X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-sparky-be%2Ftemplates%2Fdeployment.yaml;h=f8813cdf69060a1aed09b8b59e5133a5f87ecfb2;hb=refs%2Fheads%2Fmaster;hp=bb0b9bbdcf2d2ac2235fa6e77b91a1862e2077eb;hpb=46067c739335b6b456e507be170075dfb62b3086;p=oom.git diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index bb0b9bbdcf..517601b0dc 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -1,7 +1,8 @@ {{/* -# Copyright (c) 2017 Amdocs, Bell Canada -# Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Nokia +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,97 +19,34 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + {{- if .Values.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} template: - metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.name" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - {{- if ( include "common.needTLS" .) }} - - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - if [ -z "$KEYSTORE_PASSWORD" ] - then - echo " /!\ certificates retrieval failed" - exit 1 - fi - echo "*** write them in portal part" - cd /config-input - for PFILE in `ls -1 .` - do - envsubst <${PFILE} >/config/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /config-input - name: portal-config-input - - mountPath: /config - name: portal-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{- end }} - - command: - - /app/ready.py - args: - - --container-name - - aai - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - echo "*** actual launch of AAI Sparky BE" - /opt/app/sparky/bin/start.sh - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: auth-config - subPath: csp-cookie-filter.properties - - mountPath: /opt/app/sparky/config/portal/ - name: portal-config - - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: portal-config-props + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + volumeMounts: - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/app/sparky/config/application.properties @@ -138,25 +76,53 @@ spec: - mountPath: /opt/app/sparky/config/logging/logback.xml name: config subPath: logback.xml + - mountPath: /tmp + name: tmp-volume ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPlainPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} + {{- if .Values.debug.enabled }} + - containerPort: {{ .Values.debug.port }} + name: {{ .Values.debug.portName }} + {{- end }} + {{- if .Values.profiling.enabled }} + - containerPort: {{ .Values.profiling.port }} + name: {{ .Values.profiling.portName }} + {{- end }} + {{ include "common.containerPorts" . | nindent 10 }} + env: + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.profiling.enabled }} + - name: PRE_JVM_ARGS + value: '{{ join " " .Values.profiling.args }}' + {{- end }} + {{- if .Values.debug.enabled }} + - name: JVM_ARGS + value: {{ .Values.debug.args | quote }} + {{- end }} + # disable liveness probe when + # debugging.enabled=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }} livenessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . }} + startupProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + failureThreshold: {{ .Values.startup.failureThreshold }} + periodSeconds: {{ .Values.startup.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -169,32 +135,19 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime + volumes: - name: config configMap: name: {{ include "common.fullname" . }} - - name: portal-config - {{- if .Values.global.aafEnabled }} - emptyDir: - medium: Memory - - name: portal-config-input - {{- end }} - configMap: - name: {{ include "common.fullname" . }}-portal - - name: portal-config-props - configMap: - name: {{ include "common.fullname" . }}-portal-props - - name: auth-config - secret: - secretName: {{ include "common.fullname" . }} - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.modeldirSizeLimit }} + - name: tmp-volume + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }}