kubernetes/aai/charts/aai-babel/templates/deployment.yaml

   1 # Copyright © 2018 Amdocs, AT&T
   2 # Modifications Copyright © 2018 Bell Canada
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: extensions/v1beta1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ .Release.Name }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   replicas: {{ .Values.replicaCount }}
  28   template:
  29     metadata:
  30       labels:
  31         app: {{ include "common.name" . }}
  32         release: {{ .Release.Name }}
  33     spec:
  34     {{ if .Values.global.installSidecarSecurity }}
  35       hostAliases:
  36       - ip: {{ .Values.global.aaf.serverIp }}
  37         hostnames:
  38         - {{ .Values.global.aaf.serverHostname }}
  39
  40       initContainers:
  41         - name: {{ .Values.global.tproxyConfig.name }}
  42           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
  43           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  44           securityContext:
  45             privileged: true
  46     {{ end }}
  47       containers:
  48         - name: {{ include "common.name" . }}
  49           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  50           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  51           ports:
  52           - containerPort: {{ .Values.service.internalPort }}
  53           # disable liveness probe when breakpoints set in debugger
  54           # so K8s doesn't restart unresponsive container
  55           {{ if .Values.liveness.enabled }}
  56           livenessProbe:
  57             tcpSocket:
  58               port: {{ .Values.service.internalPort }}
  59             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  60             periodSeconds: {{ .Values.liveness.periodSeconds }}
  61           {{ end }}
  62           readinessProbe:
  63             tcpSocket:
  64               port: {{ .Values.service.internalPort }}
  65             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  66             periodSeconds: {{ .Values.readiness.periodSeconds }}
  67           env:
  68             - name: CONFIG_HOME
  69               value: /opt/app/babel/config
  70             - name: KEY_STORE_PASSWORD
  71               valueFrom:
  72                 secretKeyRef:
  73                   name: {{ template "common.fullname" . }}-pass
  74                   key: KEY_STORE_PASSWORD
  75             - name: KEY_MANAGER_PASSWORD
  76               valueFrom:
  77                 secretKeyRef:
  78                   name: {{ template "common.fullname" . }}-pass
  79                   key: KEY_MANAGER_PASSWORD
  80           volumeMounts:
  81           - mountPath: /etc/localtime
  82             name: localtime
  83             readOnly: true
  84           - mountPath: /opt/app/babel/config/artifact-generator.properties
  85             name: {{ include "common.fullname" . }}-config
  86             subPath: artifact-generator.properties
  87           - mountPath: /opt/app/babel/config/tosca-mappings.json
  88             name: {{ include "common.fullname" . }}-config
  89             subPath: tosca-mappings.json
  90           - mountPath: /opt/app/babel/config/babel-auth.properties
  91             name: {{ include "common.fullname" . }}-config
  92             subPath: babel-auth.properties
  93           - mountPath: /opt/app/babel/config/auth
  94             name: {{ include "common.fullname" . }}-secrets
  95           - mountPath: /var/log/onap
  96             name: {{ include "common.fullname" . }}-logs
  97           - mountPath: /opt/app/babel/config/logback.xml
  98             name: {{ include "common.fullname" . }}-config
  99             subPath: logback.xml
 100           resources:
 101 {{ include "common.resources" . }}
 102       {{- if .Values.nodeSelector }}
 103       nodeSelector:
 104 {{ toYaml .Values.nodeSelector | indent 8 }}
 105       {{- end -}}
 106       {{- if .Values.affinity }}
 107       affinity:
 108 {{ toYaml .Values.affinity | indent 8 }}
 109       {{- end }}
 110
 111         # side car containers
 112         - name: filebeat-onap
 113           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 114           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 115           volumeMounts:
 116           - mountPath: /usr/share/filebeat/filebeat.yml
 117             subPath: filebeat.yml
 118             name: filebeat-conf
 119           - mountPath: /var/log/onap
 120             name: {{ include "common.fullname" . }}-logs
 121           - mountPath: /usr/share/filebeat/data
 122             name: aai-filebeat
 123
 124     {{ if .Values.global.installSidecarSecurity }}
 125         - name: {{ .Values.global.rproxy.name }}
 126           image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 127           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 128           env:
 129           - name: CONFIG_HOME
 130             value: "/opt/app/rproxy/config"
 131           - name: KEY_STORE_PASSWORD
 132             value: {{ .Values.config.keyStorePassword }}
 133           - name: spring_profiles_active
 134             value: {{ .Values.global.rproxy.activeSpringProfiles }}
 135           volumeMounts:
 136           - name: {{ include "common.fullname" . }}-rproxy-config
 137             mountPath: /opt/app/rproxy/config/forward-proxy.properties
 138             subPath: forward-proxy.properties
 139           - name: {{ include "common.fullname" . }}-rproxy-config
 140             mountPath: /opt/app/rproxy/config/primary-service.properties
 141             subPath: primary-service.properties
 142           - name: {{ include "common.fullname" . }}-rproxy-config
 143             mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 144             subPath: reverse-proxy.properties
 145           - name: {{ include "common.fullname" . }}-rproxy-config
 146             mountPath: /opt/app/rproxy/config/cadi.properties
 147             subPath: cadi.properties
 148           - name: {{ include "common.fullname" . }}-rproxy-log-config
 149             mountPath: /opt/app/rproxy/config/logback-spring.xml
 150             subPath: logback-spring.xml
 151           - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 152             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 153             subPath: uri-authorization.json
 154           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 155             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 156             subPath: tomcat_keystore
 157           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 158             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 159             subPath: client-cert.p12
 160           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 161             mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
 162             subPath: aaf_truststore.jks
 163           - name: {{ include "common.fullname" . }}-rproxy-security-config
 164             mountPath: /opt/app/rproxy/config/security/keyfile
 165             subPath: keyfile
 166
 167           ports:
 168           - containerPort: {{ .Values.global.rproxy.port }}
 169
 170         - name: {{ .Values.global.fproxy.name }}
 171           image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 172           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 173           env:
 174           - name: CONFIG_HOME
 175             value: "/opt/app/fproxy/config"
 176           - name: KEY_STORE_PASSWORD
 177             value: {{ .Values.config.keyStorePassword }}
 178           - name: spring_profiles_active
 179             value: {{ .Values.global.fproxy.activeSpringProfiles }}
 180           volumeMounts:
 181           - name: {{ include "common.fullname" . }}-fproxy-config
 182             mountPath: /opt/app/fproxy/config/fproxy.properties
 183             subPath: fproxy.properties
 184           - name: {{ include "common.fullname" . }}-fproxy-log-config
 185             mountPath: /opt/app/fproxy/config/logback-spring.xml
 186             subPath: logback-spring.xml
 187           - name: {{ include "common.fullname" . }}-fproxy-auth-config
 188             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 189             subPath: tomcat_keystore
 190           - name: {{ include "common.fullname" . }}-fproxy-auth-config
 191             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 192             subPath: client-cert.p12
 193           ports:
 194           - containerPort: {{ .Values.global.fproxy.port }}
 195     {{ end }}
 196
 197       volumes:
 198         - name: localtime
 199           hostPath:
 200             path: /etc/localtime
 201         - name: {{ include "common.fullname" . }}-config
 202           configMap:
 203             name: {{ include "common.fullname" . }}-configmap
 204             items:
 205             - key: artifact-generator.properties
 206               path: artifact-generator.properties
 207             - key: tosca-mappings.json
 208               path: tosca-mappings.json
 209             - key: babel-auth.properties
 210               path: babel-auth.properties
 211             - key: logback.xml
 212               path: logback.xml
 213         - name: {{ include "common.fullname" . }}-secrets
 214           secret:
 215             secretName: {{ include "common.fullname" . }}-babel-secrets
 216         - name: filebeat-conf
 217           configMap:
 218             name: aai-filebeat
 219         - name: {{ include "common.fullname" . }}-logs
 220           emptyDir: {}
 221         - name: aai-filebeat
 222           emptyDir: {}
 223     {{ if .Values.global.installSidecarSecurity }}
 224         - name: {{ include "common.fullname" . }}-rproxy-config
 225           configMap:
 226             name: {{ include "common.fullname" . }}-rproxy-config
 227         - name: {{ include "common.fullname" . }}-rproxy-log-config
 228           configMap:
 229             name: {{ include "common.fullname" . }}-rproxy-log-config
 230         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 231           configMap:
 232             name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 233         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 234           secret:
 235             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 236         - name: {{ include "common.fullname" . }}-rproxy-security-config
 237           secret:
 238             secretName: {{ include "common.fullname" . }}-rproxy-security-config
 239         - name: {{ include "common.fullname" . }}-fproxy-config
 240           configMap:
 241             name: {{ include "common.fullname" . }}-fproxy-config
 242         - name: {{ include "common.fullname" . }}-fproxy-log-config
 243           configMap:
 244             name: {{ include "common.fullname" . }}-fproxy-log-config
 245         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 246           secret:
 247             secretName: {{ include "common.fullname" . }}-fproxy-auth-config
 248     {{ end }}
 249
 250       imagePullSecrets:
 251       - name: "{{ include "common.namespace" . }}-docker-registry-key"