X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-sparky-be%2Ftemplates%2Fdeployment.yaml;h=bb0b9bbdcf2d2ac2235fa6e77b91a1862e2077eb;hb=46067c739335b6b456e507be170075dfb62b3086;hp=6e74526ddcaa455e2afe03248e2a53c05d0ef429;hpb=e05c90189f5fed7c4824a0c1ed9e932860dc2829;p=oom.git diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 6e74526ddc..bb0b9bbdcf 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -33,12 +33,43 @@ spec: app: {{ include "common.name" . }} template: metadata: + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "false" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if ( include "common.needTLS" .) }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + if [ -z "$KEYSTORE_PASSWORD" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + fi + echo "*** write them in portal part" + cd /config-input + for PFILE in `ls -1 .` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: portal-config-input + - mountPath: /config + name: portal-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} - command: - /app/ready.py args: @@ -57,82 +88,71 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - volumeMounts: + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + echo "*** actual launch of AAI Sparky BE" + /opt/app/sparky/bin/start.sh + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: client-cert-onap.p12 - - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: {{ include "common.fullname" . }}-auth-config + name: auth-config subPath: csp-cookie-filter.properties - - - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: org.onap.aai.p12 - - - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - - mountPath: /opt/app/sparky/config/portal/ - name: {{ include "common.fullname" . }}-portal-config - + name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: {{ include "common.fullname" . }}-portal-config-props - - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - + name: portal-config-props + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/sparky/config/application.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application.properties - - mountPath: /opt/app/sparky/config/application-resources.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-resources.properties - - mountPath: /opt/app/sparky/config/application-ssl.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-ssl.properties - - mountPath: /opt/app/sparky/config/application-oxm-default.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-default.properties - - mountPath: /opt/app/sparky/config/application-oxm-override.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-override.properties - - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-schema-prod.properties - - mountPath: /opt/app/sparky/config/roles.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: roles.config - - mountPath: /opt/app/sparky/config/users.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: users.config - + - mountPath: /opt/app/sparky/config/logging/logback.xml + name: config + subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPlainPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: @@ -147,56 +167,32 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-sparky-filebeat - resources: -{{ include "common.resources" . }} - - volumes: + {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - - name: {{ include "common.fullname" . }}-properties - configMap: - name: {{ include "common.fullname" . }}-prop - - - name: {{ include "common.fullname" . }}-config + - name: config configMap: name: {{ include "common.fullname" . }} - - - name: {{ include "common.fullname" . }}-portal-config + - name: portal-config + {{- if .Values.global.aafEnabled }} + emptyDir: + medium: Memory + - name: portal-config-input + {{- end }} configMap: name: {{ include "common.fullname" . }}-portal - - - name: {{ include "common.fullname" . }}-portal-config-props + - name: portal-config-props configMap: name: {{ include "common.fullname" . }}-portal-props - - - name: {{ include "common.fullname" . }}-auth-config + - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-sparky-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir emptyDir: {} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}