X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-drools-pdp%2Ftemplates%2Fstatefulset.yaml;h=ba0e2d1a4138a724b75c2426af7f54e573188644;hb=HEAD;hp=7dee453771c2b3d592c7d1e2aa862c5120fdcbd2;hpb=8c34e5299873364dcfa7dc3b5a450ad4aa1d236f;p=oom.git diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml old mode 100755 new mode 100644 index 7dee453771..d7bcccf121 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,6 +1,8 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property +# Modifications Copyright (C) 2024-2025 Nordix Foundation. +# Modifications Copyright © 2024-2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,70 +19,87 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- if not .Values.nexus.offline }} - command: - /app/ready.py args: - - --job-name - - {{ include "common.release" . }}-policy-galera-config + - --service-name + - {{ .Values.nexus.name }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + - name: PAP_TOPIC + value: {{ .Values.config.app.listener.policyPdpPapTopic }} image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-db-readiness -{{- if not .Values.nexus.offline }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-readiness + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" +{{- end }} - command: - - /app/ready.py + - sh args: - - --container-name - - {{ .Values.nexus.name }} + - -c + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done env: - - name: NAMESPACE + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + {{- if .Values.global.useStrimziKafka }} + - name: JAASLOGIN valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + {{- end }} + volumeMounts: + - mountPath: /config-input + name: drools-config + - mountPath: /config + name: drools-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{- end }} -{{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] - args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ - /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} + args: + - ls /tmp/policy-install; + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: httpGet: @@ -92,7 +111,7 @@ spec: {{- end }} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -103,36 +122,58 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} - name: drools-secret - subPath: {{ base $path }} - {{- end }} - {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/etc/profile.d/base.conf + subPath: base.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/credentials.conf + subPath: credentials.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf + subPath: feature-pooling-messages.conf + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-lifecycle.properties + subPath: feature-lifecycle.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/engine-system.properties + subPath: engine-system.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-distributed-locking.properties + subPath: feature-distributed-locking.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/logback.xml + subPath: logback.xml name: drools-config - subPath: {{ base $path }} - {{- end }} - resources: -{{ include "common.resources" . }} + - mountPath: /opt/app/policy/config/settings.xml + subPath: settings.xml + name: drools-config-processed + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -142,6 +183,10 @@ spec: path: {{ base $path }} mode: 0755 {{- end }} + - name: drools-config-processed + emptyDir: + medium: Memory + sizeLimit: 64Mi - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret @@ -151,5 +196,4 @@ spec: path: {{ base $path }} mode: 0644 {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }}