app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- name: {{ include "common.name" . }}-readiness
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ - --job-name
+ - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
{{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
+ securityContext:
+ runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
- mountPath: {{ .Values.global.loggingDirectory }}
- name: {{ include "common.fullname" . }}-logs
+ name: logs
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
- {{- end -}}
+ {{- end }}
# Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/datarouter-prov
+ {{ include "common.log.sidecar" . | nindent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
+ {{ include "common.log.volumes" . | nindent 6 }}
+ - name: logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"