X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;ds=inline;f=kubernetes%2Fa1policymanagement%2Ftemplates%2Fdeployment.yaml;h=43431f0a35cf9cac95c9d689cfaef4eed4ef8b79;hb=ad82580180950911a3aaa57285d03339dc9feb5c;hp=6987bd41c514fc39af17b6c1bf7a92f0634f5d8c;hpb=600b979eca5e1fe811fded36ab0a8ca0bf213878;p=oom.git

diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index 6987bd41c5..43431f0a35 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 ################################################################################
 #   Copyright (c) 2020 Nordix Foundation.                                      #
+#   Copyright Â© 2020 Samsung Electronics, Modifications                        #
 #                                                                              #
 #   Licensed under the Apache License, Version 2.0 (the "License");            #
 #   you may not use this file except in compliance with the License.           #
@@ -26,28 +27,60 @@ spec:
     metadata:
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      - name: {{ include "common.name" . }}-bootstrap-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
+            | xargs -0)
+          cd /config-input
+          for PFILE in `ls -1`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod o+w /config/${PFILE}
+          done
+          cat /config/application.yaml
+        env:
+        - name: A1CONTROLLER_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+        - name: A1CONTROLLER_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        - mountPath: /config-input
+          name: {{ include "common.fullname" . }}-policy-conf-input
+        - mountPath: /config
+          name: config
+      containers:
       - name: {{ include "common.name" . }}-update-config
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          runAsGroup: {{ .Values.groupID }}
+          runAsUser: {{ .Values.userID }}
+          runAsNonRoot: true
         command:
         - sh
         args:
-        - -c
-        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - /tmp/scripts/daemon.sh
         env:
         - name: A1CONTROLLER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
         - name: A1CONTROLLER_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
         volumeMounts:
+        - mountPath: /tmp/scripts
+          name: {{ include "common.fullname" . }}-envsubst-scripts
         - mountPath: /config-input
           name: {{ include "common.fullname" . }}-policy-conf-input
         - mountPath: /config
           name: config
-      containers:
       - name: {{ include "common.name" . }}
-        image: {{ include "common.repository" . }}/{{ .Values.image }}
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         ports: {{ include "common.containerPorts" . | nindent 10  }}
         readinessProbe:
@@ -62,14 +95,22 @@ spec:
             scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
-        volumeMounts:
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - name: config
-          mountPath: /opt/app/policy-agent/data
+          mountPath: /opt/app/policy-agent/data/application_configuration.json
+          subPath: application_configuration.json
+        - name: config
+          mountPath: /opt/app/policy-agent/config/application.yaml
+          subPath: application.yaml
         resources: {{ include "common.resources" . | nindent 10 }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-policy-conf-input
           configMap:
             name: {{ include "common.fullname" . }}-policy-conf
+            defaultMode: 0555
+        - name: {{ include "common.fullname" . }}-envsubst-scripts
+          configMap:
+            name: {{ include "common.fullname" . }}-envsubst-scripts
         - name: config
           emptyDir:
             medium: Memory