#============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: replicas: 1 template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: # host alias allows local 'cfy' command to use https and match # the host name in the certificate hostAliases: - ip: "127.0.0.1" hostnames: - "dcae-cloudify-manager" initContainers: - name: {{ include "common.name" . }}-multisite-init image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --namespace - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} restartPolicy: Never - name: init-tls env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - mountPath: /opt/app/osaaf name: tls-info {{- if .Values.persistence.enabled }} - name: remove-lost-found image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /cfy-persist name: cm-persistent command: - /bin/sh args: - -c - "rm -rf '/cfy-persist/lost+found';" {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: REQUESTS_CA_BUNDLE value: "/opt/onap/certs/cacert.pem" resources: {{ include "common.resources" . | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: exec: command: - /scripts/readiness-check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - mountPath: /opt/onap/config.txt subPath: config.txt name: {{ include "common.fullname" .}}-config readOnly: true - mountPath: /opt/onap/kube name: {{ include "common.fullname" .}}-kubeconfig readOnly: true - mountPath: /secret name: dcae-token readOnly: true - mountPath: /sys/fs/cgroup name: {{ include "common.fullname" . }}-cgroup readOnly: true - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /cfy-persist name: cm-persistent - mountPath: /opt/onap/certs name: tls-info securityContext: privileged: True volumes: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" .}}-kubeconfig configMap: name: {{ .Values.multisiteConfigMapName }} - name: dcae-token secret: secretName: dcae-token - name: {{ include "common.fullname" . }}-cgroup hostPath: path: /sys/fs/cgroup - name: localtime hostPath: path: /etc/localtime - name: cm-persistent {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-data {{- else }} emptyDir: {} {{- end }} - emptyDir: {} name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"