# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
]'
spec:
hostname: aai-resources
+ {{ if .Values.global.initContainers.enabled }}
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
initContainers:
- command:
+ {{ if .Values.global.jobs.createSchema.enabled }}
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ .Release.Name }}-aai-graphadmin-create-db-schema
+ {{ else }}
- /root/ready.py
args:
- --container-name
- aai-cassandra
+ {{ end }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: LOCAL_USER_ID
- value: {{ .Values.config.userId | quote }}
+ value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
- value: {{ .Values.config.groupId | quote }}
+ value: {{ .Values.global.config.groupId | quote }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
name: {{ include "common.fullname" . }}-localhost-access-log-conf
subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
+ name: {{ include "common.fullname" . }}-realm-conf
+ subPath: realm.properties
+ {{ if .Values.global.installSidecarSecurity }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+ name: {{ include "common.fullname" . }}-aai-policy
+ subPath: aai_policy.json
+ {{ end }}
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.keyfile
+ - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: bath_config.csv
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.onap.aai.props
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.osaaf.location.props
+ - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: permissions.properties
+ - mountPath: /opt/app/aai-resources/resources/cadi.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: cadi.properties
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.p12
+ - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-springapp-conf
subPath: application.properties
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_keystore
- name: {{ include "common.fullname" . }}-auth-sec
- subPath: aai_keystore
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ resources:
+{{ include "common.resources" . }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.sidecar.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
volumes:
- name: localtime
- name: {{ include "common.fullname" . }}-aaiconfig-conf
configMap:
name: {{ include "common.fullname" . }}-aaiconfig-configmap
+ - name: {{ include "common.fullname" . }}-aaf-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-props
+ - name: {{ include "common.fullname" . }}-aaf-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-aaf-keys
- name: {{ include "common.fullname" . }}-springapp-conf
configMap:
name: {{ include "common.fullname" . }}-springapp-configmap
- name: {{ include "common.fullname" . }}-realm-conf
configMap:
name: {{ include "common.fullname" . }}-realm-configmap
- - name: {{ include "common.fullname" . }}-auth-sec
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-auth-truststore-secret
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-aai-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
secret:
- secretName: aai-auth-secret
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"