1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018 AT&T
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 apiVersion: extensions/v1beta1
19 name: {{ include "common.fullname" . }}
20 namespace: {{ include "common.namespace" . }}
22 app: {{ include "common.name" . }}
23 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
27 replicas: {{ .Values.replicaCount }}
30 app: {{ include "common.name" . }}
34 app: {{ include "common.name" . }}
35 release: {{ .Release.Name }}
36 name: {{ include "common.name" . }}
38 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
39 msb.onap.org/service-info: '[
41 "serviceName": "_aai-cloudInfrastructure",
43 "url": "/aai/v11/cloud-infrastructure",
47 "lb_policy":"ip_hash",
49 "path": "/aai/v11/cloud-infrastructure"
52 "serviceName": "_aai-cloudInfrastructure",
54 "url": "/aai/v12/cloud-infrastructure",
58 "lb_policy":"ip_hash",
60 "path": "/aai/v12/cloud-infrastructure"
63 "serviceName": "_aai-cloudInfrastructure",
65 "url": "/aai/v13/cloud-infrastructure",
69 "lb_policy":"ip_hash",
71 "path": "/aai/v13/cloud-infrastructure"
74 "serviceName": "_aai-business",
76 "url": "/aai/v11/business",
80 "lb_policy":"ip_hash",
82 "path": "/aai/v11/business"
85 "serviceName": "_aai-business",
87 "url": "/aai/v12/business",
91 "lb_policy":"ip_hash",
93 "path": "/aai/v12/business"
96 "serviceName": "_aai-business",
98 "url": "/aai/v13/business",
102 "lb_policy":"ip_hash",
104 "path": "/aai/v13/business"
107 "serviceName": "_aai-actions",
109 "url": "/aai/v11/actions",
113 "lb_policy":"ip_hash",
115 "path": "/aai/v11/actions"
118 "serviceName": "_aai-actions",
120 "url": "/aai/v12/actions",
124 "lb_policy":"ip_hash",
126 "path": "/aai/v12/actions"
129 "serviceName": "_aai-actions",
131 "url": "/aai/v13/actions",
135 "lb_policy":"ip_hash",
137 "path": "/aai/v13/actions"
140 "serviceName": "_aai-service-design-and-creation",
142 "url": "/aai/v11/service-design-and-creation",
146 "lb_policy":"ip_hash",
148 "path": "/aai/v11/service-design-and-creation"
151 "serviceName": "_aai-service-design-and-creation",
153 "url": "/aai/v12/service-design-and-creation",
157 "lb_policy":"ip_hash",
159 "path": "/aai/v12/service-design-and-creation"
162 "serviceName": "_aai-service-design-and-creation",
164 "url": "/aai/v13/service-design-and-creation",
168 "lb_policy":"ip_hash",
170 "path": "/aai/v13/service-design-and-creation"
173 "serviceName": "_aai-network",
175 "url": "/aai/v11/network",
179 "lb_policy":"ip_hash",
181 "path": "/aai/v11/network"
184 "serviceName": "_aai-network",
186 "url": "/aai/v12/network",
190 "lb_policy":"ip_hash",
192 "path": "/aai/v12/network"
195 "serviceName": "_aai-network",
197 "url": "/aai/v13/network",
201 "lb_policy":"ip_hash",
203 "path": "/aai/v13/network"
206 "serviceName": "_aai-externalSystem",
208 "url": "/aai/v11/external-system",
212 "lb_policy":"ip_hash",
214 "path": "/aai/v11/external-system"
217 "serviceName": "_aai-externalSystem",
219 "url": "/aai/v12/external-system",
223 "lb_policy":"ip_hash",
225 "path": "/aai/v12/external-system"
228 "serviceName": "_aai-externalSystem",
230 "url": "/aai/v13/external-system",
234 "lb_policy":"ip_hash",
236 "path": "/aai/v13/external-system"
239 "serviceName": "aai-cloudInfrastructure",
241 "url": "/aai/v11/cloud-infrastructure",
245 "lb_policy":"ip_hash",
249 "serviceName": "aai-cloudInfrastructure",
251 "url": "/aai/v12/cloud-infrastructure",
255 "lb_policy":"ip_hash",
259 "serviceName": "aai-cloudInfrastructure",
261 "url": "/aai/v13/cloud-infrastructure",
265 "lb_policy":"ip_hash",
269 "serviceName": "aai-business",
271 "url": "/aai/v11/business",
275 "lb_policy":"ip_hash",
279 "serviceName": "aai-business",
281 "url": "/aai/v12/business",
285 "lb_policy":"ip_hash",
289 "serviceName": "aai-business",
291 "url": "/aai/v13/business",
295 "lb_policy":"ip_hash",
299 "serviceName": "aai-actions",
301 "url": "/aai/v11/actions",
305 "lb_policy":"ip_hash",
309 "serviceName": "aai-actions",
311 "url": "/aai/v12/actions",
315 "lb_policy":"ip_hash",
319 "serviceName": "aai-actions",
321 "url": "/aai/v13/actions",
325 "lb_policy":"ip_hash",
329 "serviceName": "aai-service-design-and-creation",
331 "url": "/aai/v11/service-design-and-creation",
335 "lb_policy":"ip_hash",
339 "serviceName": "aai-service-design-and-creation",
341 "url": "/aai/v12/service-design-and-creation",
345 "lb_policy":"ip_hash",
349 "serviceName": "aai-service-design-and-creation",
351 "url": "/aai/v13/service-design-and-creation",
355 "lb_policy":"ip_hash",
359 "serviceName": "aai-network",
361 "url": "/aai/v11/network",
365 "lb_policy":"ip_hash",
369 "serviceName": "aai-network",
371 "url": "/aai/v12/network",
375 "lb_policy":"ip_hash",
379 "serviceName": "aai-network",
381 "url": "/aai/v13/network",
385 "lb_policy":"ip_hash",
389 "serviceName": "aai-externalSystem",
391 "url": "/aai/v11/external-system",
395 "lb_policy":"ip_hash",
399 "serviceName": "aai-externalSystem",
401 "url": "/aai/v12/external-system",
405 "lb_policy":"ip_hash",
409 "serviceName": "aai-externalSystem",
411 "url": "/aai/v13/external-system",
415 "lb_policy":"ip_hash",
420 hostname: aai-resources
421 {{ if .Values.global.initContainers.enabled }}
422 {{ if .Values.global.installSidecarSecurity }}
424 - ip: {{ .Values.global.aaf.serverIp }}
426 - {{ .Values.global.aaf.serverHostname }}
430 {{ if .Values.global.jobs.createSchema.enabled }}
431 - /root/job_complete.py
434 - {{ .Release.Name }}-aai-graphadmin-create-db-schema
446 fieldPath: metadata.namespace
447 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
448 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
449 name: {{ include "common.name" . }}-readiness
450 {{ if .Values.global.installSidecarSecurity }}
451 - name: {{ .Values.global.tproxyConfig.name }}
452 image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
453 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
459 - name: {{ include "common.name" . }}
460 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
461 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
463 - name: LOCAL_USER_ID
464 value: {{ .Values.global.config.userId | quote }}
465 - name: LOCAL_GROUP_ID
466 value: {{ .Values.global.config.groupId | quote }}
468 - mountPath: /etc/localtime
471 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
472 name: {{ include "common.fullname" . }}-db-real-conf
473 subPath: janusgraph-realtime.properties
474 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
475 name: {{ include "common.fullname" . }}-db-cached-conf
476 subPath: janusgraph-cached.properties
477 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
478 name: {{ include "common.fullname" . }}-aaiconfig-conf
479 subPath: aaiconfig.properties
480 - mountPath: /opt/aai/logroot/AAI-RES
481 name: {{ include "common.fullname" . }}-logs
482 - mountPath: /opt/app/aai-resources/resources/logback.xml
483 name: {{ include "common.fullname" . }}-log-conf
485 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
486 name: {{ include "common.fullname" . }}-localhost-access-log-conf
487 subPath: localhost-access-logback.xml
488 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
489 name: {{ include "common.fullname" . }}-realm-conf
490 subPath: realm.properties
491 {{ if .Values.global.installSidecarSecurity }}
492 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
493 name: {{ include "common.fullname" . }}-aai-policy
494 subPath: aai_policy.json
496 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
497 name: {{ include "common.fullname" . }}-aaf-certs
498 subPath: org.onap.aai.keyfile
499 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
500 name: {{ include "common.fullname" . }}-aaf-certs
501 subPath: bath_config.csv
502 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
503 name: {{ include "common.fullname" . }}-aaf-properties
504 subPath: org.onap.aai.props
505 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
506 name: {{ include "common.fullname" . }}-aaf-properties
507 subPath: org.osaaf.location.props
508 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
509 name: {{ include "common.fullname" . }}-aaf-properties
510 subPath: permissions.properties
511 - mountPath: /opt/app/aai-resources/resources/cadi.properties
512 name: {{ include "common.fullname" . }}-aaf-properties
513 subPath: cadi.properties
514 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
515 name: {{ include "common.fullname" . }}-aaf-certs
516 subPath: org.onap.aai.p12
517 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
518 name: {{ include "common.fullname" . }}-aaf-certs
519 subPath: truststoreONAPall.jks
520 - mountPath: /opt/app/aai-resources/resources/application.properties
521 name: {{ include "common.fullname" . }}-springapp-conf
522 subPath: application.properties
524 {{ range $job := .Values.global.config.auth.files }}
525 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
526 name: {{ include "common.fullname" $global }}-auth-truststore-sec
530 - containerPort: {{ .Values.service.internalPort }}
531 - containerPort: {{ .Values.service.internalPort2 }}
532 # disable liveness probe when breakpoints set in debugger
533 # so K8s doesn't restart unresponsive container
534 {{ if .Values.liveness.enabled }}
537 port: {{ .Values.service.internalPort }}
538 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
539 periodSeconds: {{ .Values.liveness.periodSeconds }}
543 port: {{ .Values.service.internalPort }}
544 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
545 periodSeconds: {{ .Values.readiness.periodSeconds }}
547 {{ include "common.resources" . | indent 12 }}
548 {{- if .Values.nodeSelector }}
550 {{ toYaml .Values.nodeSelector | indent 8 }}
552 {{- if .Values.affinity }}
554 {{ toYaml .Values.affinity | indent 8 }}
557 # side car containers
558 - name: filebeat-onap
559 image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
560 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
562 - mountPath: /usr/share/filebeat/filebeat.yml
563 subPath: filebeat.yml
565 - mountPath: /var/log/onap
566 name: {{ include "common.fullname" . }}-logs
567 - mountPath: /usr/share/filebeat/data
568 name: {{ include "common.fullname" . }}-filebeat
569 {{ if .Values.global.installSidecarSecurity }}
570 - name: {{ .Values.global.rproxy.name }}
571 image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
572 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
575 value: "/opt/app/rproxy/config"
576 - name: KEY_STORE_PASSWORD
577 value: {{ .Values.sidecar.keyStorePassword }}
578 - name: spring_profiles_active
579 value: {{ .Values.global.rproxy.activeSpringProfiles }}
581 - name: {{ include "common.fullname" . }}-rproxy-config
582 mountPath: /opt/app/rproxy/config/forward-proxy.properties
583 subPath: forward-proxy.properties
584 - name: {{ include "common.fullname" . }}-rproxy-config
585 mountPath: /opt/app/rproxy/config/primary-service.properties
586 subPath: primary-service.properties
587 - name: {{ include "common.fullname" . }}-rproxy-config
588 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
589 subPath: reverse-proxy.properties
590 - name: {{ include "common.fullname" . }}-rproxy-config
591 mountPath: /opt/app/rproxy/config/cadi.properties
592 subPath: cadi.properties
593 - name: {{ include "common.fullname" . }}-rproxy-log-config
594 mountPath: /opt/app/rproxy/config/logback-spring.xml
595 subPath: logback-spring.xml
596 - name: {{ include "common.fullname" . }}-rproxy-auth-config
597 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
598 subPath: tomcat_keystore
599 - name: {{ include "common.fullname" . }}-rproxy-auth-config
600 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
601 subPath: client-cert.p12
602 - name: {{ include "common.fullname" . }}-rproxy-auth-config
603 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
604 subPath: uri-authorization.json
605 - name: {{ include "common.fullname" . }}-rproxy-auth-config
606 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
607 subPath: aaf_truststore.jks
608 - name: {{ include "common.fullname" . }}-rproxy-security-config
609 mountPath: /opt/app/rproxy/config/security/keyfile
611 - name: {{ include "common.fullname" . }}-rproxy-auth-config
612 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
613 subPath: org.onap.aai.p12
615 - containerPort: {{ .Values.global.rproxy.port }}
617 - name: {{ .Values.global.fproxy.name }}
618 image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
619 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
622 value: "/opt/app/fproxy/config"
623 - name: KEY_STORE_PASSWORD
624 value: {{ .Values.sidecar.keyStorePassword }}
625 - name: TRUST_STORE_PASSWORD
626 value: {{ .Values.sidecar.trustStorePassword }}
627 - name: spring_profiles_active
628 value: {{ .Values.global.fproxy.activeSpringProfiles }}
630 - name: {{ include "common.fullname" . }}-fproxy-config
631 mountPath: /opt/app/fproxy/config/fproxy.properties
632 subPath: fproxy.properties
633 - name: {{ include "common.fullname" . }}-fproxy-log-config
634 mountPath: /opt/app/fproxy/config/logback-spring.xml
635 subPath: logback-spring.xml
636 - name: {{ include "common.fullname" . }}-fproxy-auth-config
637 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
638 subPath: fproxy_truststore
639 - name: {{ include "common.fullname" . }}-fproxy-auth-config
640 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
641 subPath: tomcat_keystore
642 - name: {{ include "common.fullname" . }}-fproxy-auth-config
643 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
644 subPath: client-cert.p12
646 - containerPort: {{ .Values.global.fproxy.port }}
653 - name: filebeat-conf
656 - name: {{ include "common.fullname" . }}-logs
658 - name: {{ include "common.fullname" . }}-filebeat
660 - name: {{ include "common.fullname" . }}-log-conf
662 name: {{ include "common.fullname" . }}-log
663 - name: {{ include "common.fullname" . }}-localhost-access-log-conf
665 name: {{ include "common.fullname" . }}-localhost-access-log-configmap
666 - name: {{ include "common.fullname" . }}-db-real-conf
668 name: {{ include "common.fullname" . }}-db-real-configmap
669 - name: {{ include "common.fullname" . }}-db-cached-conf
671 name: {{ include "common.fullname" . }}-db-cached-configmap
672 - name: {{ include "common.fullname" . }}-aaiconfig-conf
674 name: {{ include "common.fullname" . }}-aaiconfig-configmap
675 - name: {{ include "common.fullname" . }}-aaf-properties
677 name: {{ include "common.fullname" . }}-aaf-props
678 - name: {{ include "common.fullname" . }}-aaf-certs
680 secretName: {{ include "common.fullname" . }}-aaf-keys
681 - name: {{ include "common.fullname" . }}-springapp-conf
683 name: {{ include "common.fullname" . }}-springapp-configmap
684 - name: {{ include "common.fullname" . }}-realm-conf
686 name: {{ include "common.fullname" . }}-realm-configmap
687 - name: {{ include "common.fullname" . }}-auth-truststore-sec
689 secretName: aai-auth-truststore-secret
691 {{ range $job := .Values.global.config.auth.files }}
695 {{ if .Values.global.installSidecarSecurity }}
696 - name: {{ include "common.fullname" . }}-aai-policy
698 name: {{ include "common.fullname" . }}-aai-policy-configmap
699 - name: {{ include "common.fullname" . }}-rproxy-config
701 name: {{ include "common.fullname" . }}-rproxy-config
702 - name: {{ include "common.fullname" . }}-rproxy-log-config
704 name: {{ include "common.fullname" . }}-rproxy-log-config
705 - name: {{ include "common.fullname" . }}-rproxy-auth-config
707 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
708 - name: {{ include "common.fullname" . }}-rproxy-security-config
710 secretName: {{ include "common.fullname" . }}-rproxy-security-config
711 - name: {{ include "common.fullname" . }}-fproxy-config
713 name: {{ include "common.fullname" . }}-fproxy-config
714 - name: {{ include "common.fullname" . }}-fproxy-log-config
716 name: {{ include "common.fullname" . }}-fproxy-log-config
717 - name: {{ include "common.fullname" . }}-fproxy-auth-config
719 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
721 restartPolicy: {{ .Values.restartPolicy }}
723 - name: "{{ include "common.namespace" . }}-docker-registry-key"