kubernetes/aai/charts/aai-champ/templates/deployment.yaml

   1 # Copyright © 2018 Amdocs, AT&T
   2 # Modifications Copyright © 2018 Bell Canada
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: extensions/v1beta1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ .Release.Name }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   replicas: {{ .Values.replicaCount }}
  28   template:
  29     metadata:
  30       labels:
  31         app: {{ include "common.name" . }}
  32         release: {{ .Release.Name }}
  33     spec:
  34       initContainers:
  35         - command:
  36           - /root/ready.py
  37           args:
  38           - --container-name
  39           - aai-cassandra
  40           env:
  41           - name: NAMESPACE
  42             valueFrom:
  43               fieldRef:
  44                 apiVersion: v1
  45                 fieldPath: metadata.namespace
  46           image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
  47           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  48           name: {{ include "common.name" . }}-readiness
  49     {{ if .Values.global.installSidecarSecurity }}
  50         - name: {{ .Values.global.tproxyConfig.name }}
  51           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
  52           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  53           securityContext:
  54             privileged: true
  55     {{ end }}
  56       containers:
  57         - name: {{ include "common.name" . }}
  58           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  59           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  60           ports:
  61           - containerPort: {{ .Values.service.internalPort }}
  62           # disable liveness probe when breakpoints set in debugger
  63           # so K8s doesn't restart unresponsive container
  64           {{ if .Values.liveness.enabled }}
  65           livenessProbe:
  66             tcpSocket:
  67               port: {{ .Values.service.internalPort }}
  68             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  69             periodSeconds: {{ .Values.liveness.periodSeconds }}
  70           {{ end }}
  71           readinessProbe:
  72             tcpSocket:
  73               port: {{ .Values.service.internalPort }}
  74             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  75             periodSeconds: {{ .Values.readiness.periodSeconds }}
  76           env:
  77             - name: CONFIG_HOME
  78               value: "/opt/app/champ-service/appconfig"
  79             - name: GRAPHIMPL
  80               value: "janus-deps"
  81             - name: KEY_STORE_PASSWORD
  82               valueFrom:
  83                 secretKeyRef:
  84                   name: {{ template "common.fullname" . }}-pass
  85                   key: KEY_STORE_PASSWORD
  86             - name: KEY_MANAGER_PASSWORD
  87               valueFrom:
  88                 secretKeyRef:
  89                   name: {{ template "common.fullname" . }}-pass
  90                   key: KEY_MANAGER_PASSWORD
  91             - name: SERVICE_BEANS
  92               value: "/opt/app/champ-service/dynamic/conf"
  93           volumeMounts:
  94           - mountPath: /etc/localtime
  95             name: localtime
  96             readOnly: true
  97           - mountPath: /opt/app/champ-service/appconfig/champ-api.properties
  98             name: {{ include "common.fullname" . }}-config
  99             subPath: champ-api.properties
 100           - mountPath: /opt/app/champ-service/appconfig/auth
 101             name: {{ include "common.fullname" . }}-secrets
 102           - mountPath: /opt/app/champ-service/dynamic/conf/champ-beans.xml
 103             name: {{ include "common.fullname" . }}-dynamic-config
 104             subPath: champ-beans.xml
 105           - mountPath: /opt/app/champ-service/bundleconfig/etc/logback.xml
 106             name: {{ include "common.fullname" . }}-logback-config
 107             subPath: logback.xml
 108           - mountPath: /var/log/onap
 109             name: {{ include "common.fullname" . }}-logs
 110           resources:
 111 {{ include "common.resources" . }}
 112       {{- if .Values.nodeSelector }}
 113       nodeSelector:
 114 {{ toYaml .Values.nodeSelector | indent 8 }}
 115       {{- end -}}
 116       {{- if .Values.affinity }}
 117       affinity:
 118 {{ toYaml .Values.affinity | indent 8 }}
 119       {{- end }}
 120
 121         # side car containers
 122         - name: filebeat-onap
 123           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 124           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 125           volumeMounts:
 126           - mountPath: /usr/share/filebeat/filebeat.yml
 127             subPath: filebeat.yml
 128             name: filebeat-conf
 129           - mountPath: /var/log/onap
 130             name: {{ include "common.fullname" . }}-logs
 131           - mountPath: /usr/share/filebeat/data
 132             name: aai-filebeat
 133     {{ if .Values.global.installSidecarSecurity }}
 134         - name: {{ .Values.global.rproxy.name }}
 135           image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 136           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 137           env:
 138           - name: CONFIG_HOME
 139             value: "/opt/app/rproxy/config"
 140           - name: KEY_STORE_PASSWORD
 141             value: {{ .Values.config.keyStorePassword }}
 142           - name: spring_profiles_active
 143             value: {{ .Values.global.rproxy.activeSpringProfiles }}
 144           volumeMounts:
 145           - name: {{ include "common.fullname" . }}-rproxy-config
 146             mountPath: /opt/app/rproxy/config/forward-proxy.properties
 147             subPath: forward-proxy.properties
 148           - name: {{ include "common.fullname" . }}-rproxy-config
 149             mountPath: /opt/app/rproxy/config/primary-service.properties
 150             subPath: primary-service.properties
 151           - name: {{ include "common.fullname" . }}-rproxy-config
 152             mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 153             subPath: reverse-proxy.properties
 154           - name: {{ include "common.fullname" . }}-rproxy-config
 155             mountPath: /opt/app/rproxy/config/cadi.properties
 156             subPath: cadi.properties
 157           - name: {{ include "common.fullname" . }}-rproxy-log-config
 158             mountPath: /opt/app/rproxy/config/logback-spring.xml
 159             subPath: logback-spring.xml
 160           - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 161             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 162             subPath: uri-authorization.json
 163           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 164             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 165             subPath: tomcat_keystore
 166           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 167             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 168             subPath: client-cert.p12
 169           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 170             mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 171             subPath: org.onap.aai.p12
 172           - name: {{ include "common.fullname" . }}-rproxy-security-config
 173             mountPath: /opt/app/rproxy/config/security/keyfile
 174             subPath: keyfile
 175
 176           ports:
 177           - containerPort: {{ .Values.global.rproxy.port }}
 178
 179         - name: {{ .Values.global.fproxy.name }}
 180           image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 181           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 182           env:
 183           - name: CONFIG_HOME
 184             value: "/opt/app/fproxy/config"
 185           - name: KEY_STORE_PASSWORD
 186             value: {{ .Values.config.keyStorePassword }}
 187           - name: TRUST_STORE_PASSWORD
 188             value: {{ .Values.config.trustStorePassword }}
 189           - name: spring_profiles_active
 190             value: {{ .Values.global.fproxy.activeSpringProfiles }}
 191           volumeMounts:
 192           - name: {{ include "common.fullname" . }}-fproxy-config
 193             mountPath: /opt/app/fproxy/config/fproxy.properties
 194             subPath: fproxy.properties
 195           - name: {{ include "common.fullname" . }}-fproxy-log-config
 196             mountPath: /opt/app/fproxy/config/logback-spring.xml
 197             subPath: logback-spring.xml
 198           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 199             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 200             subPath: tomcat_keystore
 201           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 202             mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 203             subPath: fproxy_truststore
 204           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 205             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 206             subPath: client-cert.p12
 207           ports:
 208           - containerPort: {{ .Values.global.fproxy.port }}
 209     {{ end }}
 210
 211       volumes:
 212         - name: localtime
 213           hostPath:
 214             path: /etc/localtime
 215         - name: {{ include "common.fullname" . }}-config
 216           configMap:
 217             name: {{ include "common.fullname" . }}
 218             items:
 219             - key: champ-api.properties
 220               path: champ-api.properties
 221         - name: {{ include "common.fullname" . }}-secrets
 222           secret:
 223             secretName: {{ include "common.fullname" . }}-champ
 224         - name: {{ include "common.fullname" . }}-dynamic-config
 225           configMap:
 226             name: {{ include "common.fullname" . }}-dynamic
 227             items:
 228             - key: champ-beans.xml
 229               path: champ-beans.xml
 230         - name: {{ include "common.fullname" . }}-logs
 231           emptyDir: {}
 232         - name: {{ include "common.fullname" . }}-logback-config
 233           configMap:
 234             name: {{ include "common.fullname" . }}-log-configmap
 235             items:
 236             - key: logback.xml
 237               path: logback.xml
 238         - name: filebeat-conf
 239           configMap:
 240             name: aai-filebeat
 241         - name: aai-filebeat
 242           emptyDir: {}
 243     {{ if .Values.global.installSidecarSecurity }}
 244         - name: {{ include "common.fullname" . }}-rproxy-config
 245           configMap:
 246             name: {{ include "common.fullname" . }}-rproxy-config
 247         - name: {{ include "common.fullname" . }}-rproxy-log-config
 248           configMap:
 249             name: {{ include "common.fullname" . }}-rproxy-log-config
 250         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 251           configMap:
 252             name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 253         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 254           secret:
 255             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 256         - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 257           secret:
 258             secretName: aai-rproxy-auth-certs
 259         - name: {{ include "common.fullname" . }}-rproxy-security-config
 260           secret:
 261             secretName: aai-rproxy-security-config
 262         - name: {{ include "common.fullname" . }}-fproxy-config
 263           configMap:
 264             name: {{ include "common.fullname" . }}-fproxy-config
 265         - name: {{ include "common.fullname" . }}-fproxy-log-config
 266           configMap:
 267             name: {{ include "common.fullname" . }}-fproxy-log-config
 268         - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 269           secret:
 270             secretName: aai-fproxy-auth-certs
 271     {{ end }}
 272       imagePullSecrets:
 273       - name: "{{ include "common.namespace" . }}-docker-registry-key"