X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-pap%2Ftemplates%2Fdeployment.yaml;h=9ca8b84a476bc6d261e490ab46ff867f7999571f;hb=HEAD;hp=a756beed34f63784e8e8cf4ef29b8569d082b8b0;hpb=1cc39a8f467a4744293b0776c51d280a4820544e;p=oom.git diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index a756beed34..9ca8b84a47 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,5 +1,7 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2022 Bell Canada. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +17,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -30,16 +33,26 @@ spec: - /app/ready.py args: - --job-name +{{ if not .Values.global.postgres.localCluster }} - {{ include "common.release" . }}-policy-galera-config - env: +{{ else }} + - {{ include "common.release" . }}-policy-pg-config +{{ end }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-db-readiness + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" - command: - sh args: @@ -62,32 +75,28 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config volumeMounts: - mountPath: /config-input name: papconfig - mountPath: /config name: papconfig-processed - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["bash","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] -{{- else }} - command: ["/opt/app/policy/pap/bin/policy-pap.sh"] - args: ["/opt/app/policy/pap/etc/mounted/config.json"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} + + command: [ "/bin/sh", "-cx" ] + args: + - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml; + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -99,19 +108,22 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: + path: {{ .Values.readiness.api }} port: {{ .Values.readiness.port }} + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} + scheme: "HTTP" + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted name: papconfig-processed - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -120,11 +132,8 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - name: papconfig configMap: name: {{ include "common.fullname" . }}-configmap @@ -132,5 +141,4 @@ spec: - name: papconfig-processed emptyDir: medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }}