# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
+ release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+ release: {{ include "common.release" . }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "sdc-wfd-be"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- name: KEYSTORE_PASS
- {{- if .Values.global.security.keysFromCa }}
valueFrom:
- secretKeyRef:
- name: mft-sdc
- key: keystore-password.txt
- {{ else }}
- value: {{ .Values.global.security.keyStorePass}}
- {{- end }}
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- name: TRUSTSTORE_PASS
- {{- if .Values.global.security.keysFromCa }}
valueFrom:
- secretKeyRef:
- name: mft-catruststore
- key: keystore-password.txt
- {{ else }}
- value: {{ .Values.global.security.trustStorePass}}
- {{- end }}
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- name: TRUSTSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- name: KEYSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- - name: TRUSTSTORE_TYPE
- value: {{ .Values.security.truststore.type }}
- - name: KEYSTORE_TYPE
- value: {{ .Values.security.keystore.type }}
+ - name: TRUST_ALL
+ value: "{{ .Values.config.isTrustAll}}"
{{ end }}
volumeMounts:
- {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: {{ include "common.fullname" . }}-jetty-https-truststore
- mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}
- subPath: {{ .Values.security.truststoreFilename }}
- - name: {{ include "common.fullname" . }}-jetty-https-keystore
- mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}
- subPath: {{ .Values.security.keystoreFilename }}
- {{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
# side car containers
- name: {{ include "common.name" . }}-filebeat-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
- name: {{ .Release.Name }}-sdc-filebeat-configmap
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"