X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2-services%2Fcommon%2Fdcaegen2-services-common%2Ftemplates%2F_deployment.tpl;h=6c742c07defb1e3665f7cc4e2dcfa324806b0298;hb=f86f62974f0937fe5cd7fea12f180a546956c04b;hp=ef846034d0ff8a56bdc3fec96d0b98aa53cbea3f;hpb=f91c26bb28e7ee59ccc941647190c18257f23a01;p=oom.git

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index ef846034d0..6c742c07de 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -33,7 +33,7 @@ provided to all microservices.
 The template expects a single argument, pointing to the caller's global context.
 
 Microservice-specific environment variables can be specified in two ways:
-  1. As literal string values.
+  1. As literal string values. (The values can also be Helm template fragments.)
   2. As values that are sourced from a secret, identified by the secret's
      uid and the key within the secret that provides the value.
 
@@ -58,7 +58,7 @@ the the literal string "An example value".
     {{- range $envName, $envValue := .Values.applicationEnv }}
       {{- if kindIs "string" $envValue }}
 - name: {{ $envName }}
-  value: {{ $envValue | quote }}
+  value: {{ tpl $envValue $global | quote }}
       {{- else }}
         {{ if or (not $envValue.secretUid) (not $envValue.key) }}
           {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
@@ -180,28 +180,6 @@ The sidecar is included if .Values.log.path is set.  The
 logging sidecar and the DCAE microservice container share a
 volume where the microservice logs are written.
 
-The Deployment includes an initContainer that pushes the
-microservice's initial configuration (from .Values.applicationConfig)
-into Consul.  All DCAE microservices retrieve their initial
-configurations by making an API call to a DCAE platform component called
-the  config-binding-service.  The config-binding-service currently
-retrieves configuration information from Consul.
-
-The Deployment also includes an initContainer that checks for the
-readiness of other components that the microservice relies on.
-This container is generated by the "common.readinessCheck.waitfor"
-template.
-
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager.  The information is mounted at the
-mount point specified in .Values.certDirectory.  If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats.  It will also include the AAF CA cert.   If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
 Deployed POD may also include a Policy-sync sidecar container.
 The sidecar is included if .Values.policies is set.  The
 Policy-sync sidecar polls PolicyEngine (PDP) periodically based
@@ -219,6 +197,35 @@ policies:
   policyRelease: "onap"
   policyID: |
     '["onap.vfirewall.tca","onap.vdns.tca"]'
+
+The Deployment includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template. See the documentation for this template
+(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl).
+
+If the microservice uses a DMaaP Data Router (DR) feed, the Deployment
+includes an initContainer that makes provisioning requests to the DMaaP
+bus controller (dmaap-bc) to create the feed and to set up a publisher
+and/or subscriber to the feed.  The Deployment also includes a second
+initContainer that merges the information returned by the provisioning
+process into the microservice's configuration.  See the documentation for
+the common DMaaP provisioning template
+(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager.  The information is mounted at the
+mount point specified in .Values.certDirectory.  If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats.  It will also include the AAF CA cert.   If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+
+If the microservice uses certificates from an external CMPv2 provider,
+the Deployment will include an initContainer that performs certificate
+post-processing.
 */}}
 
 {{- define "dcaegen2-services-common.microserviceDeployment" -}}
@@ -243,45 +250,8 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
-      {{- if not $drFeedConfig }}
-      - command:
-        - sh
-        args:
-        - -c
-        - |
-        {{- range $var := .Values.customEnvVars }}
-          export {{ $var.name }}="{{ $var.value }}";
-        {{- end }}
-          cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
-        env:
-        {{- range $cred := .Values.credentials }}
-        - name: {{ $cred.name }}
-          {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
-        {{- end }}
-        volumeMounts:
-        - mountPath: /config-input
-          name: app-config-input
-        - mountPath: /config
-          name: app-config
-        image: {{ include "repositoryGenerator.image.envsubst" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-update-config
-      {{- end }}
       {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
       {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
-      - name: init-consul
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        args:
-        - --key-yaml
-        - "{{ include "common.name" . }}|/app-config/application_config.yaml"
-        env:
-        - name: CONSUL_HOST
-          value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }}
-        resources: {{ include "common.resources" . | nindent 2 }}
-        volumeMounts:
-          - mountPath: /app-config
-            name: app-config
       {{- if $certDir }}
       - name: init-tls
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
@@ -351,7 +321,7 @@ spec:
         resources: {{ include "common.resources" . | nindent 2 }}
         volumeMounts:
         - mountPath: /app-config
-          name: app-config
+          name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
         - mountPath: /app-config-input
           name: app-config-input
         {{- if $logDir }}
@@ -386,12 +356,12 @@ spec:
         - name: POLICY_SYNC_PDP_USER
           valueFrom:
             secretKeyRef:
-              name: {{ $policyRls }}-policy-xacml-pdp-api-creds
+              name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
               key: login
         - name: POLICY_SYNC_PDP_PASS
           valueFrom:
             secretKeyRef:
-              name: {{ $policyRls }}-policy-xacml-pdp-api-creds
+              name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
               key: password
         - name: POLICY_SYNC_PDP_URL
           value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969