X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fnbi%2Ftemplates%2Fdeployment.yaml;h=22dd4a1ded82983e886978e2fbf832856bdd64fd;hb=2123fec0a12f313c15e03efab0ce378d0308d78d;hp=1fad1fc5aa64aa64edf081b2ca3d640c17127bb0;hpb=69de2245d6d24d036cefe77bf381083659b66436;p=oom.git diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 1fad1fc5aa..fb60be2586 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -1,5 +1,7 @@ +{{/* # Copyright © 2018 Orange # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,53 +14,66 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.fullname" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: +{{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} +{{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store-type=PKCS12 \ + -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ + -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ + -Djavax.net.ssl.trustStoreType=jks\ + -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" + exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar + {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + path: {{ .Values.liveness.path }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + path: {{ .Values.readiness.path }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }} - name: SPRING_DATASOURCE_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} - name: SPRING_DATASOURCE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} - name: SPRING_DATA_MONGODB_HOST value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }} - name: SPRING_DATA_MONGODB_PORT @@ -71,16 +86,20 @@ spec: value: {{ .Values.config.openStackVNFTenantId | quote }} - name: ONAP_CLOUDOWNER value: {{ .Values.config.cloudOwner }} + - name: ONAP_K8SCLOUDREGIONID + value: {{ .Values.config.k8sCloudRegionId }} + - name: ONAP_K8SCLOUDOWNER + value: {{ .Values.config.k8sCloudOwner }} - name: NBI_URL - value: "http://nbi.{{ include "common.namespace" . }}:8080/nbi/api/v4" + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4" - name: SDC_HOST - value: "https://sdc-be.{{ include "common.namespace" . }}:8443" + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}" - name: SDC_HEADER_ECOMPINSTANCEID value: {{ .Values.config.ecompInstanceId }} - name: SDC_HEADER_AUTHORIZATION value: {{ .Values.sdc_authorization }} - name: AAI_HOST - value: "https://aai.{{ include "common.namespace" . }}:8443" + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}" - name: AAI_HEADER_AUTHORIZATION value: {{ .Values.aai_authorization }} - name: SO_HOST @@ -90,16 +109,16 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "https://message-router.{{ include "common.namespace" . }}:3905" + value: "http://message-router.{{ include "common.namespace" . }}:3904" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED - value: "true" + value: "{{ .Values.global.msbEnabled }}" - name: MSB_DISCOVERY_HOST value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -113,31 +132,10 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # side car containers - # - name: filebeat-onap - # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - # volumeMounts: - # - mountPath: /usr/share/filebeat/filebeat.yml - # name: filebeat-conf - # subPath: filebeat.yml - # - mountPath: /home/esr/works/logs - # name: esr-server-logs - # - mountPath: /usr/share/filebeat/data - # name: esr-server-filebeat - volumes: + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - # - name: filebeat-conf - # configMap: - # name: {{ include "common.fullname" . }}-esr-filebeat - # - name: esr-server-logs - # emptyDir: {} - # - name: esr-server-filebeat - # emptyDir: {} - # - name: esrserver-log - # configMap: - # name: {{ include "common.fullname" . }}-esr-esrserver-log imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"