart with service account Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>

commit: 37481801565c24fd5651a812adac5387f8e50e2f [log] [tgz]
author: farida azmy <farida.azmy.ext@orange.com> Sun Apr 11 15:41:32 2021 +0200
committer: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Sun Oct 10 20:12:28 2021 +0000
tree: 7e5e776e7dcbde38a5c4d87e6ccde20ed7d1c3af
parent: f09d817b0f58f89e9db06875e78404e7d978504e [diff]
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4..0be6c7b 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml

@@ -32,6 +32,7 @@
   resources:
   - pods
   - deployments
+  - deployments/status
   - jobs
   - jobs/status
   - statefulsets
@@ -52,6 +53,7 @@
   resources:
   - pods
   - deployments
+  - deployments/status
   - jobs
   - jobs/status
   - statefulsets
@@ -59,6 +61,7 @@
   - replicasets/status
   - daemonsets
   - secrets
+  - services
   verbs:
   - get
   - watch
@@ -68,6 +71,7 @@
   - apps
   resources:
   - statefulsets
+  - configmaps
   verbs:
   - patch
 - apiGroups:
@@ -76,6 +80,8 @@
   resources:
   - deployments
   - secrets
+  - services
+  - pods
   verbs:
   - create
 - apiGroups:
@@ -85,7 +91,8 @@
   - pods
   - persistentvolumeclaims
   - secrets
-  - deployment
+  - deployments
+  - services
   verbs:
   - delete
 - apiGroups:
@@ -95,6 +102,13 @@
   - pods/exec
   verbs:
   - create
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - certificates
+  verbs:
+  - create
+  - delete
 {{-     else }}
 # if you don't match read or create, then you're not allowed to use API
 # except to see basic information about yourself

diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index 353f4ea..b6eeb5b 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml

@@ -32,3 +32,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index d95883a..4addb2b 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml

@@ -136,6 +136,7 @@
               value: {{ .Values.dcae_ns | default "" }}
             - name: ONAP_NAMESPACE
               value: {{ include "common.namespace" . }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-dcae-inputs-input
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index f3e6c29..b012ee4 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml

@@ -137,3 +137,9 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-bootstrap
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index 413f997..877839e 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml

@@ -24,3 +24,6 @@
   - name: cmpv2Config
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 204a3e2..f5fc9ca 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml

@@ -169,6 +169,7 @@
             readOnly: true
           securityContext:
             privileged: True
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-config
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index e6567d9..17ba5ec 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml

@@ -127,3 +127,10 @@
   mountPath: /dockerdata-nfs
   mountSubPath: dcae-cm/data
   volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-cloudify-manager
+  roles:
+    - create
+

diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
index be5f059..f2c5b02 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml

@@ -20,3 +20,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 65d0b36..c7e1d70 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml

@@ -167,6 +167,7 @@
           - name: {{ include "common.fullname" . }}-logs-i
             mountPath: /var/log/onap/config-binding-service
         {{ end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-fb-conf
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 1d42142..719e73f 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml

@@ -91,3 +91,9 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-config-binding-service
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
index 2fe8479..8759678 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml

@@ -22,3 +22,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index e93f8d8..dbb6c67 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml

@@ -161,6 +161,7 @@
           - mountPath: /usr/share/filebeat/filebeat.yml
             name: filebeat-conf
             subPath: filebeat.yml
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - emptyDir: {}
           name: component-log

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 6640f78..a083b51 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml

@@ -119,3 +119,9 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-dashboard
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
index f19e412..78bcd76 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml

@@ -20,3 +20,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index 1b39dc6..1ad42e0 100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml

@@ -154,6 +154,7 @@
           - mountPath: /usr/share/filebeat/filebeat.yml
             name: filebeat-conf
             subPath: filebeat.yml
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - emptyDir: {}
           name: component-log

diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index fc4d07d..3435462 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml

@@ -91,3 +91,8 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+serviceAccount:
+  nameOverride: dcae-deployment-handler
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
index 0697ceb..3762a2a 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml

@@ -23,3 +23,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
index 9514f41..641dfdf 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml

@@ -74,6 +74,7 @@
               value: {{ include "common.release" . }}
             - name: DEPLOY_LABEL
               value: cfydeployment
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-expected-components
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 221e579..1c6cff0 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml

@@ -67,3 +67,8 @@
 # If empty, use the common namespace
 # dcae_ns: "onap"
 
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-healthcheck
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
index 63ac56c..32d8b5b 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml

@@ -23,3 +23,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index d25d63c..7c3746a 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml

@@ -152,6 +152,7 @@
           - mountPath: /usr/share/filebeat/filebeat.yml
             name: filebeat-conf
             subPath: filebeat.yml
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - emptyDir: {}
           name: component-log

diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 1bc13ef..fe39269 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml

@@ -110,3 +110,9 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-inventory-api
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
index f19e412..78bcd76 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml

@@ -20,3 +20,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index 916c5f6..b8c2435 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml

@@ -145,6 +145,7 @@
           - mountPath: /usr/share/filebeat/filebeat.yml
             name: filebeat-conf
             subPath: filebeat.yml
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - emptyDir: {}
           name: component-log

diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 8f6a1a7..00ce47b 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml

@@ -92,3 +92,9 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-policy-handler
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
index be5f059..f2c5b02 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml

@@ -20,3 +20,6 @@
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
index 7c55628..6c4e695 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml

@@ -106,6 +106,7 @@
               value: "/opt/cert/cacert.pem"
             - name: SCH_ARGS
               value: "prod /opt/config.json"
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: {{ include "common.fullname" . }}-sch-config
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
index c363626..8686db4 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml

@@ -85,4 +85,10 @@
   unlimited: {}
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
-# dcae_ns: "dcae"
\ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-servicechange-handler
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
index 16f38f8..9a3009d 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml

@@ -24,3 +24,6 @@
   - name: readinessCheck
     version: ~8.x-0
     repository: '@local'
+  - name: serviceAccount
+    version: ~8.x-0
+    repository: '@local'

diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
index f2826a7..1c6e359 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml

@@ -52,6 +52,7 @@
           volumeMounts:
             - name: schema-map
               mountPath: {{ .Values.schemaMap.directory }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         - name: schema-map
           configMap:

diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
index 2209feb..873579e 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml

@@ -64,4 +64,10 @@
     requests:
       cpu: 1
       memory: 1Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+  nameOverride: dcae-ves-openapi-manager
+  roles:
+    - read

diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index f82b410..17b077b 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml

@@ -68,4 +68,4 @@
 dcae-servicechange-handler:
   enabled: true
 dcae-ves-openapi-manager:
-  enabled: true
\ No newline at end of file
+  enabled: true

diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index fbd545c..6cabde7 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml

@@ -79,7 +79,7 @@
     selfsigning:
       name: &selfSigningIssuer cmpv2-selfsigning-issuer
     ca:
-      name: &caIssuer cmpv2-ca-issuer
+      name: &caIssuer cmpv2-issuer-onap
       secret:
         name: &caKeyPairSecret  cmpv2-ca-key-pair
   server:
commit	37481801565c24fd5651a812adac5387f8e50e2f	[log] [tgz]
author	farida azmy <farida.azmy.ext@orange.com>	Sun Apr 11 15:41:32 2021 +0200
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	Sun Oct 10 20:12:28 2021 +0000
tree	7e5e776e7dcbde38a5c4d87e6ccde20ed7d1c3af
parent	f09d817b0f58f89e9db06875e78404e7d978504e [diff]