X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdmaap%2Fcomponents%2Fdmaap-dr-prov%2Ftemplates%2Fdeployment.yaml;h=325ca9f2a739cb21aa8d458e5227ccd19998c533;hb=7b9f363158f544a3dc9097d8c3753e6a3b29b764;hp=76a7348f5f3fc4aed29d052ffbbc101b1e832341;hpb=254abbc3238d1cc5ff625511af19ec16b44f9c7b;p=oom.git diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 76a7348f5f..325ca9f2a7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -32,16 +34,20 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} hostname: {{ .Values.global.dmaapDrProvName }} initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + securityContext: + runAsUser: 100 + runAsGroup: 65533 + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py args: - - --container-name - - {{ .Values.config.dmaapDrDb.mariadbContName }} + - --job-name + - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job env: - name: NAMESPACE valueFrom: @@ -53,7 +59,9 @@ spec: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - name: {{ include "common.name" . }}-permission-fixer - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + securityContext: + runAsUser: 0 + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] @@ -61,7 +69,7 @@ spec: {{ end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.config.dmaapDrProv.internalPort }} @@ -79,9 +87,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime @@ -93,7 +101,7 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} - name: {{ include "common.fullname" . }}-logs + name: logs resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -103,19 +111,10 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} - {{- end -}} + {{- end }} # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap/datarouter-prov + {{ include "common.log.sidecar" . | nindent 8 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: @@ -129,12 +128,8 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + {{ include "common.log.volumes" . | nindent 6 }} + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"