Removing externally mounted kubeconfig from bbsim-sadis-server and provide authorization via ClusterRole
Change-Id: Ia5776a58a8c7dee652a54d916a7f7256defd9991
diff --git a/README.md b/README.md
index 36f4e89..f5e3f65 100644
--- a/README.md
+++ b/README.md
@@ -30,18 +30,6 @@
helm repo update
```
-#### Load the kubernetes config in the cluster
-
-*This is only required if you will deploy `bbsim-sadis-server`*
-
-```
-kubectl create namespace infra
-kubectl create configmap -n infra kube-config "--from-file=kube_config=$KUBECONFIG"
-```
-*If the `kubectl create namespace infra` outputs `Error from server (AlreadyExists): namespaces "infra" already exists`
-that is fine and you can proceed. That output means that somebody already deployed in that cluster and created the
-`infra` namespace.*
-
### Installing VOLTHA infrastructure
VOLTHA relies to a set of infrastructure components (ONOS, Kafka, ETCD, ...) that
diff --git a/bbsim-sadis-server/Chart.yaml b/bbsim-sadis-server/Chart.yaml
index 35dd104..490a4f5 100644
--- a/bbsim-sadis-server/Chart.yaml
+++ b/bbsim-sadis-server/Chart.yaml
@@ -14,7 +14,7 @@
---
apiVersion: "v1"
name: "bbsim-sadis-server"
-version: "0.2.0"
+version: "0.2.1"
description: "A Helm chart for Voltha BBSIM sadis server"
keywords:
- "onf"
diff --git a/bbsim-sadis-server/templates/clusterrole.yaml b/bbsim-sadis-server/templates/clusterrole.yaml
deleted file mode 100644
index f73108a..0000000
--- a/bbsim-sadis-server/templates/clusterrole.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright 2020-present Open Networking Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: "rbac.authorization.k8s.io/v1"
-kind: "ClusterRole"
-metadata:
- name: "{{ .Release.Name }}-pod-svc-reader"
- namespace: {{ .Release.Namespace | quote }}
-rules:
- - apiGroups: [""]
- resources: ["pods", "services"]
- verbs: ["get", "list", "watch"]
diff --git a/bbsim-sadis-server/templates/clusterrolebinding.yaml b/bbsim-sadis-server/templates/clusterrolebinding.yaml
deleted file mode 100644
index 500e69c..0000000
--- a/bbsim-sadis-server/templates/clusterrolebinding.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Copyright 2020-present Open Networking Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: "rbac.authorization.k8s.io/v1"
-kind: "ClusterRoleBinding"
-metadata:
- name: "{{ .Release.Name }}-pod-svc-reader-binding"
- namespace: {{ .Release.Namespace | quote }}
-subjects:
- - kind: "ServiceAccount"
- name: "{{ .Release.Name }}-service-account"
- namespace: {{ .Release.Namespace | quote }}
-roleRef:
- kind: "ClusterRole"
- name: "{{ .Release.Name }}-pod-svc-reader"
- apiGroup: "rbac.authorization.k8s.io"
diff --git a/bbsim-sadis-server/templates/deployment.yaml b/bbsim-sadis-server/templates/deployment.yaml
index 69ef00b..1584bb3 100644
--- a/bbsim-sadis-server/templates/deployment.yaml
+++ b/bbsim-sadis-server/templates/deployment.yaml
@@ -36,7 +36,7 @@
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
- serviceAccountName: {{ default (printf "%s-%s" .Release.Name "service-account") .Values.serviceAccountName | quote }}
+ serviceAccountName: {{ .Values.serviceAccountName | quote }}
containers:
- name: "sadis"
image: "{{ tpl .Values.images.bbsim_sadis_server.registry . }}{{ tpl .Values.images.bbsim_sadis_server.repository . }}:{{ tpl ( tpl .Values.images.bbsim_sadis_server.tag . ) . }}"
@@ -46,12 +46,3 @@
- "-log_level={{.Values.global.log_level}}"
- "-log_format={{.Values.global.log_format}}"
- "-bbsim_sadis_port={{.Values.bbsim_sadis_port}}"
- volumeMounts:
- - name: kube-config-volume
- mountPath: /etc/kube
- volumes:
- - name: kube-config-volume
- configMap:
- # Provide the name of the ConfigMap containing the files you want
- # to add to the container
- name: kube-config
diff --git a/bbsim-sadis-server/templates/permissions.yaml b/bbsim-sadis-server/templates/permissions.yaml
new file mode 100644
index 0000000..ecff359
--- /dev/null
+++ b/bbsim-sadis-server/templates/permissions.yaml
@@ -0,0 +1,48 @@
+# Copyright 2020-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: "v1"
+kind: "ServiceAccount"
+metadata:
+ name: "{{ .Values.serviceAccountName }}"
+ namespace: {{ .Release.Namespace | quote }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+kind: ClusterRole
+metadata:
+ name: "{{ .Release.Name }}-{{ .Chart.Name }}-pod-svc-reader"
+ namespace: {{ .Release.Namespace | quote }}
+rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+kind: "ClusterRoleBinding"
+metadata:
+ name: "{{ .Release.Name }}-{{ .Chart.Name }}-pod-svc-reader-binding"
+ namespace: {{ .Release.Namespace | quote }}
+subjects:
+ - kind: "ServiceAccount"
+ name: "{{ .Values.serviceAccountName }}"
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: "ClusterRole"
+ name: "{{ .Release.Name }}-{{ .Chart.Name }}-pod-svc-reader"
+ apiGroup: "rbac.authorization.k8s.io"
diff --git a/bbsim-sadis-server/templates/serviceaccount.yaml b/bbsim-sadis-server/templates/serviceaccount.yaml
deleted file mode 100644
index 1d5948a..0000000
--- a/bbsim-sadis-server/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2020-present Open Networking Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: "v1"
-kind: "ServiceAccount"
-metadata:
- name: "{{ .Release.Name }}-service-account"
- namespace: {{ .Release.Namespace | quote }}
diff --git a/bbsim-sadis-server/values.yaml b/bbsim-sadis-server/values.yaml
index a538604..6cd326f 100644
--- a/bbsim-sadis-server/values.yaml
+++ b/bbsim-sadis-server/values.yaml
@@ -25,7 +25,7 @@
bbsim_sadis_port: 50074
-serviceAccountName: ~
+serviceAccountName: bbsim-sadis-server
images:
bbsim_sadis_server:
diff --git a/voltha-infra/Chart.yaml b/voltha-infra/Chart.yaml
index 77c94d4..9ad407d 100644
--- a/voltha-infra/Chart.yaml
+++ b/voltha-infra/Chart.yaml
@@ -29,7 +29,7 @@
name: voltha-infra
appVersion: "2.9-dev"
-version: 2.9.5
+version: 2.9.6
dependencies:
- name: onos-classic
@@ -37,8 +37,8 @@
version: 0.1.20
condition: onos-classic.enabled
- name: bbsim-sadis-server
- repository: https://charts.opencord.org
- version: 0.2.0
+ repository: file://../bbsim-sadis-server
+ version: 0.2.1
condition: bbsim-sadis-server.enabled
- name: etcd
repository: https://charts.bitnami.com/bitnami