app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ # host alias allows local 'cfy' command to use https and match
+ # the host name in the certificate
+ hostAliases:
+ - ip: "127.0.0.1"
+ hostnames:
+ - "dcae-cloudify-manager"
+ initContainers:
+ - name: {{ include "common.name" . }}-multisite-init
+ image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --namespace
+ - {{ include "common.namespace" . }}
+ - --configmap
+ - {{ .Values.multisiteConfigMapName }}
+ restartPolicy: Never
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/opt/onap/certs/cacert.pem"
resources:
{{ include "common.resources" . | indent 12 }}
ports:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - /scripts/readiness-check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
subPath: config.txt
name: {{ include "common.fullname" .}}-config
readOnly: true
+ - mountPath: /opt/onap/kube
+ name: {{ include "common.fullname" .}}-kubeconfig
+ readOnly: true
- mountPath: /secret
name: dcae-token
readOnly: true
readOnly: true
- mountPath: /cfy-persist
name: cm-persistent
+ - mountPath: /opt/onap/certs
+ name: tls-info
securityContext:
privileged: True
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" .}}-kubeconfig
+ configMap:
+ name: {{ .Values.multisiteConfigMapName }}
- name: dcae-token
secret:
secretName: dcae-token
- name: cm-persistent
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-data
+ - emptyDir: {}
+ name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"