X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fso%2Ftemplates%2Fdeployment.yaml;h=d378cae606e02bb31e10bd6e9efa0ca394f7ba32;hb=b1ee058f941a9c9ff27467054d98b8a56c988797;hp=c0ac078039f53f42da1f500af6f6cf051621b239;hpb=512bafc2e717582ac9d4ac1aa6660a1edf2ec90e;p=oom.git

diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index c0ac078039..d378cae606 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
@@ -21,6 +21,9 @@ metadata:
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ include "common.release" . }}
 spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
   replicas: {{ index .Values.replicaCount }}
   minReadySeconds: {{ index .Values.minReadySeconds }}
   strategy:
@@ -35,8 +38,10 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       initContainers:
-      - command:
-        - /root/job_complete.py
+      {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+      - name: {{ include "common.name" . }}-readiness
+        command:
+        - /app/ready.py
         args:
         - --job-name
         - {{ include "common.release" . }}-so-mariadb-config-job
@@ -46,14 +51,25 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        resources: {{ include "common.resources" . | nindent 12 }}
+        {{- if .Values.global.aafEnabled }}
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+          {{- if .Values.global.security.aaf.enabled }}
+          export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+          {{- end }}
+          /app/start-app.sh
+        {{- end }}
         env:
         - name: DB_HOST
           valueFrom:
@@ -66,46 +82,19 @@ spec:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.readwrite.port
         - name: DB_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.rolename
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.password
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
         - name: DB_ADMIN_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.admin.rolename
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.admin.password
-         {{- if eq .Values.global.security.aaf.enabled true }}
-        - name: TRUSTSTORE
-          value: /app/org.onap.so.trust.jks
-        - name: TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: trustStorePassword
-        - name: KEYSTORE
-          value: /app/org.onap.so.jks
-        - name: KEYSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name}}-so-client-certs-secret
-              key: keyStorePassword
-        {{- end }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+        {{ include "so.certificates.env" . | indent 8 | trim }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -113,7 +102,7 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
@@ -132,7 +121,7 @@ spec:
           mountPath: /var/log/onap/so
         - name: {{ include "common.fullname" . }}-logs
           mountPath: /var/log/onap
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config