[UUI] Update image version 16.0.1 of components of UUI

[oom.git] / kubernetes / dcaegen2-services / common / dcaegen2-services-common / templates / _deployment.tpl

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 9781e33..eefee76 100644 (file)
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -1,7 +1,7 @@
 {{/*
 #============LICENSE_START========================================================
 # ================================================================================
 {{/*
 #============LICENSE_START========================================================
 # ================================================================================

-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.

 # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
 # Copyright (c) 2021 Nokia. All rights reserved.
 # Copyright (c) 2021 Nordix Foundation.
 # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
 # Copyright (c) 2021 Nokia. All rights reserved.
 # Copyright (c) 2021 Nordix Foundation.


@@ -33,7 +33,7 @@ provided to all microservices.
 The template expects a single argument, pointing to the caller's global context.
 
 Microservice-specific environment variables can be specified in two ways:
 The template expects a single argument, pointing to the caller's global context.
 
 Microservice-specific environment variables can be specified in two ways:

-  1. As literal string values.
+  1. As literal string values. (The values can also be Helm template fragments.)

   2. As values that are sourced from a secret, identified by the secret's
      uid and the key within the secret that provides the value.
 
   2. As values that are sourced from a secret, identified by the secret's
      uid and the key within the secret that provides the value.
 


@@ -60,11 +60,19 @@ the the literal string "An example value".
 - name: {{ $envName }}
   value: {{ tpl $envValue $global | quote }}
       {{- else }}
 - name: {{ $envName }}
   value: {{ tpl $envValue $global | quote }}
       {{- else }}

-        {{ if or (not $envValue.secretUid) (not $envValue.key) }}
-          {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
-        {{- end }}
+        {{- if and (hasKey $envValue "externalSecret") ($envValue.externalSecret) }}
+- name: {{ $envName }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ tpl $envValue.externalSecretUid $global | quote }}
+      key: {{ tpl $envValue.key $global | quote }}
+        {{- else }}
+          {{ if or (not $envValue.secretUid) (not $envValue.key) }}
+            {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
+          {{- end }}

 - name: {{ $envName }}
   {{- include "common.secret.envFromSecretFast" (dict "global" $global "uid" $envValue.secretUid "key" $envValue.key) | indent 2 }}
 - name: {{ $envName }}
   {{- include "common.secret.envFromSecretFast" (dict "global" $global "uid" $envValue.secretUid "key" $envValue.key) | indent 2 }}

+        {{- end }}

       {{- end -}}
     {{- end }}
   {{- end }}
       {{- end -}}
     {{- end }}
   {{- end }}


@@ -77,7 +85,7 @@ This template generates a list of volumes associated with the pod,
 based on information provided in .Values.externalVolumes.  This
 template works in conjunction with dcaegen2-services-common._externalVolumeMounts
 to give the microservice access to data in volumes created else.
 based on information provided in .Values.externalVolumes.  This
 template works in conjunction with dcaegen2-services-common._externalVolumeMounts
 to give the microservice access to data in volumes created else.

-This initial implementation supports ConfigMaps only, as this is the only
+This implementation supports ConfigMaps & EmptyDirs only, as this is the only

 external volume mounting required by current microservices.
 
 .Values.externalVolumes is a list of objects.  Each object has 3 required fields and 2 optional fields:
 external volume mounting required by current microservices.
 
 .Values.externalVolumes is a list of objects.  Each object has 3 required fields and 2 optional fields:


@@ -86,7 +94,7 @@ external volume mounting required by current microservices.
      names of resources are sometimes set at deployment time (for instance, to prefix the Helm
      release to the name), the string can be a Helm template fragment that will be expanded at
      deployment time.
      names of resources are sometimes set at deployment time (for instance, to prefix the Helm
      release to the name), the string can be a Helm template fragment that will be expanded at
      deployment time.

-   - type: the type of the resource (in the current implementation, only "ConfigMap" is supported).
+   - type: the type of the resource (in the current implementation, only "ConfigMap" & "emptyDir" is supported).

      The value is a case-INsensitive string.
    - mountPoint: the path to the mount point for the volume in the container file system.  The
      value is a case-sensitive string.
      The value is a case-INsensitive string.
    - mountPoint: the path to the mount point for the volume in the container file system.  The
      value is a case-sensitive string.


@@ -105,7 +113,7 @@ externalVolumes:
     type: configmap
     mountPath: /opt/app/config
   - name: '{{ include "common.release" . }}-another-example'
     type: configmap
     mountPath: /opt/app/config
   - name: '{{ include "common.release" . }}-another-example'

-    type: configmap
+    type: emptyDir

     mountPath: /opt/app/otherconfig
     optional: false
 */}}
     mountPath: /opt/app/otherconfig
     optional: false
 */}}


@@ -113,14 +121,18 @@ externalVolumes:
   {{- $global := . -}}
   {{- if .Values.externalVolumes }}
     {{- range $vol := .Values.externalVolumes }}
   {{- $global := . -}}
   {{- if .Values.externalVolumes }}
     {{- range $vol := .Values.externalVolumes }}

+      {{- $vname := (tpl $vol.name $global) -}}

       {{- if eq (lower $vol.type) "configmap" }}
       {{- if eq (lower $vol.type) "configmap" }}

-        {{- $vname := (tpl $vol.name $global) -}}

         {{- $opt := hasKey $vol "optional" | ternary $vol.optional true }}
 - configMap:
     defaultMode: 420
     name: {{ $vname }}
     optional: {{ $opt }}
   name: {{ $vname }}
         {{- $opt := hasKey $vol "optional" | ternary $vol.optional true }}
 - configMap:
     defaultMode: 420
     name: {{ $vname }}
     optional: {{ $opt }}
   name: {{ $vname }}

+      {{- else if eq (lower $vol.type) "emptydir" }}
+- name: {{ $vname }}
+  emptyDir:
+    sizeLimit: {{ $vol.sizeLimit }}

       {{- end }}
     {{- end }}
   {{- end }}
       {{- end }}
     {{- end }}
   {{- end }}


@@ -133,7 +145,7 @@ This template generates a list of volume mounts for the microservice container,
 based on information provided in .Values.externalVolumes.  This
 template works in conjunction with dcaegen2-services-common._externalVolumes
 to give the microservice access to data in volumes created else.
 based on information provided in .Values.externalVolumes.  This
 template works in conjunction with dcaegen2-services-common._externalVolumes
 to give the microservice access to data in volumes created else.

-This initial implementation supports ConfigMaps only, as this is the only
+This initial implementation supports ConfigMaps & EmptyDirs, as this is the only

 external volume mounting required by current microservices.
 
 See the documentation for dcaegen2-services-common._externalVolumes for
 external volume mounting required by current microservices.
 
 See the documentation for dcaegen2-services-common._externalVolumes for


@@ -144,16 +156,20 @@ the microservice.
   {{- $global := . -}}
   {{- if .Values.externalVolumes }}
     {{- range $vol := .Values.externalVolumes }}
   {{- $global := . -}}
   {{- if .Values.externalVolumes }}
     {{- range $vol := .Values.externalVolumes }}

+      {{- $vname := (tpl $vol.name $global) -}}

       {{- if eq (lower $vol.type) "configmap" }}
       {{- if eq (lower $vol.type) "configmap" }}

-        {{- $vname := (tpl $vol.name $global) -}}

         {{- $readOnly := $vol.readOnly | default false }}
 - mountPath: {{ $vol.mountPath }}
   name: {{ $vname }}
   readOnly: {{ $readOnly }}
         {{- $readOnly := $vol.readOnly | default false }}
 - mountPath: {{ $vol.mountPath }}
   name: {{ $vname }}
   readOnly: {{ $readOnly }}

+      {{- else if eq (lower $vol.type) "emptydir" }}
+- mountPath: {{ $vol.mountPath }}
+  name: {{ $vname }}

       {{- end }}
     {{- end }}
   {{- end }}
 {{- end }}
       {{- end }}
     {{- end }}
   {{- end }}
 {{- end }}

+

 {{/*
 dcaegen2-services-common.microserviceDeployment:
 This template produces a Kubernetes Deployment for a DCAE microservice.
 {{/*
 dcaegen2-services-common.microserviceDeployment:
 This template produces a Kubernetes Deployment for a DCAE microservice.


@@ -173,28 +189,20 @@ The exact content of the Deployment generated from this template
 depends on the content of .Values.
 
 The Deployment always includes a single Pod, with a container that uses
 depends on the content of .Values.
 
 The Deployment always includes a single Pod, with a container that uses

-the DCAE microservice image.
+the DCAE microservice image.  The image name and tag are specified by
+.Values.image.  By default, the image comes from the ONAP repository
+(registry) set up by the common repositoryGenerator template.  A different
+repository for the microservice image can be set using
+.Values.imageRepositoryOverride.   Note that this repository must not
+require authentication, because there is no way to specify credentials for
+the override repository.  imageRepositoryOverride is intended primarily
+for testing purposes.

 
 The Deployment Pod may also include a logging sidecar container.
 The sidecar is included if .Values.log.path is set.  The
 logging sidecar and the DCAE microservice container share a
 volume where the microservice logs are written.
 
 
 The Deployment Pod may also include a logging sidecar container.
 The sidecar is included if .Values.log.path is set.  The
 logging sidecar and the DCAE microservice container share a
 volume where the microservice logs are written.
 

-The Deployment includes an initContainer that checks for the
-readiness of other components that the microservice relies on.
-This container is generated by the "common.readinessCheck.waitfor"
-template.
-
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager.  The information is mounted at the
-mount point specified in .Values.certDirectory.  If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats.  It will also include the AAF CA cert.   If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-

 Deployed POD may also include a Policy-sync sidecar container.
 The sidecar is included if .Values.policies is set.  The
 Policy-sync sidecar polls PolicyEngine (PDP) periodically based
 Deployed POD may also include a Policy-sync sidecar container.
 The sidecar is included if .Values.policies is set.  The
 Policy-sync sidecar polls PolicyEngine (PDP) periodically based


@@ -212,19 +220,41 @@ policies:
   policyRelease: "onap"
   policyID: |
     '["onap.vfirewall.tca","onap.vdns.tca"]'
   policyRelease: "onap"
   policyID: |
     '["onap.vfirewall.tca","onap.vdns.tca"]'

+
+The Deployment includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template. See the documentation for this template
+(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl).
+
+If the microservice uses a DMaaP Data Router (DR) feed, the Deployment
+includes an initContainer that makes provisioning requests to the DMaaP
+bus controller (dmaap-bc) to create the feed and to set up a publisher
+and/or subscriber to the feed.  The Deployment also includes a second
+initContainer that merges the information returned by the provisioning
+process into the microservice's configuration.  See the documentation for
+the common DMaaP provisioning template
+(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
+
+If the microservice uses certificates from an external CMPv2 provider,
+the Deployment will include an initContainer that performs certificate
+post-processing.

 */}}
 
 {{- define "dcaegen2-services-common.microserviceDeployment" -}}
 {{- $log := default dict .Values.log -}}
 {{- $logDir :=  default "" $log.path -}}
 */}}
 
 {{- define "dcaegen2-services-common.microserviceDeployment" -}}
 {{- $log := default dict .Values.log -}}
 {{- $logDir :=  default "" $log.path -}}

-{{- $certDir := default "" .Values.certDirectory . -}}
-{{- $tlsServer := default "" .Values.tlsServer -}}
+{{- $tmp := default dict .Values.tmpDir -}}
+{{- $tmpDir :=  default false $tmp.enabled -}}
+{{- $ves := default false .Values.ves -}}
+{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}}

 {{- $commonRelease :=  print (include "common.release" .) -}}
 {{- $policy := default dict .Values.policies -}}
 {{- $policyRls := default $commonRelease $policy.policyRelease -}}
 {{- $commonRelease :=  print (include "common.release" .) -}}
 {{- $policy := default dict .Values.policies -}}
 {{- $policyRls := default $commonRelease $policy.policyRelease -}}

-{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
+{{- $drNeedProvisioning := or .Values.drFeedConfig .Values.drSubConfig -}}

 {{- $dcaeName := print (include "common.fullname" .) }}
 {{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
 {{- $dcaeName := print (include "common.fullname" .) }}
 {{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}

+{{- $podLabels := default .Values.podLabels .labels -}}

 {{- $dot := . -}}
 apiVersion: apps/v1
 kind: Deployment
 {{- $dot := . -}}
 apiVersion: apps/v1
 kind: Deployment


@@ -233,57 +263,30 @@ spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
   template:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
   template:

+    {{- if $podLabels}}
+    metadata: {{- include "common.templateMetadata" (dict "dot" . "labels" $podLabels) | nindent 6 }}
+    {{- else }}

     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}

+    {{- end }}

     spec:
     spec:

+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}

       initContainers:
       initContainers:

-      {{- if not $drFeedConfig }}
-      - command:
-        - sh
-        args:
-        - -c
-        - |
-        {{- range $var := .Values.customEnvVars }}
-          export {{ $var.name }}="{{ $var.value }}";
-        {{- end }}
-          cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
-        env:
-        {{- range $cred := .Values.credentials }}
-        - name: {{ $cred.name }}
-          {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
-        {{- end }}
-        volumeMounts:
-        - mountPath: /config-input
-          name: app-config-input
-        - mountPath: /config
-          name: app-config
-        image: {{ include "repositoryGenerator.image.envsubst" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
+
+      {{- if $ves }}
+        {{- include "dcaegen2-ves-collector.vesCollectorCopyEtc" . | nindent 6 }}

       {{- end }}
       {{- end }}

-      {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
-      {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
-      {{- if $certDir }}
-      - name: init-tls
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: TLS_SERVER
-          value: {{ $tlsServer | quote }}
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-        resources: {{ include "common.resources" . | nindent 2 }}
-        volumeMounts:
-        - mountPath: /opt/app/osaaf
-          name: tls-info
+      {{- if .Values.readinessCheck }}
+        {{ include "common.readinessCheck.waitFor" . | nindent 6 }}

       {{- end }}
       {{- end }}

+      {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}

       {{ include "dcaegen2-services-common._certPostProcessor" .  | nindent 4 }}
       containers:
       {{ include "dcaegen2-services-common._certPostProcessor" .  | nindent 4 }}
       containers:

-      - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+      - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}

         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}

+        securityContext:
+          {{- toYaml .Values.containerSecurityContext | nindent 10 }}

         env:
         {{- range $cred := .Values.credentials }}
         - name: {{ $cred.name }}
         env:
         {{- range $cred := .Values.credentials }}
         - name: {{ $cred.name }}


@@ -328,12 +331,36 @@ spec:
             {{- end }}
           {{- end }}
         {{- end }}
             {{- end }}
           {{- end }}
         {{- end }}

-        resources: {{ include "common.resources" . | nindent 2 }}
+        {{- if .Values.liveness }}
+        livenessProbe:
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds | default 5 }}
+            periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds | default 1 }}
+            {{- $probeType := .Values.liveness.type | default "httpGet" -}}
+            {{- if eq $probeType "httpGet" }}
+            httpGet:
+             scheme: {{ .Values.liveness.scheme }}
+             path: {{ .Values.liveness.path }}
+             port: {{ .Values.liveness.port }}
+            {{- end }}
+            {{- if eq $probeType "exec" }}
+            exec:
+                command:
+                {{- range $cmd := .Values.liveness.command }}
+                - {{ $cmd }}
+                {{- end }}
+            {{- end }}
+        {{- end }}
+        resources: {{ include "common.resources" . | nindent 10 }}

         volumeMounts:
         - mountPath: /app-config
         volumeMounts:
         - mountPath: /app-config

-          name: app-config
+          name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }}

         - mountPath: /app-config-input
           name: app-config-input
         - mountPath: /app-config-input
           name: app-config-input

+        {{- if $tmpDir }}
+        - mountPath: /tmp
+          name: tmp
+        {{- end }}

         {{- if $logDir }}
         - mountPath: {{ $logDir}}
           name: logs
         {{- if $logDir }}
         - mountPath: {{ $logDir}}
           name: logs


@@ -391,14 +418,10 @@ spec:
         - name: POLICY_SYNC_DURATION
           value: "{{ $policy.duration }}"
         {{- end }}
         - name: POLICY_SYNC_DURATION
           value: "{{ $policy.duration }}"
         {{- end }}

-        resources: {{ include "common.resources" . | nindent 2 }}
+        resources: {{ include "common.resources" . | nindent 10 }}

         volumeMounts:
         - mountPath: /etc/policies
           name: policy-shared
         volumeMounts:
         - mountPath: /etc/policies
           name: policy-shared

-        {{- if $certDir }}
-        - mountPath: /opt/ca-certificates/
-          name: tls-info
-        {{- end }}

       {{- end }}
       hostname: {{ include "common.name" . }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       {{- end }}
       hostname: {{ include "common.name" . }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}


@@ -410,9 +433,15 @@ spec:
       - emptyDir:
           medium: Memory
         name: app-config
       - emptyDir:
           medium: Memory
         name: app-config

+      {{- if $tmpDir }}
+      - name: tmp
+        emptyDir:
+          sizeLimit: 128Mi
+      {{- end }}

       {{- if $logDir }}
       {{- if $logDir }}

-      - emptyDir: {}
-        name: logs
+      - name: logs
+        emptyDir:
+          sizeLimit: 128Mi

       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
       {{- end }}
       {{- if $certDir }}
       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
       {{- end }}
       {{- if $certDir }}


@@ -428,8 +457,7 @@ spec:
       {{- end }}
       {{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
       {{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
       {{- end }}
       {{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
       {{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}

-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{- include "common.imagePullSecrets" . | nindent 6 }}

 {{ end -}}
 
 {{/*
 {{ end -}}
 
 {{/*