+{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- /app/ready.py
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
chmod 0755 /config-output/${PFILE}
done
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-input
mountPath: /config-input/
- - name: sdc-environments-output
+ - name: sdc-environments
mountPath: /config-output/
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
+ - name: volume-permissions
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: cert-storage
+ mountPath: "/onboard/cert"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
readinessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ startupProbe:
+ httpGet:
+ path: /onboarding-api/v1.0/healthcheck
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
+ timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
+ successThreshold: {{ .Values.startup.successThreshold }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.env.name }}
- name: SDC_CERT_DIR
value: {{ .Values.cert.certDir }}
volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+ - name: sdc-environments
+ mountPath: /app/jetty/chef-solo/environments/
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-environments
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+ - name: sdc-environments
+ mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
+ {{- end }}
+ - name: localtime
mountPath: /etc/localtime
readOnly: true
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logback
+ - name: cert-storage
+ mountPath: "{{ .Values.cert.certDir }}"
+ - name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
# side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
+ {{ include "common.log.sidecar" . | nindent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: {{ include "common.fullname" . }}-localtime
+ - name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
+
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments
+ {{- if .Values.global.aafEnabled }}
+ emptyDir: { medium: "Memory" }
+ - name: sdc-environments-input
+ {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
+ - name: cert-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"