[SDC] Service Mesh Compliance for SDC

[oom.git] / kubernetes / sdc / components / sdc-wfd-be / templates / deployment.yaml

diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index b188cda..a187e19 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2017 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018  ZTE
 #
@@ -12,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 apiVersion: apps/v1
 kind: Deployment
@@ -37,7 +39,7 @@ spec:
       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       {{- if .Values.initJob.enabled }}
       - name: {{ include "common.name" . }}-job-completion
-        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
         command:
         - /app/ready.py
@@ -50,10 +52,17 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
       {{ end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           {{- if .Values.global.aafEnabled }}
           command:
@@ -70,26 +79,37 @@ spec:
             ./startup.sh
           {{- end }}
           ports:
-          - containerPort: {{ template "wfd-be.internalPort" . }}
+          - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
           livenessProbe:
             tcpSocket:
-              port: {{ template "wfd-be.internalPort" . }}
+              port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
+            successThreshold: {{ .Values.liveness.successThreshold }}
+            failureThreshold: {{ .Values.liveness.failureThreshold }}
           {{ end }}
           readinessProbe:
             tcpSocket:
-              port: {{ template "wfd-be.internalPort" . }}
+              port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
+            successThreshold: {{ .Values.readiness.successThreshold }}
+            failureThreshold: {{ .Values.readiness.failureThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
+            periodSeconds: {{ .Values.startup.periodSeconds }}
+            successThreshold: {{ .Values.startup.successThreshold }}
+            failureThreshold: {{ .Values.startup.failureThreshold }}
           env:
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           - name: CS_HOSTS
-            value: "{{ .Values.global.cassandra.serviceName }}"
+            value: "{{ .Values.global.sdc_cassandra.serviceName }}"
           - name: CS_PORT
             value: "{{ .Values.config.cassandraClientPort }}"
           - name: CS_AUTHENTICATE
@@ -108,21 +128,28 @@ spec:
             valueFrom:
               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
           - name: SDC_PROTOCOL
-            value: "{{ .Values.config.sdcProtocol }}"
+            value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
           - name: SDC_ENDPOINT
-            value: "{{ .Values.config.sdcEndpoint }}"
+            value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
           - name: SDC_USER
             value: "{{ .Values.config.sdcExternalUser }}"
           - name: SDC_PASSWORD
             valueFrom:
               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
+          {{- if (include "common.needTLS" .) }}
           - name: SERVER_SSL_ENABLED
-            value: "{{ .Values.config.serverSSLEnabled }}"
+            value: "true"
           - name: SERVER_SSL_KEYSTORE_TYPE
             value: "{{ .Values.config.serverSSLKeyStoreType }}"
           - name: SERVER_SSL_TRUSTSTORE_TYPE
             value: "{{ .Values.config.serverSSLTrustStoreType }}"
+          {{- else }}
+          - name: SERVER_SSL_ENABLED
+            value: "false"
+          {{- end }}
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"