{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
the DCAE microservice image.
The Deployment Pod may also include a logging sidecar container.
-The sidecar is included if .Values.logDirectory is set. The
+The sidecar is included if .Values.log.path is set. The
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
-The Deployment includes an initContainer that pushes the
-microservice's initial configuration (from .Values.applicationConfig)
-into Consul. All DCAE microservices retrieve their initial
-configurations by making an API call to a DCAE platform component called
-the config-binding-service. The config-binding-service currently
-retrieves configuration information from Consul.
-
-The Deployment also includes an initContainer that checks for the
+The Deployment includes an initContainer that checks for the
readiness of other components that the microservice relies on.
This container is generated by the "common.readinessCheck.waitfor"
template.
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter
+list of policyID or filter. An optional policyRelease parameter can be specified
+to override the default policy helm release (used for retreiving the secret containing
+pdp username and password)
+
+Following is example policy config override
+
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ duration: 300
+ policyRelease: "onap"
+ policyID: |
+ '["onap.vfirewall.tca","onap.vdns.tca"]'
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
-{{- $logDir := default "" .Values.logDirectory -}}
+{{- $log := default dict .Values.log -}}
+{{- $logDir := default "" $log.path -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
-{{- $policy := default "" .Values.policies -}}
-
+{{- $commonRelease := print (include "common.release" .) -}}
+{{- $policy := default dict .Values.policies -}}
+{{- $policyRls := default $commonRelease $policy.policyRelease -}}
+{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
+{{- $dcaeName := print (include "common.fullname" .) }}
+{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
+{{- $dot := . -}}
apiVersion: apps/v1
kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }}
spec:
replicas: 1
selector: {{- include "common.selectors" . | nindent 4 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+ {{- if not $drFeedConfig }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
- - name: init-consul
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - --key-yaml
- - "{{ include "common.name" . }}|/app-config/application_config.yaml"
- resources: {{ include "common.resources" . | nindent 2 }}
- volumeMounts:
- - mountPath: /app-config
- name: app-config
+ {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
{{- if $certDir }}
- name: init-tls
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
name: app-config-input
{{- if $logDir }}
- mountPath: {{ $logDir}}
- name: component-log
+ name: logs
{{- end }}
{{- if $certDir }}
- mountPath: {{ $certDir }}
{{- end }}
{{- include "dcaegen2-services-common._externalVolumeMounts" . | nindent 8 }}
{{- if $logDir }}
- - image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- resources: {{ include "common.resources" . | nindent 2 }}
- volumeMounts:
- - mountPath: /var/log/onap/{{ include "common.name" . }}
- name: component-log
- - mountPath: /usr/share/filebeat/data
- name: filebeat-data
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
+ {{ include "common.log.sidecar" . | nindent 6 }}
{{- end }}
{{- if $policy }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dcaePolicySyncImage }}
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
{{- end -}}
{{- if $policy.duration }}
- name: POLICY_SYNC_DURATION
- value: {{ $policy.duration }}
+ value: "{{ $policy.duration }}"
{{- end }}
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
name: app-config
{{- if $logDir }}
- emptyDir: {}
- name: component-log
- - emptyDir: {}
- name: filebeat-data
- - configMap:
- defaultMode: 420
- name: {{ include "common.fullname" . }}-filebeat-configmap
- name: filebeat-conf
+ name: logs
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
{{- end }}
{{- if $certDir }}
- emptyDir: {}
- name: policy-shared
emptyDir: {}
{{- end }}
+ {{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
{{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"