commit c3c291c685a780732ec3c1aff82e04647a1ffb83
author Richard Jankowski <rjankows@ciena.com> Fri Feb 02 13:57:33 2018 -0500
committer khenaidoo Nursimulu <knursimu@ciena.com> Tue Feb 06 16:53:47 2018 +0000
tree 32ca5b0ee5b87003e25f53959477bf5bb70551e6
parent 10a7a7e7563255e1d805c0cca33259c1a5175daf

VOL-569: Create kubernetes deployment configuration for each voltha service

This update:
- renames all voltha images referenced in kubernetes deployment files
  to the 'voltha-<component>' format
- adds the kubernetes deployment files for grafana, dashd, and shovel
- adds deployment files for an Ingress resource and an nginx-based ingress
  controller to allow access to the Consul and Grafana UIs from outside
  the cluster

Manifest file ingress/05-namespace.yml sets up a namespace 'ingress-nginx'
for all ingress-related resources. This file will be deleted once we move
all voltha components, including ingress, to a 'voltha' namespace.

Deployment instructions for the ingress resources are provided in README.md.

Change-Id: I0459e838318c43e21f40e83b314f77fc9e0456f8

k8s/ingress/50-rbac.yml

diff --git a/k8s/ingress/50-rbac.yml b/k8s/ingress/50-rbac.yml
new file mode 100644
index 0000000..3018532
--- /dev/null
+++ b/k8s/ingress/50-rbac.yml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nginx-ingress-serviceaccount
+  namespace: ingress-nginx
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: nginx-ingress-clusterrole
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - endpoints
+      - nodes
+      - pods
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+        - events
+    verbs:
+        - create
+        - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: nginx-ingress-role
+  namespace: ingress-nginx
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      # Defaults to "<election-id>-<ingress-class>"
+      # Here: "<ingress-controller-leader>-<nginx>"
+      # This has to be adapted if you change either parameter
+      # when launching the nginx-ingress-controller.
+      - "ingress-controller-leader-nginx"
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - get
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: nginx-ingress-role-nisa-binding
+  namespace: ingress-nginx
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: nginx-ingress-role
+subjects:
+  - kind: ServiceAccount
+    name: nginx-ingress-serviceaccount
+    namespace: ingress-nginx
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: nginx-ingress-clusterrole-nisa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: nginx-ingress-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: nginx-ingress-serviceaccount
+    namespace: ingress-nginx