# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: {{ .Chart.AppVersion | replace "+" "_" }}
+ {{- else }}
+ version: {{ .Chart.Version | replace "+" "_" }}
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: {{ .Chart.AppVersion | replace "+" "_" }}
+ {{- else }}
+ version: {{ .Chart.Version | replace "+" "_" }}
+ {{- end }}
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-traversal
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- /app/ready.py
args:
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
echo "*** actual launch of AAI Resources"
/bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
- - name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststorePassword }}
- name: DISABLE_UPDATE_QUERY
value: {{ .Values.config.disableUpdateQuery | quote }}
- name: LOCAL_USER_ID
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: bath_config.csv
- - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.onap.aai.props
- - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.osaaf.location.props
- - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: permissions.properties
- - mountPath: /opt/app/aai-traversal/resources/cadi.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: cadi.properties
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
subPath: application-keycloak.properties
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
- containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: LivenessCheck
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: ReadinessCheck
value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-aaf-properties
- configMap:
- name: {{ include "common.fullname" . }}-aaf-props
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"