LABEL=$(kubectl describe node $f | grep "local-storage=enable")
if [ ! -z "$LABEL" ]; then
LABELFOUND=true
+ echo "Found lable \"local-storage=enable\" at node $f"
fi
done
-FOUND_STORAGECLASS=$(grep storageclass $OVERRIDEYAML)
+FOUND_STORAGECLASS=$(grep -w storageclass $OVERRIDEYAML)
if ! $LABELFOUND && [ -z "$FOUND_STORAGECLASS" ]; then
LABEL=$(kubectl describe node $f | grep "portal-storage=enable")
if [ ! -z "$LABEL" ]; then
LABELFOUND=true
+ echo "Found lable \"portal-storage=enable\" at node $f"
fi
done
kubectl create ns onap
fi
-HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"jobs.batch \"ricaux-portal-db-config\" is forbidden: User \"system:serviceaccount:ricaux:default\" cannot get resource \"jobs/status\" in API group \"batch\" in the namespace \"ricaux\"","reason":"Forbidden","details":{"name":"ricaux-portal-db-config","group":"batch","kind":"jobs"},"code":403}
-
-
-HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:serviceaccount:onap:default\" cannot list resource \"pods\" in API group \"\" in the namespace \"onap\"","reason":"Forbidden","details":{"kind":"pods"},"code":403}
- kind: ServiceAccount
name: default
namespace: onap
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ricaux-system-tiller
+rules:
+ - apiGroups: [""]
+ resources: ["deployments"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["clusterroles", "clusterrolebindings"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list", "watch", "get"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongconsumers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongcredentials"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongingresses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongplugins"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["extensions"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "create", "delete", "watch"]
+ - apiGroups: ["danm.k8s.io"]
+ resources: ["clusternetworks"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "create", "delete"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ricaux-system-tiller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ricaux-system-tiller
+subjects:
+ - kind: ServiceAccount
+ name: tiller
+ namespace: kube-system
EOF
kubectl apply -f ricaux-role.yaml
rm ricaux-role.yaml
echo "Clean up dockerdata-nfs directory"
-rm -rf /dockerdata-nfs
+rm -rf /dockerdata-nfs/*
echo "Deploying AUX components [$COMPONENTS]"
LABEL=$(kubectl describe node $f | grep "aaf-storage=enable")
if [ ! -z "$LABEL" ]; then
LABELFOUND=true
+ echo "Found lable \"aaf-storage=enable\" at node $f"
fi
done
;;
*)
helm install -f $OVERRIDEYAML --namespace "${AUXNAMESPACE:-ricaux}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
-
+ sleep 8
esac
done