Add RBAC roles, fix DANM network bugs

Signed-off-by: Zhe Huang <zhehuang@research.att.com>
Change-Id: I49a7745ded13c248bdfc704d7c1d169c817b1482

diff --git a/ric-aux/bin/install b/ric-aux/bin/install
index 917c942..8a1e849 100755 (executable)
--- a/ric-aux/bin/install
+++ b/ric-aux/bin/install
@@ -86,10 +86,11 @@ for f in $NODENAME; do
     LABEL=$(kubectl describe node $f | grep "local-storage=enable")
     if [ ! -z "$LABEL" ]; then
         LABELFOUND=true
+       echo "Found lable \"local-storage=enable\" at node $f"
     fi
 done
   
-FOUND_STORAGECLASS=$(grep storageclass $OVERRIDEYAML)
+FOUND_STORAGECLASS=$(grep -w storageclass $OVERRIDEYAML)
 
 
 if  ! $LABELFOUND && [ -z "$FOUND_STORAGECLASS" ]; then
@@ -138,6 +139,7 @@ for f in $NODENAME; do
     LABEL=$(kubectl describe node $f | grep "portal-storage=enable")
     if [ ! -z "$LABEL" ]; then
         LABELFOUND=true
+       echo "Found lable \"portal-storage=enable\" at node $f"
     fi
 done
 
@@ -167,6 +169,7 @@ fi
 
 
 
+
 echo Add cluster roles
     cat >ricaux-role.yaml <<EOF
 ---
@@ -227,6 +230,73 @@ subjects:
   - kind: ServiceAccount
     name: default
     namespace: onap
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ricaux-system-tiller
+rules:
+  - apiGroups: [""]
+    resources: ["deployments"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["clusterroles", "clusterrolebindings"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "watch", "get"]
+  - apiGroups: ["configuration.konghq.com"]
+    resources: ["kongconsumers"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["configuration.konghq.com"]
+    resources: ["kongcredentials"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["configuration.konghq.com"]
+    resources: ["kongingresses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["configuration.konghq.com"]
+    resources: ["kongplugins"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["ingresses/status"]
+    verbs: ["update"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingresses/status"]
+    verbs: ["update"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "list", "create", "delete", "watch"]
+  - apiGroups: ["danm.k8s.io"]
+    resources: ["clusternetworks"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "create", "delete"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ricaux-system-tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ricaux-system-tiller
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system
 EOF
 kubectl apply -f ricaux-role.yaml
 rm ricaux-role.yaml
@@ -236,7 +306,7 @@ kubectl create configmap -n ${AUXNAMESPACE:-ricaux} aux-recipe --from-file=recip
 
 
 echo "Clean up dockerdata-nfs directory"
-rm -rf /dockerdata-nfs
+rm -rf /dockerdata-nfs/*
 
 
 echo "Deploying AUX components [$COMPONENTS]"
@@ -253,6 +323,7 @@ for component in $COMPONENTS; do
                     LABEL=$(kubectl describe node $f | grep "aaf-storage=enable")
                     if [ ! -z "$LABEL" ]; then
                         LABELFOUND=true
+                       echo "Found lable \"aaf-storage=enable\" at node $f"
                     fi
                 done
                 
@@ -270,7 +341,7 @@ for component in $COMPONENTS; do
             ;;
             *)
                 helm install -f $OVERRIDEYAML --namespace "${AUXNAMESPACE:-ricaux}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
- 
+               sleep 8 
     esac
 
 done

diff --git a/ric-aux/helm/infrastructure/subcharts/danm-networks/templates/danm.yaml b/ric-aux/helm/infrastructure/subcharts/danm-networks/templates/danm.yaml
index cc4c02d..c94b8bf 100644 (file)
--- a/ric-aux/helm/infrastructure/subcharts/danm-networks/templates/danm.yaml
+++ b/ric-aux/helm/infrastructure/subcharts/danm-networks/templates/danm.yaml
@@ -16,6 +16,7 @@
 {{- if $.Values.global.danm_networks }}
 {{- range keys $.Values.global.danm_networks }}
 {{- with index $.Values.global.danm_networks . }}
+{{- if ne .name "default" }}
 ---
 apiVersion: danm.k8s.io/v1
 kind: ClusterNetwork
@@ -39,7 +40,7 @@ spec:
 {{- if .net6 }}
     net6: {{ .net6 }}
 {{- end }}
-{{- if .routes }}
+{{- if .routes6 }}
     routes6:
 {{- range $subnet, $route := .routes6 }}
       {{ $subnet | quote }}: {{ $route | quote }}
@@ -53,3 +54,4 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}

diff --git a/ric-dep b/ric-dep
index 1d417dc..0b46e7f 160000 (submodule)
--- a/ric-dep
+++ b/ric-dep
@@ -1 +1 @@
-Subproject commit 1d417dcc634d51b240f373773698f46eeef77e84
+Subproject commit 0b46e7f6d5fe9da5da8b81d468d0db1bd2b59cf6