-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}
+ app: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
+ release: {{ include "common.release" . }}
spec:
- replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+ release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
- - /root/ready.py
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
args:
- - --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
containers:
- - name: {{ .Chart.Name }}
- command:
- - /tmp/start-jboss-server.sh
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- - containerPort: {{ .Values.service.internalPort4 }}
- - containerPort: {{ .Values.service.internalPort5 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: JBOSS_DEBUG
- value: {{ .Values.global.debugEnabled | default .Values.debugEnabled | quote }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /shared/
- name: so
- - mountPath: /tmp/start-jboss-server.sh
- name: so-docker-files
- subPath: start-jboss-server.sh
- - mountPath: /opt/jboss/standalone/configuration/standalone-full-ha-mso.xml
- name: so-config
- subPath: standalone-full-ha-mso.xml
- - mountPath: /var/log/onap
- name: so-logs
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-po-adapter-config/logback.network.xml
- name: so-logback
- subPath: logback.network.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-po-adapter-config/logback.tenant.xml
- name: so-logback
- subPath: logback.tenant.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-po-adapter-config/logback.vnf.xml
- name: so-logback
- subPath: logback.vnf.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-po-adapter-config/logback.vfc.xml
- name: so-logback
- subPath: logback.vfc.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-api-handler-infra-config/logback.apihandler-infra.xml
- name: so-logback
- subPath: logback.apihandler-infra.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-appc-adapter-config/logback.appc.xml
- name: so-logback
- subPath: logback.appc.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-requests-db-adapter-config/logback.msorequestsdbadapter.xml
- name: so-logback
- subPath: logback.msorequestsdbadapter.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-asdc-controller-config/logback.asdc.xml
- name: so-logback
- subPath: logback.asdc.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-sdnc-adapter-config/logback.sdnc.xml
- name: so-logback
- subPath: logback.sdnc.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-bpmn-config/logback.bpmn.xml
- name: so-logback
- subPath: logback.bpmn.xml
- - mountPath: /var/berks-cookbooks/mso-config/files/default/mso-workflow-message-adapter-config/logback.workflow-message-adapter.xml
- name: so-logback
- subPath: logback.workflow-message-adapter.xml
- resources:
-{{ toYaml .Values.resources | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
{{- end }}
-
- # side car containers
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: so-logs
- - mountPath: /usr/share/filebeat/data
- name: so-data-filebeat
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: so-logback
- configMap:
- name: so-log-configmap
- - name: filebeat-conf
- configMap:
- name: so-filebeat-configmap
- - name: so
- configMap:
- name: so-configmap
- items:
- - key: mso-docker.json
- path: mso-docker.json
- mode: 0755
- - key: onap-ca.crt
- path: onap-ca.crt
- mode: 0755
- - key: onap-ca-new.crt
- path: onap-ca-new.crt
- mode: 0755
- - key: encryption.key
- path: encryption.key
- mode: 0644
- - name: so-config
- configMap:
- name: so-configmap
- items:
- - key: standalone-full-ha-mso.xml
- path: standalone-full-ha-mso.xml
- mode: 0644
- - name: so-logs
- emptyDir: {}
- - name: so-data-filebeat
- emptyDir: {}
- - name: so-docker-files
- configMap:
- name: so-docker-file-configmap
- items:
- - key: start-jboss-server.sh
- path: start-jboss-server.sh
- mode: 0755
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"