X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fsdc%2Fcharts%2Fsdc-onboarding-be%2Ftemplates%2Fdeployment.yaml;h=108c781f549792d08be4a5f792d05588922cb358;hb=276812c91c17e56f02760f2da657c598abbc881e;hp=89ded83b93160990ba4907d7067205f85c8e0a13;hpb=84a5f1939121fb6f9fc694056aa25aeb1884570b;p=oom.git diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 89ded83b93..108c781f54 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -21,7 +21,7 @@ metadata: labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} @@ -29,7 +29,7 @@ spec: metadata: labels: app: {{ include "common.name" . }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} spec: initContainers: - name: {{ include "common.name" . }}-job-completion @@ -39,13 +39,50 @@ spec: - /root/job_complete.py args: - --job-name - - {{ .Release.Name }}-sdc-onboarding-be-cassandra-init + - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "/onboard/cert" containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -55,17 +92,22 @@ spec: - containerPort: {{ .Values.service.internalPort2 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + exec: + command: + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: command: - - "/var/lib/ready-probe.sh" + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + resources: +{{ include "common.resources" . | indent 12 }} env: - name: ENVNAME value: {{ .Values.global.env.name }} @@ -81,13 +123,21 @@ spec: fieldPath: status.podIP - name: SDC_USER valueFrom: - secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user} + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} - name: SDC_PASSWORD valueFrom: - secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password} + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + - name: SDC_CERT_DIR + value: {{ .Values.cert.certDir }} volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + - name: sdc-environments-output + mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -96,21 +146,12 @@ spec: - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" @@ -127,9 +168,12 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: - name: {{ .Release.Name }}-sdc-filebeat-configmap + name: {{ include "common.release" . }}-sdc-filebeat-configmap - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-logback @@ -137,9 +181,14 @@ spec: name : {{ include "common.fullname" . }}-logging-configmap - name: {{ include "common.fullname" . }}-environments configMap: - name: {{ .Release.Name }}-sdc-environments-configmap + name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 + - name: sdc-environments-output + emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-cert-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"