X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-graphadmin%2Ftemplates%2Fdeployment.yaml;h=cad213ab9eb3b7ba7ea0f63b5cbbdc68ca0097c8;hb=refs%2Fheads%2Fmaster;hp=3e1479e335df2f98d1b36c0c0d4bb1a149124be4;hpb=9e0814551cf6e87a553d9066c18854e02c71cea5;p=oom.git diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 3e1479e335..9a0ca764bf 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -6,6 +6,7 @@ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,12 @@ metadata: namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} + app.kubernetes.io/name: {{ include "common.name" . }} + {{- if .Chart.AppVersion }} + version: "{{ .Chart.AppVersion | replace "+" "_" }}" + {{- else }} + version: "{{ .Chart.Version | replace "+" "_" }}" + {{- end }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} @@ -46,6 +53,12 @@ spec: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }} + {{- if .Chart.AppVersion }} + version: "{{ .Chart.AppVersion | replace "+" "_" }}" + {{- else }} + version: "{{ .Chart.Version | replace "+" "_" }}" + {{- end }} name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} @@ -53,50 +66,7 @@ spec: hostname: aai-graphadmin terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ if .Values.global.initContainers.enabled }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - {{- if .Values.global.aafEnabled }} - - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) - echo "*** obfuscate them " - export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") - export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop - echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop - image: {{ include "repositoryGenerator.image.jetty" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-obfuscate - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - securityContext: - runAsUser: {{ .Values.securityContext.user_id }} - - command: - - sh - args: - - -c - - | - echo "*** Set obfuscated Truststore and Keystore password into configuration file" - export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) - cd /config-input - for PFILE in `ls -1` - do - envsubst <${PFILE} >/config/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /config-input - name: properties-input - - mountPath: /config - name: properties - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{- end }} + initContainers: - command: {{ if .Values.global.jobs.migration.enabled }} - /app/ready.py @@ -111,13 +81,9 @@ spec: {{ else }} - /app/ready.py args: - - --container-name - {{- if .Values.global.cassandra.localCluster }} - - aai-cassandra - {{- else }} - - cassandra - {{- end }} - - --container-name + - --service-name + - {{ .Values.global.cassandra.serviceName }} + - --service-name - aai-schema-service {{ end }} env: @@ -129,6 +95,13 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" {{ end }} containers: - name: {{ include "common.name" . }} @@ -145,10 +118,14 @@ spec: value: {{ .Values.service.internalPort2 | quote }} - name: INTERNAL_PORT_3 value: {{ .Values.service.internalPort3 | quote }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} + key: sasl.jaas.config + volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties @@ -174,8 +151,11 @@ spec: subPath: application.properties ports: - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} - containerPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} - containerPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. @@ -202,8 +182,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -216,10 +195,7 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime + volumes: - name: logs emptyDir: {} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} @@ -227,13 +203,7 @@ spec: configMap: name: {{ include "common.fullname" . }} - name: properties - {{- if .Values.global.aafEnabled }} - emptyDir: - medium: Memory - - name: properties-input - {{- end }} configMap: name: {{ include "common.fullname" . }}-properties restartPolicy: {{ .Values.restartPolicy }} - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 6 }}