X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcontrib%2Fcomponents%2Fejbca%2Ftemplates%2Fdeployment.yaml;h=a36dcacb23f4b93c043d78777754e0feafeb0875;hb=8c26e59d30a185186cf33988a0dbb859409f73eb;hp=3034366b1a1fbfe19c2cb1cd1445e6b19b8f2a98;hpb=bc66941b310ea1f723453b010e1b49822ca4a13a;p=oom.git

diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 3034366b1a..a36dcacb23 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -22,7 +22,19 @@ spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+      {{- if (include "common.onServiceMesh" . ) }}
+      annotations:
+      {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+        linkerd.io/inject: disabled
+      {{- end }}
+      {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+        sidecar.istio.io/rewriteAppHTTPProbers: "false"
+        proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+      {{- end }}
+      {{- end }}
     spec:
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       initContainers:
       - name: {{ include "common.name" . }}-db-readiness
         command:
@@ -40,16 +52,20 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       containers:
       - name: {{ include "common.name" . }}-ejbca
-        image: {{ .Values.ejbca.image }}
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.ejbca.image }}
         imagePullPolicy: {{ .Values.pullPolicy }}
         lifecycle:
           postStart:
             exec:
-              command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+              command:
+                - sh
+                - -c
+                - |
+                  sleep 60; /opt/primekey/scripts/ejbca-config.sh
         volumeMounts:
           - name: "{{ include "common.fullname" . }}-volume"
             mountPath: /opt/primekey/scripts/
@@ -59,6 +75,8 @@ spec:
         env:
         - name: INITIAL_ADMIN
           value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+        - name: NO_CREATE_CA
+          value: "true"
         - name: DATABASE_JDBC_URL
           value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
         - name: DATABASE_USER
@@ -89,6 +107,8 @@ spec:
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
+        resources: {{ include "common.resources" . | nindent 10 }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - configMap:
           name: "{{ include "common.fullname" . }}-config-script"