app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ # host alias allows local 'cfy' command to use https and match
+ # the host name in the certificate
+ hostAliases:
+ - ip: "127.0.0.1"
+ hostnames:
+ - "dcae-cloudify-manager"
+ initContainers:
+ - name: {{ include "common.name" . }}-multisite-init
+ image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --namespace
+ - {{ include "common.namespace" . }}
+ - --configmap
+ - {{ .Values.multisiteConfigMapName }}
+ restartPolicy: Never
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/opt/onap/certs/cacert.pem"
+ resources:
+{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - /scripts/readiness-check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
subPath: config.txt
name: {{ include "common.fullname" .}}-config
readOnly: true
+ - mountPath: /opt/onap/kube
+ name: {{ include "common.fullname" .}}-kubeconfig
+ readOnly: true
- mountPath: /secret
name: dcae-token
readOnly: true
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /cfy-persist
+ name: cm-persistent
+ - mountPath: /opt/onap/certs
+ name: tls-info
securityContext:
privileged: True
- lifecycle:
- postStart:
- exec:
- command:
- - bash
- - "-c"
- - |
- set -ex
- mkdir -p /var/run/secrets/kubernetes.io/
- ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" .}}-kubeconfig
+ configMap:
+ name: {{ .Values.multisiteConfigMapName }}
- name: dcae-token
secret:
secretName: dcae-token
- name: localtime
hostPath:
path: /etc/localtime
+ - name: cm-persistent
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data
+ - emptyDir: {}
+ name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
Code Review / oom.git / blobdiff