X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Ftemplates%2Fdeployment.yaml;h=d64410ceea39e2c035170c63e9d36b8d1ce45df2;hb=refs%2Fheads%2Fmaster;hp=f17256b6e4110fab95f4e3e9ec17e902edbb8c4f;hpb=63db716df5e8a66512a5e843b9b3588c3fc07ed4;p=oom.git

diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index f17256b6e4..160d8cf823 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright (c) 2018 Amdocs, Bell Canada, AT&T
 # Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,19 +18,13 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
 spec:
   selector:
     matchLabels:
       app: {{ include "common.name" . }}
   replicas: {{ .Values.replicaCount }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   strategy:
     type: {{ .Values.updateStrategy.type }}
     {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
@@ -38,85 +33,68 @@ spec:
       maxSurge: {{ .Values.updateStrategy.maxSurge }}
     {{- end }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-      name: {{ include "common.release" . }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
-      - command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - aai-resources
-        - --container-name
-        - aai-traversal
-        - --container-name
-        - aai-graphadmin
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
+      initContainers:
+      - command: ["/bin/sh","-c"]
+        args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
+        image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+        name: copy-haproxy-config
+        resources:
+          limits:
+            cpu: 100m
+            memory: 200Mi
+          requests:
+            cpu: 2m
+            memory: 100Mi
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /usr/local/etc/haproxy_rw
+          name: haproxy-etc
       containers:
       - name: {{ include "common.name" . }}
-        image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
+        image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
+        - mountPath: /usr/local/etc/haproxy
+          name: haproxy-etc
+        - mountPath: /usr/local/etc/haproxy/resolvers.conf
+          name: haproxy-config
+          subPath: resolvers.conf
           readOnly: true
-        - mountPath: /dev/log
-          name: aai-service-log
         - mountPath: /usr/local/etc/haproxy/haproxy.cfg
         {{ if .Values.global.installSidecarSecurity }}
           subPath: haproxy-pluggable-security.cfg
         {{ else }}
           subPath: haproxy.cfg
         {{ end }}
-          name: haproxy-cfg
-        {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+          name: haproxy-config
         ports:
         - containerPort: {{ .Values.service.internalPort }}
-        - containerPort: {{ .Values.service.internalPlainPort }}
+          name: {{ .Values.service.portName }}
+        - containerPort: {{ .Values.metricsService.internalPort }}
+          name: {{ .Values.metricsService.portName }}
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
-            port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+            port: {{ .Values.service.internalPort }}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        resources: {{ include "common.resources" . | nindent 10 }}
         readinessProbe:
-          httpGet:
-            path: /aai/util/echo
-            port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
-            #scheme: HTTPS
-            scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
-            httpHeaders:
-            - name: X-FromAppId
-              value: OOM_ReadinessCheck
-      {{ if .Values.global.installSidecarSecurity }}
-            - name: Authorization
-              value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
-      {{ end }}
-            - name: X-TransactionId
-              value: OOM_ReadinessCheck_TID
-            - name: Accept
-              value: application/json
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
-        resources:
-{{ include "common.resources" . }}
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
@@ -127,15 +105,10 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: aai-service-log
-          hostPath:
-            path: "/dev/log"
-        - name: haproxy-cfg
-          configMap:
-            name: aai-deployment-configmap
-        {{ include "common.certInitializer.volumes" . | nindent 8 }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: haproxy-config
+        configMap:
+          name: aai-deployment-configmap
+      - name: haproxy-etc
+        emptyDir:
+          sizeLimit: {{ .Values.volumes.haProxySizeLimit }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}