X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fmsb%2Fcomponents%2Fmsb-iag%2Ftemplates%2Fdeployment.yaml;h=c6cf2d150d88f024bfe07b971ee7fbd8a584e829;hb=8d87db21a4ba5e42076c0a7f11110dbec2afd608;hp=00dc6b69b353f1821f71960a3c17bcbef978cb75;hpb=fd2f8b8d029ea7e83da16d40cd023cebe4b2f75e;p=oom.git diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 00dc6b69b3..c6cf2d150d 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,29 +16,15 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -56,23 +43,19 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - containerPort: {{ .Values.service.internalPortHttps }} - name: {{ .Values.service.name }}-https + ports: {{- include "common.containerPorts" . | indent 10 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -83,19 +66,17 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + {{- if (include "common.needTLS" .) }} + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -107,32 +88,19 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap/msb/msb-iag - - mountPath: /opt/ajsc/etc/config/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml + {{ include "common.log.sidecar" . | nindent 8 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf + {{- if (include "common.needTLS" .) }} + - name: {{ include "common.fullname" . }}-nginx-conf configMap: - name: {{ include "common.release" . }}-msb-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + name: {{ include "common.fullname" . }}-nginx + {{- end }} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: localtime