1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018 AT&T
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 apiVersion: extensions/v1beta1
19 name: {{ include "common.fullname" . }}
20 namespace: {{ include "common.namespace" . }}
22 app: {{ include "common.name" . }}
23 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
27 replicas: {{ .Values.replicaCount }}
30 app: {{ include "common.name" . }}
34 app: {{ include "common.name" . }}
35 release: {{ .Release.Name }}
36 name: {{ include "common.name" . }}
38 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
39 msb.onap.org/service-info: '[
41 "serviceName": "_aai-cloudInfrastructure",
43 "url": "/aai/v11/cloud-infrastructure",
47 "lb_policy":"ip_hash",
49 "path": "/aai/v11/cloud-infrastructure"
52 "serviceName": "_aai-cloudInfrastructure",
54 "url": "/aai/v12/cloud-infrastructure",
58 "lb_policy":"ip_hash",
60 "path": "/aai/v12/cloud-infrastructure"
63 "serviceName": "_aai-cloudInfrastructure",
65 "url": "/aai/v13/cloud-infrastructure",
69 "lb_policy":"ip_hash",
71 "path": "/aai/v13/cloud-infrastructure"
74 "serviceName": "_aai-cloudInfrastructure",
76 "url": "/aai/v14/cloud-infrastructure",
80 "lb_policy":"ip_hash",
82 "path": "/aai/v14/cloud-infrastructure"
85 "serviceName": "_aai-business",
87 "url": "/aai/v11/business",
91 "lb_policy":"ip_hash",
93 "path": "/aai/v11/business"
96 "serviceName": "_aai-business",
98 "url": "/aai/v12/business",
102 "lb_policy":"ip_hash",
104 "path": "/aai/v12/business"
107 "serviceName": "_aai-business",
109 "url": "/aai/v13/business",
113 "lb_policy":"ip_hash",
115 "path": "/aai/v13/business"
118 "serviceName": "_aai-business",
120 "url": "/aai/v14/business",
124 "lb_policy":"ip_hash",
126 "path": "/aai/v14/business"
129 "serviceName": "_aai-actions",
131 "url": "/aai/v11/actions",
135 "lb_policy":"ip_hash",
137 "path": "/aai/v11/actions"
140 "serviceName": "_aai-actions",
142 "url": "/aai/v12/actions",
146 "lb_policy":"ip_hash",
148 "path": "/aai/v12/actions"
151 "serviceName": "_aai-actions",
153 "url": "/aai/v13/actions",
157 "lb_policy":"ip_hash",
159 "path": "/aai/v13/actions"
162 "serviceName": "_aai-actions",
164 "url": "/aai/v14/actions",
168 "lb_policy":"ip_hash",
170 "path": "/aai/v14/actions"
173 "serviceName": "_aai-service-design-and-creation",
175 "url": "/aai/v11/service-design-and-creation",
179 "lb_policy":"ip_hash",
181 "path": "/aai/v11/service-design-and-creation"
184 "serviceName": "_aai-service-design-and-creation",
186 "url": "/aai/v12/service-design-and-creation",
190 "lb_policy":"ip_hash",
192 "path": "/aai/v12/service-design-and-creation"
195 "serviceName": "_aai-service-design-and-creation",
197 "url": "/aai/v13/service-design-and-creation",
201 "lb_policy":"ip_hash",
203 "path": "/aai/v13/service-design-and-creation"
206 "serviceName": "_aai-service-design-and-creation",
208 "url": "/aai/v14/service-design-and-creation",
212 "lb_policy":"ip_hash",
214 "path": "/aai/v14/service-design-and-creation"
217 "serviceName": "_aai-network",
219 "url": "/aai/v11/network",
223 "lb_policy":"ip_hash",
225 "path": "/aai/v11/network"
228 "serviceName": "_aai-network",
230 "url": "/aai/v12/network",
234 "lb_policy":"ip_hash",
236 "path": "/aai/v12/network"
239 "serviceName": "_aai-network",
241 "url": "/aai/v13/network",
245 "lb_policy":"ip_hash",
247 "path": "/aai/v13/network"
250 "serviceName": "_aai-network",
252 "url": "/aai/v14/network",
256 "lb_policy":"ip_hash",
258 "path": "/aai/v14/network"
261 "serviceName": "_aai-externalSystem",
263 "url": "/aai/v11/external-system",
267 "lb_policy":"ip_hash",
269 "path": "/aai/v11/external-system"
272 "serviceName": "_aai-externalSystem",
274 "url": "/aai/v12/external-system",
278 "lb_policy":"ip_hash",
280 "path": "/aai/v12/external-system"
283 "serviceName": "_aai-externalSystem",
285 "url": "/aai/v13/external-system",
289 "lb_policy":"ip_hash",
291 "path": "/aai/v13/external-system"
294 "serviceName": "_aai-externalSystem",
296 "url": "/aai/v14/external-system",
300 "lb_policy":"ip_hash",
302 "path": "/aai/v14/external-system"
305 "serviceName": "aai-cloudInfrastructure",
307 "url": "/aai/v11/cloud-infrastructure",
311 "lb_policy":"ip_hash",
315 "serviceName": "aai-cloudInfrastructure",
317 "url": "/aai/v12/cloud-infrastructure",
321 "lb_policy":"ip_hash",
325 "serviceName": "aai-cloudInfrastructure",
327 "url": "/aai/v13/cloud-infrastructure",
331 "lb_policy":"ip_hash",
335 "serviceName": "aai-cloudInfrastructure",
337 "url": "/aai/v14/cloud-infrastructure",
341 "lb_policy":"ip_hash",
345 "serviceName": "aai-business",
347 "url": "/aai/v11/business",
351 "lb_policy":"ip_hash",
355 "serviceName": "aai-business",
357 "url": "/aai/v12/business",
361 "lb_policy":"ip_hash",
365 "serviceName": "aai-business",
367 "url": "/aai/v13/business",
371 "lb_policy":"ip_hash",
375 "serviceName": "aai-business",
377 "url": "/aai/v14/business",
381 "lb_policy":"ip_hash",
385 "serviceName": "aai-actions",
387 "url": "/aai/v11/actions",
391 "lb_policy":"ip_hash",
395 "serviceName": "aai-actions",
397 "url": "/aai/v12/actions",
401 "lb_policy":"ip_hash",
405 "serviceName": "aai-actions",
407 "url": "/aai/v13/actions",
411 "lb_policy":"ip_hash",
415 "serviceName": "aai-actions",
417 "url": "/aai/v14/actions",
421 "lb_policy":"ip_hash",
425 "serviceName": "aai-service-design-and-creation",
427 "url": "/aai/v11/service-design-and-creation",
431 "lb_policy":"ip_hash",
435 "serviceName": "aai-service-design-and-creation",
437 "url": "/aai/v12/service-design-and-creation",
441 "lb_policy":"ip_hash",
445 "serviceName": "aai-service-design-and-creation",
447 "url": "/aai/v13/service-design-and-creation",
451 "lb_policy":"ip_hash",
455 "serviceName": "aai-service-design-and-creation",
457 "url": "/aai/v14/service-design-and-creation",
461 "lb_policy":"ip_hash",
465 "serviceName": "aai-network",
467 "url": "/aai/v11/network",
471 "lb_policy":"ip_hash",
475 "serviceName": "aai-network",
477 "url": "/aai/v12/network",
481 "lb_policy":"ip_hash",
485 "serviceName": "aai-network",
487 "url": "/aai/v13/network",
491 "lb_policy":"ip_hash",
495 "serviceName": "aai-network",
497 "url": "/aai/v14/network",
501 "lb_policy":"ip_hash",
505 "serviceName": "aai-externalSystem",
507 "url": "/aai/v11/external-system",
511 "lb_policy":"ip_hash",
515 "serviceName": "aai-externalSystem",
517 "url": "/aai/v12/external-system",
521 "lb_policy":"ip_hash",
525 "serviceName": "aai-externalSystem",
527 "url": "/aai/v13/external-system",
531 "lb_policy":"ip_hash",
535 "serviceName": "aai-externalSystem",
537 "url": "/aai/v14/external-system",
541 "lb_policy":"ip_hash",
546 hostname: aai-resources
547 {{ if .Values.global.initContainers.enabled }}
548 {{ if .Values.global.installSidecarSecurity }}
550 - ip: {{ .Values.global.aaf.serverIp }}
552 - {{ .Values.global.aaf.serverHostname }}
556 {{ if .Values.global.jobs.createSchema.enabled }}
557 - /root/job_complete.py
560 - {{ .Release.Name }}-aai-graphadmin-create-db-schema
572 fieldPath: metadata.namespace
573 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
574 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
575 name: {{ include "common.name" . }}-readiness
576 {{ if .Values.global.installSidecarSecurity }}
577 - name: {{ .Values.global.tproxyConfig.name }}
578 image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
579 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
585 - name: {{ include "common.name" . }}
586 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
587 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
589 - name: LOCAL_USER_ID
590 value: {{ .Values.global.config.userId | quote }}
591 - name: LOCAL_GROUP_ID
592 value: {{ .Values.global.config.groupId | quote }}
594 - mountPath: /etc/localtime
597 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
598 name: {{ include "common.fullname" . }}-db-real-conf
599 subPath: janusgraph-realtime.properties
600 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
601 name: {{ include "common.fullname" . }}-db-cached-conf
602 subPath: janusgraph-cached.properties
603 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
604 name: {{ include "common.fullname" . }}-aaiconfig-conf
605 subPath: aaiconfig.properties
606 - mountPath: /opt/aai/logroot/AAI-RES
607 name: {{ include "common.fullname" . }}-logs
608 - mountPath: /opt/app/aai-resources/resources/logback.xml
609 name: {{ include "common.fullname" . }}-log-conf
611 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
612 name: {{ include "common.fullname" . }}-localhost-access-log-conf
613 subPath: localhost-access-logback.xml
614 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
615 name: {{ include "common.fullname" . }}-realm-conf
616 subPath: realm.properties
617 {{ if .Values.global.installSidecarSecurity }}
618 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
619 name: {{ include "common.fullname" . }}-aai-policy
620 subPath: aai_policy.json
622 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
623 name: {{ include "common.fullname" . }}-aaf-certs
624 subPath: org.onap.aai.keyfile
625 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
626 name: {{ include "common.fullname" . }}-aaf-certs
627 subPath: bath_config.csv
628 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
629 name: {{ include "common.fullname" . }}-aaf-properties
630 subPath: org.onap.aai.props
631 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
632 name: {{ include "common.fullname" . }}-aaf-properties
633 subPath: org.osaaf.location.props
634 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
635 name: {{ include "common.fullname" . }}-aaf-properties
636 subPath: permissions.properties
637 - mountPath: /opt/app/aai-resources/resources/cadi.properties
638 name: {{ include "common.fullname" . }}-aaf-properties
639 subPath: cadi.properties
640 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
641 name: {{ include "common.fullname" . }}-aaf-certs
642 subPath: org.onap.aai.p12
643 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
644 name: {{ include "common.fullname" . }}-aaf-certs
645 subPath: truststoreONAPall.jks
646 - mountPath: /opt/app/aai-resources/resources/application.properties
647 name: {{ include "common.fullname" . }}-springapp-conf
648 subPath: application.properties
650 {{ range $job := .Values.global.config.auth.files }}
651 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
652 name: {{ include "common.fullname" $global }}-auth-truststore-sec
656 - containerPort: {{ .Values.service.internalPort }}
657 - containerPort: {{ .Values.service.internalPort2 }}
658 # disable liveness probe when breakpoints set in debugger
659 # so K8s doesn't restart unresponsive container
660 {{ if .Values.liveness.enabled }}
663 port: {{ .Values.service.internalPort }}
664 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
665 periodSeconds: {{ .Values.liveness.periodSeconds }}
669 port: {{ .Values.service.internalPort }}
670 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
671 periodSeconds: {{ .Values.readiness.periodSeconds }}
673 {{ include "common.resources" . | indent 12 }}
674 {{- if .Values.nodeSelector }}
676 {{ toYaml .Values.nodeSelector | indent 8 }}
678 {{- if .Values.affinity }}
680 {{ toYaml .Values.affinity | indent 8 }}
683 # side car containers
684 - name: filebeat-onap
685 image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
686 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
688 - mountPath: /usr/share/filebeat/filebeat.yml
689 subPath: filebeat.yml
691 - mountPath: /var/log/onap
692 name: {{ include "common.fullname" . }}-logs
693 - mountPath: /usr/share/filebeat/data
694 name: {{ include "common.fullname" . }}-filebeat
695 {{ if .Values.global.installSidecarSecurity }}
696 - name: {{ .Values.global.rproxy.name }}
697 image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
698 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
701 value: "/opt/app/rproxy/config"
702 - name: KEY_STORE_PASSWORD
703 value: {{ .Values.sidecar.keyStorePassword }}
704 - name: spring_profiles_active
705 value: {{ .Values.global.rproxy.activeSpringProfiles }}
707 - name: {{ include "common.fullname" . }}-rproxy-config
708 mountPath: /opt/app/rproxy/config/forward-proxy.properties
709 subPath: forward-proxy.properties
710 - name: {{ include "common.fullname" . }}-rproxy-config
711 mountPath: /opt/app/rproxy/config/primary-service.properties
712 subPath: primary-service.properties
713 - name: {{ include "common.fullname" . }}-rproxy-config
714 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
715 subPath: reverse-proxy.properties
716 - name: {{ include "common.fullname" . }}-rproxy-config
717 mountPath: /opt/app/rproxy/config/cadi.properties
718 subPath: cadi.properties
719 - name: {{ include "common.fullname" . }}-rproxy-log-config
720 mountPath: /opt/app/rproxy/config/logback-spring.xml
721 subPath: logback-spring.xml
722 - name: {{ include "common.fullname" . }}-rproxy-auth-config
723 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
724 subPath: tomcat_keystore
725 - name: {{ include "common.fullname" . }}-rproxy-auth-config
726 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
727 subPath: client-cert.p12
728 - name: {{ include "common.fullname" . }}-rproxy-auth-config
729 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
730 subPath: uri-authorization.json
731 - name: {{ include "common.fullname" . }}-rproxy-auth-config
732 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
733 subPath: aaf_truststore.jks
734 - name: {{ include "common.fullname" . }}-rproxy-security-config
735 mountPath: /opt/app/rproxy/config/security/keyfile
737 - name: {{ include "common.fullname" . }}-rproxy-auth-config
738 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
739 subPath: org.onap.aai.p12
741 - containerPort: {{ .Values.global.rproxy.port }}
743 - name: {{ .Values.global.fproxy.name }}
744 image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
745 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
748 value: "/opt/app/fproxy/config"
749 - name: KEY_STORE_PASSWORD
750 value: {{ .Values.sidecar.keyStorePassword }}
751 - name: TRUST_STORE_PASSWORD
752 value: {{ .Values.sidecar.trustStorePassword }}
753 - name: spring_profiles_active
754 value: {{ .Values.global.fproxy.activeSpringProfiles }}
756 - name: {{ include "common.fullname" . }}-fproxy-config
757 mountPath: /opt/app/fproxy/config/fproxy.properties
758 subPath: fproxy.properties
759 - name: {{ include "common.fullname" . }}-fproxy-log-config
760 mountPath: /opt/app/fproxy/config/logback-spring.xml
761 subPath: logback-spring.xml
762 - name: {{ include "common.fullname" . }}-fproxy-auth-config
763 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
764 subPath: fproxy_truststore
765 - name: {{ include "common.fullname" . }}-fproxy-auth-config
766 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
767 subPath: tomcat_keystore
768 - name: {{ include "common.fullname" . }}-fproxy-auth-config
769 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
770 subPath: client-cert.p12
772 - containerPort: {{ .Values.global.fproxy.port }}
779 - name: filebeat-conf
782 - name: {{ include "common.fullname" . }}-logs
784 - name: {{ include "common.fullname" . }}-filebeat
786 - name: {{ include "common.fullname" . }}-log-conf
788 name: {{ include "common.fullname" . }}-log
789 - name: {{ include "common.fullname" . }}-localhost-access-log-conf
791 name: {{ include "common.fullname" . }}-localhost-access-log-configmap
792 - name: {{ include "common.fullname" . }}-db-real-conf
794 name: {{ include "common.fullname" . }}-db-real-configmap
795 - name: {{ include "common.fullname" . }}-db-cached-conf
797 name: {{ include "common.fullname" . }}-db-cached-configmap
798 - name: {{ include "common.fullname" . }}-aaiconfig-conf
800 name: {{ include "common.fullname" . }}-aaiconfig-configmap
801 - name: {{ include "common.fullname" . }}-aaf-properties
803 name: {{ include "common.fullname" . }}-aaf-props
804 - name: {{ include "common.fullname" . }}-aaf-certs
806 secretName: {{ include "common.fullname" . }}-aaf-keys
807 - name: {{ include "common.fullname" . }}-springapp-conf
809 name: {{ include "common.fullname" . }}-springapp-configmap
810 - name: {{ include "common.fullname" . }}-realm-conf
812 name: {{ include "common.fullname" . }}-realm-configmap
813 - name: {{ include "common.fullname" . }}-auth-truststore-sec
815 secretName: aai-auth-truststore-secret
817 {{ range $job := .Values.global.config.auth.files }}
821 {{ if .Values.global.installSidecarSecurity }}
822 - name: {{ include "common.fullname" . }}-aai-policy
824 name: {{ include "common.fullname" . }}-aai-policy-configmap
825 - name: {{ include "common.fullname" . }}-rproxy-config
827 name: {{ include "common.fullname" . }}-rproxy-config
828 - name: {{ include "common.fullname" . }}-rproxy-log-config
830 name: {{ include "common.fullname" . }}-rproxy-log-config
831 - name: {{ include "common.fullname" . }}-rproxy-auth-config
833 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
834 - name: {{ include "common.fullname" . }}-rproxy-security-config
836 secretName: {{ include "common.fullname" . }}-rproxy-security-config
837 - name: {{ include "common.fullname" . }}-fproxy-config
839 name: {{ include "common.fullname" . }}-fproxy-config
840 - name: {{ include "common.fullname" . }}-fproxy-log-config
842 name: {{ include "common.fullname" . }}-fproxy-log-config
843 - name: {{ include "common.fullname" . }}-fproxy-auth-config
845 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
847 restartPolicy: {{ .Values.restartPolicy }}
849 - name: "{{ include "common.namespace" . }}-docker-registry-key"