X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Ftemplates%2Fdeployment.yaml;h=11008aea96e242746a7f5d110fefcab6400f0e81;hb=d12c16773174e0cdd1fcdd861c7b93ae05de1bc9;hp=6fbbf1c089dee4403a8bdc5916afa0c83e672e0a;hpb=3465ee1be5636b48753bc7bf4d0bf8ca1fac5147;p=oom.git diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 6fbbf1c089..11008aea96 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -3,6 +3,7 @@ # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia # Modifications Copyright (c) 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,6 +30,12 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} @@ -72,30 +79,29 @@ spec: {{- end }} spec: hostname: aai-resources + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: - - command: - {{- if .Values.global.jobs.migration.enabled }} + - name: {{ include "common.name" . }}-readiness + command: - /app/ready.py args: + {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - /app/ready.py - args: + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - /app/ready.py - args: + {{- else }} - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service + {{- end }} {{- end }} env: - name: NAMESPACE @@ -105,19 +111,28 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - | + echo "*** actual launch of AAI Resources" + /bin/bash /opt/app/aai-resources/docker-entrypoint.sh env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - - name: POST_JAVA_OPTS - value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit' + - name: INTERNAL_PORT_1 + value: {{ .Values.service.internalPort | quote }} + - name: INTERNAL_PORT_2 + value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -132,7 +147,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -142,60 +157,61 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.keyfile - - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv - name: {{ include "common.fullname" . }}-aaf-certs - subPath: bath_config.csv - - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props - name: {{ include "common.fullname" . }}-aaf-properties - subPath: org.onap.aai.props - - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props - name: {{ include "common.fullname" . }}-aaf-properties - subPath: org.osaaf.location.props - - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties - name: {{ include "common.fullname" . }}-aaf-properties - subPath: permissions.properties - - mountPath: /opt/app/aai-resources/resources/cadi.properties - name: {{ include "common.fullname" . }}-aaf-properties - subPath: cadi.properties - - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-aaf-certs - subPath: org.onap.aai.p12 - - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties - {{- $global := . }} - {{- range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} + lifecycle: + # wait for active requests (long-running tasks) to be finished + # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. + preStop: + exec: + command: + - sh + - -c + - | + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + do sleep 10 + done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} livenessProbe: - tcpSocket: + httpGet: + path: /aai/util/echo?action=checkDB port: {{ .Values.service.internalPort }} + scheme: HTTP + httpHeaders: + - name: X-FromAppId + value: LivenessCheck + - name: X-TransactionId + value: LiveCheck_TID + - name: Accept + value: application/json initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{- end }} readinessProbe: - tcpSocket: + httpGet: + path: /aai/util/echo?action=checkDB port: {{ .Values.service.internalPort }} + scheme: HTTP + httpHeaders: + - name: X-FromAppId + value: ReadinessCheck + - name: X-TransactionId + value: ReadinessCheck_TID + - name: Accept + value: application/json initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 12 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} @@ -203,49 +219,18 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-aaf-properties - configMap: - name: {{ include "common.fullname" . }}-aaf-props - - name: {{ include "common.fullname" . }}-aaf-certs - secret: - secretName: {{ include "common.fullname" . }}-aaf-keys - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{- range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{- end }} + name: {{ include "common.fullname" . }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"