X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2%2Fcharts%2Fdcae-cloudify-manager%2Ftemplates%2Fdeployment.yaml;h=b3e90a2efb1419a509dd8034eeb7e7d53165bc35;hb=a4535c94d838cd0d784fd14ff8497be878c81176;hp=acda520192b851395054ead22a5e8cbfe06abd25;hpb=8963971fbd05605e7976d124c397a25290242fd6;p=oom.git

diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index acda520192..b3e90a2efb 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -1,7 +1,7 @@
 #============LICENSE_START========================================================
 # ================================================================================
 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Copyright Â© 2018 Amdocs, Bell Canada
+# Modifications Copyright Â© 2018 Amdocs, Bell Canada
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -34,10 +34,44 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+      # host alias allows local 'cfy' command to use https and match
+      # the host name in the certificate
+      hostAliases:
+      - ip: "127.0.0.1"
+        hostnames:
+        - "dcae-cloudify-manager"
+      initContainers:
+      - name: {{ include "common.name" . }}-multisite-init
+        image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+          - --namespace
+          - {{ include "common.namespace" . }}
+          - --configmap
+          - {{ .Values.multisiteConfigMapName }}
+        restartPolicy: Never
+      - name: init-tls
+        env:
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.podIP
+        image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources: {}
+        volumeMounts:
+            - mountPath: /opt/tls/shared
+              name: tls-info
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+            - name: REQUESTS_CA_BUNDLE
+              value: "/opt/onap/certs/cacert.pem"
+          resources:
+{{ include "common.resources" . | indent 12 }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -48,10 +82,11 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
+          {{ end }}
           readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.internalPort }}
+            exec:
+              command:
+              - /scripts/readiness-check.sh
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
@@ -59,6 +94,9 @@ spec:
             subPath: config.txt
             name: {{ include "common.fullname" .}}-config
             readOnly: true
+          - mountPath: /opt/onap/kube
+            name: {{ include "common.fullname" .}}-kubeconfig
+            readOnly: true
           - mountPath: /secret
             name: dcae-token
             readOnly: true
@@ -68,22 +106,19 @@ spec:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
+          - mountPath: /cfy-persist
+            name: cm-persistent
+          - mountPath: /opt/onap/certs
+            name: tls-info
           securityContext:
             privileged: True
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                - bash
-                - "-c"
-                - |
-                  set -ex
-                  mkdir -p /var/run/secrets/kubernetes.io/
-                  ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
       volumes:
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}-configmap
+        - name: {{ include "common.fullname" .}}-kubeconfig
+          configMap:
+            name: {{ .Values.multisiteConfigMapName }}
         - name: dcae-token
           secret:
             secretName: dcae-token
@@ -93,5 +128,10 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: cm-persistent
+          persistentVolumeClaim:
+            claimName: {{ include "common.fullname" . }}-data
+        - emptyDir: {}
+          name: tls-info
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"