X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Foof%2Fcomponents%2Foof-has%2Fcomponents%2Foof-has-api%2Ftemplates%2Fdeployment.yaml;h=4e38c830f053a098cae9d9f9eb7cdae7879bc27c;hb=379daacca80d748ea9fee3c4185c828a9559b509;hp=1538b47343d708d13cdf333de49079d491afcd23;hpb=a8934e9feb874baf84a3dba697013d429e04f921;p=oom.git diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 1538b47343..4e38c830f0 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright (C) 2020 Wipro Limited. # Modifications Copyright © 2018 AT&T,VMware @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -42,32 +44,20 @@ spec: args: - --container-name - oof-has-controller + {{- if (include "common.needTLS" .) }} - --container-name - aaf-service + {{- end }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if (include "common.needTLS" .) }} - name: {{ include "common.name" . }}-has-sms-readiness command: - sh @@ -84,15 +74,16 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- end }} {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"] + command: ["/bin/sh","-c"] args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} @@ -110,7 +101,7 @@ spec: port: {{ .Values.uwsgi.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -121,14 +112,26 @@ spec: - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf + {{- if (include "common.needTLS" .) }} - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + {{- end }} resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" + image: {{ include "repositoryGenerator.image.nginx" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + {{- if (include "common.needTLS" .) }} + grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt + {{- end }} + /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} {{- if .Values.liveness.enabled }} @@ -151,6 +154,14 @@ spec: - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf + {{- if (include "common.needTLS" .) }} + - mountPath: /tmp/AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + - mountPath: /tmp/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -161,6 +172,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime @@ -176,7 +188,8 @@ spec: path: conductor.conf - key: log.conf path: log.conf - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{- if (include "common.needTLS" .) }} +{{ include "oof.certificate.volume" . | indent 8 }} +{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"