kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ include "common.servicename" . }}-cluster
- replicas: {{ .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}-cluster
podManagementPolicy: Parallel
+ replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- name: ODL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
- - name: DMAAP_HTTP_PROXY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
- - name: DMAAP_HTTP_PROXY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
- {{- end }}
{{ if .Values.config.sdnr.oauth.enabled }}
- name: OAUTH_TOKEN_SECRET
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }}
- name: KEYCLOAK_SECRET
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }}
-
- name: ENABLE_ODLUX_RBAC
value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}"
{{ end }}
-
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "SASL_PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "SCRAM-SHA-512" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{ end }}
volumeMounts:
- mountPath: /config-input
name: config-input
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{ end -}}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ end }}
- name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
mkdir {{ .Values.persistence.mdsalPath }}/snapshots
mkdir {{ .Values.persistence.mdsalPath }}/daexim
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
-{{- if .Values.global.aafEnabled }}
- chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
-{{- end }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
containers:
- name: GEO_ENABLED
value: "{{ .Values.config.geoEnabled}}"
- name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
+ value: "false"
- name: SDNC_REPLICAS
value: "{{ .Values.replicaCount }}"
- name: MYSQL_HOST
- name: SDNRONLY
value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
- name: SDNRDBURL
- {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
- value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
{{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
- name: SDNRDBTRUSTALLCERTS
value: "true"
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "login") | indent 12 }}
- name: SDNR_VES_COLLECTOR_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "password") | indent 12 }}
+ - name: SDNR_WEBSOCKET_PORT
+ value: "{{ .Values.sdnrWebsocketPort | default "8182"}}"
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "PLAIN" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ value: "{{ .Values.config.sdnr.kafka.saslJassConfig | default "PLAIN" }}"
+ {{ end }}
+
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
-{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumes" . | nindent 8 }}
{{- end }}