X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-traversal%2Ftemplates%2Fjob.yaml;h=88fbe4788ac2b8078c9f0bc4e383ee3aeece7cec;hb=refs%2Fheads%2Fmaster;hp=687dcbfddac57e7dfde8b531f9a700b303a77d3b;hpb=bd0d31acc349a67c01de0595d152b8448b5311d1;p=oom.git diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 687dcbfdda..2e51fd0a81 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -24,40 +24,44 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-update-query-data namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} {{ if .Values.global.jobs.migration.enabled }} - annotations: - "helm.sh/hook": post-upgrade,post-rollback,post-install - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.jobAnnotations }} + annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} + {{- end }} {{ end }} spec: template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /app/ready.py - args: - - --container-name - - aai - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }} + - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + securityContext: + runAsUser: 100 + runAsGroup: 65533 + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + command: + - sh + - "-c" + - | + set -x; + + until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do + echo "Retrying to reach aai on port 80"; + sleep 1; + done; resources: limits: cpu: "100m" @@ -70,31 +74,23 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - bash + - sh - "-c" - | - set -x - if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi - until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done; - bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ; - {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + set -x; + if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; + then mkdir -p /opt/aai/logroot/AAI-GQ/misc; + fi - env: - - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} + sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ; + + {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} resources: {{ include "common.resources" . | nindent 10 }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties @@ -105,9 +101,6 @@ spec: - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config - subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties @@ -115,13 +108,12 @@ spec: # so K8s doesn't restart unresponsive container serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: {{ include "common.fullname" . }}-logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} - name: {{ include "common.fullname" . }}-logs-misc - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logmiscSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: