# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
This initial implementation supports ConfigMaps only, as this is the only
external volume mounting required by current microservices.
-.Values.externalValues is a list of objects. Each object has 3 required fields and 1 optional field:
+.Values.externalVolumes is a list of objects. Each object has 3 required fields and 2 optional fields:
- name: the name of the resource (in the current implementation, it must be a ConfigMap)
that is to be set up as a volume. The value is a case sensitive string. Because the
names of resources are sometimes set at deployment time (for instance, to prefix the Helm
value is a case-sensitive string.
- readOnly: (Optional) Boolean flag. Set to true to mount the volume as read-only.
Defaults to false.
+ - optional: (Optional) Boolean flag. Set to true to make the configMap optional (i.e., to allow the
+ microservice's pod to start even if the configMap doesn't exist). If set to false, the configMap must
+ be present in order for the microservice's pod to start. Defaults to true. (Note that this
+ default is the opposite of the Kubernetes default. We've done this to be consistent with the behavior
+ of the DCAE Cloudify plugin for Kubernetes [k8splugin], which always set "optional" to true.)
Here is an example fragment from a values.yaml file for a microservice:
- name: '{{ include "common.release" . }}-another-example'
type: configmap
mountPath: /opt/app/otherconfig
+ optional: false
*/}}
{{- define "dcaegen2-services-common._externalVolumes" -}}
{{- $global := . -}}
{{- if .Values.externalVolumes }}
{{- range $vol := .Values.externalVolumes }}
{{- if eq (lower $vol.type) "configmap" }}
- {{- $vname := (tpl $vol.name $global) }}
+ {{- $vname := (tpl $vol.name $global) -}}
+ {{- $opt := hasKey $vol "optional" | ternary $vol.optional true }}
- configMap:
defaultMode: 420
name: {{ $vname }}
+ optional: {{ $opt }}
name: {{ $vname }}
{{- end }}
{{- end }}
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter
+list of policyID or filter. An optional policyRelease parameter can be specified
+to override the default policy helm release (used for retreiving the secret containing
+pdp username and password)
+
+Following is example policy config override
+
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ duration: 300
+ policyRelease: "onap"
+ policyID: |
+ '["onap.vfirewall.tca","onap.vdns.tca"]'
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
-{{- $logDir := default "" .Values.logDirectory -}}
+{{- $logDir := default "" .Values.log.path -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
-{{- $policy := default "" .Values.policies -}}
-
+{{- $commonRelease := print (include "common.release" .) -}}
+{{- $policy := default dict .Values.policies -}}
+{{- $policyRls := default $commonRelease $policy.policyRelease -}}
+{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
+{{- $dcaeName := print (include "common.fullname" .) }}
+{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
+{{- $dot := . -}}
apiVersion: apps/v1
kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }}
spec:
replicas: 1
selector: {{- include "common.selectors" . | nindent 4 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+ {{- if not $drFeedConfig }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
- name: init-consul
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- --key-yaml
- "{{ include "common.name" . }}|/app-config/application_config.yaml"
+ env:
+ - name: CONSUL_HOST
+ value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }}
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
- mountPath: /app-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
env:
+ {{- range $cred := .Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
+ {{- end }}
{{- if $certDir }}
- name: DCAE_CA_CERTPATH
value: {{ $certDir }}/cacert.pem
volumeMounts:
- mountPath: /app-config
name: app-config
+ - mountPath: /app-config-input
+ name: app-config-input
{{- if $logDir }}
- mountPath: {{ $logDir}}
- name: component-log
+ name: logs
{{- end }}
{{- if $certDir }}
- mountPath: {{ $certDir }}
{{- end }}
{{- include "dcaegen2-services-common._externalVolumeMounts" . | nindent 8 }}
{{- if $logDir }}
- - image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- resources: {{ include "common.resources" . | nindent 2 }}
- volumeMounts:
- - mountPath: /var/log/onap/{{ include "common.name" . }}
- name: component-log
- - mountPath: /usr/share/filebeat/data
- name: filebeat-data
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
+ {{ include "common.log.sidecar" . | nindent 6 }}
{{- end }}
{{- if $policy }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dcaePolicySyncImage }}
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
{{- end -}}
{{- if $policy.duration }}
- name: POLICY_SYNC_DURATION
- value: {{ $policy.duration }}
+ value: "{{ $policy.duration }}"
{{- end }}
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
name: app-config
{{- if $logDir }}
- emptyDir: {}
- name: component-log
- - emptyDir: {}
- name: filebeat-data
- - configMap:
- defaultMode: 420
- name: {{ include "common.fullname" . }}-filebeat-configmap
- name: filebeat-conf
+ name: logs
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
{{- end }}
{{- if $certDir }}
- emptyDir: {}
- name: policy-shared
emptyDir: {}
{{- end }}
+ {{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
{{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
*/}}
{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
true
{{- end -}}
{{- end -}}