X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fso%2Ftemplates%2Fdeployment.yaml;h=ad3a19f37e25e284ea7dce5afef3c7817e9e4aa1;hb=b1ee058f941a9c9ff27467054d98b8a56c988797;hp=d235545aa3a0c0e4c68082f8f3c055176b1bf12b;hpb=6fb58c9d01d89d405f8abf13f12f2d1bd1b2fcd9;p=oom.git diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index d235545aa3..d378cae606 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -19,8 +19,11 @@ metadata: labels: app: {{ include "common.fullname" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: @@ -32,113 +35,107 @@ spec: metadata: labels: app: {{ include "common.name" . }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} spec: initContainers: - - name: so-chown - image: alpine:3.6 - volumeMounts: - - name: logs - mountPath: /app/logs - imagePullPolicy: {{ index .Values.pullPolicy }} - command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /app/logs"] - restartPolicy: Always + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: - requests: - memory: {{ index .Values.resources.requests.memory}} - cpu: {{ index .Values.resources.requests.cpu}} - limits: - memory: {{ index .Values.resources.limits.memory}} - cpu: {{ index .Values.resources.limits.cpu}} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets + name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.host - name: DB_PORT valueFrom: secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets + name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-db-secrets - key: mariadb.admin.password - - name: CADI_KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-ssl-pwd-secret - key: cadi_keystore_password - - name: CADI_TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-ssl-pwd-secret - key: cadi_truststore_password - - name: MSO_KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-ssl-client-secret - key: keystore_password - - name: MSO_TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-ssl-client-secret - key: truststore_password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap - imagePullPolicy: {{ index .Values "global" "pullPolicy" }} - volumeMounts: + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - - name: certs - mountPath: /app/certs/ - readOnly: true - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - - name: certs - secret: - secretName: {{ .Release.Name}}-so-ssl-secret - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key"