apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
spec:
+ {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
+ replicas: 1
+ {{- else }}
+ {{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
- {{- if .Values.global.msbEnabled }}
- {{ $values := .Values }}
- msb.onap.org/service-info: '[
- {{- range $api_endpoint := $values.aai_enpoints -}}
- {{- range $api_version := $values.api_list }}
- {
- "serviceName": "_{{ $api_endpoint.name }}",
- "version": "v{{ $api_version }}",
- "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
- },
- {
- "serviceName": "{{ $api_endpoint.name }}",
- "version": "v{{ $api_version }}",
- "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {{- end }}
- {{- end }}
- ]'
- {{- end }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostname: aai-resources
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- {{- if .Values.global.jobs.migration.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else }}
- {{- if .Values.global.jobs.createSchema.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
- - aai-schema-service
- {{- end }}
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.jobs.migration.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+ {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{ include "aairesources.waitForSchemaCreation" . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** actual launch of AAI Resources"
- /bin/bash /opt/app/aai-resources/docker-entrypoint.sh
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
{{- if .Values.config.env }}
{{- range $key,$value := .Values.config.env }}
- name: POST_JVM_ARGS
value: {{ .Values.config.debug.args | quote }}
{{- end }}
- - name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- name: INTERNAL_PORT_1
- value: {{ .Values.service.internalPort | quote }}
+ value: {{ .Values.service.resourcesPort | quote }}
- name: INTERNAL_PORT_2
- value: {{ .Values.service.internalPort2 | quote }}
+ value: {{ .Values.service.debugPort | quote }}
- name: INTERNAL_PORT_3
- value: {{ .Values.service.internalPort3 | quote }}
+ value: {{ .Values.service.metricsPort | quote }}
+ - name: BOOTSTRAP_SERVERS
+ value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}
+ key: sasl.jaas.config
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
name: {{ include "common.fullname" . }}-config
subPath: janusgraph-realtime.properties
- - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/app/aai-resources/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
- - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
- subPath: localhost-access-logback.xml
- - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
- name: {{ include "common.fullname" . }}-config
- subPath: realm.properties
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
- - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application-keycloak.properties
+ - mountPath: /tmp
+ name: tmp
ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ - containerPort: {{ .Values.service.resourcesPort }}
+ name: {{ .Values.service.resourcesPortName }}
{{- if .Values.config.debug.enabled }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
{{- end }}
- - containerPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
+ - containerPort: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
{{- if .Values.config.profiling.enabled }}
- - containerPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.portName4 }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
{{- end }}
-
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
- sh
- -c
- |
- while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
- do sleep 10
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1)
+ do sleep 3
done
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
+ # disable liveness probe when
+ # debugging.enable=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
livenessProbe:
httpGet:
- path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- httpHeaders:
- - name: X-FromAppId
- value: LivenessCheck
- - name: X-TransactionId
- value: LiveCheck_TID
- - name: Accept
- value: application/json
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.liveness.path }}
+ {{- if .Values.liveness.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ {{- end }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{- end }}
readinessProbe:
httpGet:
- path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- httpHeaders:
- - name: X-FromAppId
- value: ReadinessCheck
- - name: X-TransactionId
- value: ReadinessCheck_TID
- - name: Accept
- value: application/json
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.readiness.path }}
+ {{- if .Values.readiness.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ {{- end }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ startupProbe:
+ httpGet:
+ port: {{ .Values.service.metricsPort }}
+ path: {{ .Values.startup.path }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
+ timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
restartPolicy: {{ .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff