X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Ftemplates%2Fdeployment.yaml;h=122e522bb10ea88f326f0fc99afc43a6982cf48b;hb=HEAD;hp=724cb2d59f59026bf2914dc3af01bd46f0f16933;hpb=ceac26096eeda210db046686494fdf11afbf0ab8;p=oom.git diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 724cb2d59f..6dde781842 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -20,22 +20,16 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: {{ .Chart.AppVersion | replace "+" "_" }} - {{- else }} - version: {{ .Chart.Version | replace "+" "_" }} - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: + {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} + replicas: 1 + {{- else }} + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -46,115 +40,54 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: {{ .Chart.AppVersion | replace "+" "_" }} - {{- else }} - version: {{ .Chart.Version | replace "+" "_" }} - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if .Values.global.msbEnabled }} - {{ $values := .Values }} - msb.onap.org/service-info: '[ - {{- range $api_endpoint := $values.aai_enpoints -}} - {{- range $api_version := $values.api_list }} - { - "serviceName": "_{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" - }, - { - "serviceName": "{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - {{- end }} - {{- end }} - ]' - {{- end }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: hostname: aai-resources terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - {{- if .Values.global.jobs.migration.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - --container-name - {{- if .Values.global.cassandra.localCluster }} - - aai-cassandra - {{- else }} - - cassandra - {{- end }} - - --container-name - - aai-schema-service - {{- end }} - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.jobs.migration.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} + {{- else if .Values.global.jobs.createSchema.enabled }} + {{ include "aairesources.waitForSchemaCreation" . | nindent 6 }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** actual launch of AAI Resources" - /bin/bash /opt/app/aai-resources/docker-entrypoint.sh + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: - - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.config.profiling.enabled }} + - name: PRE_JVM_ARGS + value: '{{ join " " .Values.config.profiling.args }}' + {{- end }} + {{- if .Values.config.debug.enabled }} + - name: POST_JVM_ARGS + value: {{ .Values.config.debug.args | quote }} + {{- end }} - name: INTERNAL_PORT_1 - value: {{ .Values.service.internalPort | quote }} + value: {{ .Values.service.resourcesPort | quote }} - name: INTERNAL_PORT_2 - value: {{ .Values.service.internalPort2 | quote }} + value: {{ .Values.service.debugPort | quote }} - name: INTERNAL_PORT_3 - value: {{ .Values.service.internalPort3 | quote }} + value: {{ .Values.service.metricsPort | quote }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }} + key: sasl.jaas.config volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties @@ -163,25 +96,24 @@ spec: - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config - subPath: localhost-access-logback.xml - - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config - subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties - name: {{ include "common.fullname" . }}-config - subPath: application-keycloak.properties + - mountPath: /tmp + name: tmp ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - - containerPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} + - containerPort: {{ .Values.service.resourcesPort }} + name: {{ .Values.service.resourcesPortName }} + {{- if .Values.config.debug.enabled }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} + - containerPort: {{ .Values.service.metricsPort }} + name: {{ .Values.service.metricsPortName }} + {{- if .Values.config.profiling.enabled }} + - containerPort: {{ .Values.service.profilingPort }} + name: {{ .Values.service.profilingPortName }} + {{- end }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. @@ -191,41 +123,38 @@ spec: - sh - -c - | - while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) - do sleep 10 + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1) + do sleep 3 done - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} + # disable liveness probe when + # debugging.enable=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: LivenessCheck - - name: X-TransactionId - value: LiveCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.liveness.path }} + {{- if .Values.liveness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{- end }} readinessProbe: httpGet: - path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: ReadinessCheck - - name: X-TransactionId - value: ReadinessCheck_TID - - name: Accept - value: application/json + port: {{ .Values.service.metricsPort }} + path: {{ .Values.readiness.path }} + {{- if .Values.readiness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + startupProbe: + httpGet: + port: {{ .Values.service.metricsPort }} + path: {{ .Values.startup.path }} + failureThreshold: {{ .Values.startup.failureThreshold }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} @@ -237,15 +166,15 @@ spec: {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} restartPolicy: {{ .Values.restartPolicy }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }}