X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdcaegen2-services%2Fcommon%2Fdcaegen2-services-common%2Ftemplates%2F_deployment.tpl;h=b0c76a9b3a41a3c3b1d9a4069447e8f47802ec7c;hb=838ce7ea096c3dd52436803776764b2dd0b05971;hp=0b076ad08bed7de79c0907c6a2a75194bf5546d9;hpb=2b29be1363298b4824493fa83a3bef159cb53893;p=oom.git diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 0b076ad08b..b0c76a9b3a 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -1,7 +1,7 @@ {{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. # Copyright (c) 2021 Nordix Foundation. @@ -60,11 +60,19 @@ the the literal string "An example value". - name: {{ $envName }} value: {{ tpl $envValue $global | quote }} {{- else }} - {{ if or (not $envValue.secretUid) (not $envValue.key) }} - {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }} - {{- end }} + {{- if and (hasKey $envValue "externalSecret") ($envValue.externalSecret) }} +- name: {{ $envName }} + valueFrom: + secretKeyRef: + name: {{ tpl $envValue.externalSecretUid $global | quote }} + key: {{ tpl $envValue.key $global | quote }} + {{- else }} + {{ if or (not $envValue.secretUid) (not $envValue.key) }} + {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }} + {{- end }} - name: {{ $envName }} {{- include "common.secret.envFromSecretFast" (dict "global" $global "uid" $envValue.secretUid "key" $envValue.key) | indent 2 }} + {{- end }} {{- end -}} {{- end }} {{- end }} @@ -220,16 +228,6 @@ process into the microservice's configuration. See the documentation for the common DMaaP provisioning template (oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl). -If the microservice acts as a TLS client or server, the Deployment will -include an initContainer that retrieves certificate information from -the AAF certificate manager. The information is mounted at the -mount point specified in .Values.certDirectory. If the microservice is -a TLS server (indicated by setting .Values.tlsServer to true), the -certificate information will include a server cert and key, in various -formats. It will also include the AAF CA cert. If the microservice is -a TLS client only (indicated by setting .Values.tlsServer to false), the -certificate information includes only the AAF CA cert. - If the microservice uses certificates from an external CMPv2 provider, the Deployment will include an initContainer that performs certificate post-processing. @@ -238,12 +236,11 @@ post-processing. {{- define "dcaegen2-services-common.microserviceDeployment" -}} {{- $log := default dict .Values.log -}} {{- $logDir := default "" $log.path -}} -{{- $certDir := default "" .Values.certDirectory . -}} -{{- $tlsServer := default "" .Values.tlsServer -}} +{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}} {{- $commonRelease := print (include "common.release" .) -}} {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} -{{- $drFeedConfig := default "" .Values.drFeedConfig -}} +{{- $drNeedProvisioning := or .Values.drFeedConfig .Values.drSubConfig -}} {{- $dcaeName := print (include "common.fullname" .) }} {{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}} {{- $dot := . -}} @@ -257,25 +254,10 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: + {{- if .Values.readinessCheck }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} - {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} - {{- if $certDir }} - - name: init-tls - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: TLS_SERVER - value: {{ $tlsServer | quote }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - resources: {{ include "common.resources" . | nindent 2 }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: tls-info {{- end }} + {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} {{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }} containers: - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }} @@ -325,10 +307,10 @@ spec: {{- end }} {{- end }} {{- end }} - resources: {{ include "common.resources" . | nindent 2 }} + resources: {{ include "common.resources" . | nindent 10 }} volumeMounts: - mountPath: /app-config - name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }} + name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }} - mountPath: /app-config-input name: app-config-input {{- if $logDir }} @@ -388,14 +370,10 @@ spec: - name: POLICY_SYNC_DURATION value: "{{ $policy.duration }}" {{- end }} - resources: {{ include "common.resources" . | nindent 2 }} + resources: {{ include "common.resources" . | nindent 10 }} volumeMounts: - mountPath: /etc/policies name: policy-shared - {{- if $certDir }} - - mountPath: /opt/ca-certificates/ - name: tls-info - {{- end }} {{- end }} hostname: {{ include "common.name" . }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}