X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fdmaap%2Fcomponents%2Fmessage-router%2Ftemplates%2Fstatefulset.yaml;h=ede6cb025e5f0d3137e36d934773f457b2940831;hb=HEAD;hp=e936ed2fb69ddbea8b5de2c2c2e525f6c80db10d;hpb=9ad94aaf081f1fe5b69cc4bea9d90577dd07aa17;p=oom.git diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index e936ed2fb6..ede6cb025e 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -1,6 +1,8 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021-2022 Nordix Foundation +# Modifications Copyright © 2023 DTAG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,49 +23,11 @@ metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} + replicas: 1 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.kafka.name }} - - --container-name - - {{ .Values.zookeeper.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - {{- if .Values.prometheus.jmx.enabled }} - - name: prometheus-jmx-exporter - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - java - - -XX:+UnlockExperimentalVMOptions - - -XX:+UseCGroupMemoryLimitForHeap - - -XX:MaxRAMFraction=1 - - -XshowSettings:vm - - -jar - - jmx_prometheus_httpserver.jar - - {{ .Values.prometheus.jmx.port | quote }} - - /etc/jmx-kafka/jmx-mrservice-prometheus.yml - ports: - - containerPort: {{ .Values.prometheus.jmx.port }} - resources: - volumeMounts: - - name: jmx-config - mountPath: /etc/jmx-kafka - {{- end }} - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -75,53 +39,118 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} readinessProbe: tcpSocket: port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + startupProbe: + tcpSocket: + port: {{ .Values.startup.port }} + initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} + successThreshold: {{ .Values.startup.successThreshold }} + failureThreshold: {{ .Values.startup.failureThreshold }} env: + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: strimzi-kafka-admin + key: sasl.jaas.config + - name: SASLMECH + value: scram-sha-512 - name: enableCadi - value: "{{ .Values.global.aafEnabled }}" + value: "true" + - name: useZkTopicStore + value: "false" volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties - subPath: MsgRtrApi.properties - name: appprops - - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml - subPath: logback.xml - name: logback - - mountPath: /appl/dmaapMR1/etc/cadi.properties - subPath: cadi.properties - name: cadi - - mountPath: /appl/dmaapMR1/etc/keyfile - subPath: mykey - name: mykey + - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + subPath: MsgRtrApi.properties + name: appprops + - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml + subPath: logback.xml + name: logback resources: {{ include "common.resources" . | nindent 12 }} + - name: {{ .Values.zkTunnelService.name }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /opt/stunnel/stunnel_run.sh + ports: + - containerPort: {{ .Values.zkTunnelService.internalPort }} + name: {{ .Values.zkTunnelService.portName }} + protocol: {{ .Values.zkTunnelService.protocol }} + env: + - name: LOG_LEVEL + value: {{ .Values.zkTunnelService.logLevel }} + - name: STRIMZI_ZOOKEEPER_CONNECT + value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}' + livenessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /etc/cluster-operator-certs/ + name: cluster-operator-certs + - mountPath: /etc/cluster-ca-certs/ + name: cluster-ca-certs + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: appprops configMap: name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap - name: logback configMap: name: {{ include "common.fullname" . }}-logback-xml-configmap - - name: cadi - configMap: - name: {{ include "common.fullname" . }}-cadi-prop-configmap - {{- if .Values.prometheus.jmx.enabled }} - - name: jmx-config - configMap: - name: {{ include "common.fullname" . }}-prometheus-configmap - {{- end }} - - name: mykey + - name: cluster-operator-certs secret: - secretName: {{ include "common.fullname" . }}-secret - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + defaultMode: 288 + secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs + - name: cluster-ca-certs + secret: + defaultMode: 288 + secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert + {{- include "common.imagePullSecrets" . | nindent 6 }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "common.fullname" . }}-zk-network-policy + namespace: {{ include "common.namespace" . }} +spec: + podSelector: + matchLabels: + strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "common.name" . }} + ports: + - port: {{ .Values.zkTunnelService.internalPort }} + protocol: {{ .Values.zkTunnelService.protocol }} + policyTypes: + - Ingress