[SO] update cnf-adapter

[oom.git] / kubernetes / aai / templates / deployment.yaml

diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index dc0dad8..160d8cf 100644 (file)
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -18,19 +18,13 @@
 
 apiVersion: apps/v1
 kind: Deployment
 
 apiVersion: apps/v1
 kind: Deployment

-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}

 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}

+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}

   strategy:
     type: {{ .Values.updateStrategy.type }}
     {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
   strategy:
     type: {{ .Values.updateStrategy.type }}
     {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}


@@ -39,90 +33,68 @@ spec:
       maxSurge: {{ .Values.updateStrategy.maxSurge }}
     {{- end }}
   template:
       maxSurge: {{ .Values.updateStrategy.maxSurge }}
     {{- end }}
   template:

-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-      name: {{ include "common.release" . }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}

     spec:
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
     spec:
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}

+      {{ include "common.podSecurityContext" . | indent 6 | trim }}

       initContainers:
       initContainers:

-      - command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - aai-resources
-        - --container-name
-        - aai-traversal
-        - --container-name
-        - aai-graphadmin
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
+      - command: ["/bin/sh","-c"]
+        args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
+        image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'

         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}

-        name: {{ include "common.name" . }}-readiness
+        name: copy-haproxy-config

         resources:
         resources:

-          requests:
-            memory: {{ .Values.haproxy.initContainers.resources.memory }}
-            cpu: {{ .Values.haproxy.initContainers.resources.cpu }}

           limits:
           limits:

-            memory: {{ .Values.haproxy.initContainers.resources.memory }}
-            cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
+            cpu: 100m
+            memory: 200Mi
+          requests:
+            cpu: 2m
+            memory: 100Mi
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /usr/local/etc/haproxy_rw
+          name: haproxy-etc

       containers:
       - name: {{ include "common.name" . }}
       containers:
       - name: {{ include "common.name" . }}

-        image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
+        image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'

         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:

-        - mountPath: /etc/localtime
-          name: localtime
+        - mountPath: /usr/local/etc/haproxy
+          name: haproxy-etc
+        - mountPath: /usr/local/etc/haproxy/resolvers.conf
+          name: haproxy-config
+          subPath: resolvers.conf

           readOnly: true
           readOnly: true

-        - mountPath: /dev/log
-          name: aai-service-log

         - mountPath: /usr/local/etc/haproxy/haproxy.cfg
         {{ if .Values.global.installSidecarSecurity }}
           subPath: haproxy-pluggable-security.cfg
         {{ else }}
           subPath: haproxy.cfg
         {{ end }}
         - mountPath: /usr/local/etc/haproxy/haproxy.cfg
         {{ if .Values.global.installSidecarSecurity }}
           subPath: haproxy-pluggable-security.cfg
         {{ else }}
           subPath: haproxy.cfg
         {{ end }}

-          name: haproxy-cfg
+          name: haproxy-config

         ports:
         - containerPort: {{ .Values.service.internalPort }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}

-        - containerPort: {{ .Values.service.internalPlainPort }}
+          name: {{ .Values.service.portName }}

         - containerPort: {{ .Values.metricsService.internalPort }}
         - containerPort: {{ .Values.metricsService.internalPort }}

+          name: {{ .Values.metricsService.portName }}

         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:

-            port: {{ .Values.service.internalPlainPort }}
+            port: {{ .Values.service.internalPort }}

           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}

+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        resources: {{ include "common.resources" . | nindent 10 }}

         readinessProbe:
         readinessProbe:

-          httpGet:
-            path: /aai/util/echo
-            port: {{ .Values.service.internalPlainPort }}
-            scheme: HTTP
-            httpHeaders:
-            - name: X-FromAppId
-              value: OOM_ReadinessCheck
-      {{ if .Values.global.installSidecarSecurity }}
-            - name: Authorization
-              value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
-      {{ end }}
-            - name: X-TransactionId
-              value: OOM_ReadinessCheck_TID
-            - name: Accept
-              value: application/json

           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}

-        resources: {{ include "common.resources" . | nindent 10 }}
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}

       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}


@@ -133,14 +105,10 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:

-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: aai-service-log
-          hostPath:
-            path: "/dev/log"
-        - name: haproxy-cfg
-          configMap:
-            name: aai-deployment-configmap
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: haproxy-config
+        configMap:
+          name: aai-deployment-configmap
+      - name: haproxy-etc
+        emptyDir:
+          sizeLimit: {{ .Values.volumes.haProxySizeLimit }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}