kubernetes/aai/charts/aai-champ/templates/deployment.yaml

   1 # Copyright © 2018 Amdocs, AT&T
   2 # Modifications Copyright © 2018 Bell Canada
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: extensions/v1beta1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ .Release.Name }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   replicas: {{ .Values.replicaCount }}
  28   template:
  29     metadata:
  30       labels:
  31         app: {{ include "common.name" . }}
  32         release: {{ .Release.Name }}
  33     spec:
  34       initContainers:
  35         - command:
  36           - /root/ready.py
  37           args:
  38           - --container-name
  39           {{- if .Values.global.cassandra.localCluster }}
  40           - aai-cassandra
  41           {{- else }}
  42           - cassandra
  43           {{- end }}
  44           env:
  45           - name: NAMESPACE
  46             valueFrom:
  47               fieldRef:
  48                 apiVersion: v1
  49                 fieldPath: metadata.namespace
  50           image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
  51           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  52           name: {{ include "common.name" . }}-readiness
  53     {{ if .Values.global.installSidecarSecurity }}
  54         - name: {{ .Values.global.tproxyConfig.name }}
  55           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
  56           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  57           securityContext:
  58             privileged: true
  59     {{ end }}
  60       containers:
  61         - name: {{ include "common.name" . }}
  62           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  63           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  64           ports:
  65           - containerPort: {{ .Values.service.internalPort }}
  66           # disable liveness probe when breakpoints set in debugger
  67           # so K8s doesn't restart unresponsive container
  68           {{ if .Values.liveness.enabled }}
  69           livenessProbe:
  70             tcpSocket:
  71               port: {{ .Values.service.internalPort }}
  72             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  73             periodSeconds: {{ .Values.liveness.periodSeconds }}
  74           {{ end }}
  75           readinessProbe:
  76             tcpSocket:
  77               port: {{ .Values.service.internalPort }}
  78             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  79             periodSeconds: {{ .Values.readiness.periodSeconds }}
  80           env:
  81             - name: CONFIG_HOME
  82               value: "/opt/app/champ-service/appconfig"
  83             - name: GRAPHIMPL
  84               value: "janus-deps"
  85             - name: KEY_STORE_PASSWORD
  86               valueFrom:
  87                 secretKeyRef:
  88                   name: {{ template "common.fullname" . }}-pass
  89                   key: KEY_STORE_PASSWORD
  90             - name: KEY_MANAGER_PASSWORD
  91               valueFrom:
  92                 secretKeyRef:
  93                   name: {{ template "common.fullname" . }}-pass
  94                   key: KEY_MANAGER_PASSWORD
  95             - name: SERVICE_BEANS
  96               value: "/opt/app/champ-service/dynamic/conf"
  97           volumeMounts:
  98           - mountPath: /etc/localtime
  99             name: localtime
 100             readOnly: true
 101           - mountPath: /opt/app/champ-service/appconfig/champ-api.properties
 102             name: {{ include "common.fullname" . }}-config
 103             subPath: champ-api.properties
 104           - mountPath: /opt/app/champ-service/appconfig/auth
 105             name: {{ include "common.fullname" . }}-secrets
 106           - mountPath: /opt/app/champ-service/dynamic/conf/champ-beans.xml
 107             name: {{ include "common.fullname" . }}-dynamic-config
 108             subPath: champ-beans.xml
 109           - mountPath: /opt/app/champ-service/bundleconfig/etc/logback.xml
 110             name: {{ include "common.fullname" . }}-logback-config
 111             subPath: logback.xml
 112           - mountPath: /var/log/onap
 113             name: {{ include "common.fullname" . }}-logs
 114           resources:
 115 {{ include "common.resources" . }}
 116       {{- if .Values.nodeSelector }}
 117       nodeSelector:
 118 {{ toYaml .Values.nodeSelector | indent 8 }}
 119       {{- end -}}
 120       {{- if .Values.affinity }}
 121       affinity:
 122 {{ toYaml .Values.affinity | indent 8 }}
 123       {{- end }}
 124
 125         # side car containers
 126         - name: filebeat-onap
 127           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 128           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 129           volumeMounts:
 130           - mountPath: /usr/share/filebeat/filebeat.yml
 131             subPath: filebeat.yml
 132             name: filebeat-conf
 133           - mountPath: /var/log/onap
 134             name: {{ include "common.fullname" . }}-logs
 135           - mountPath: /usr/share/filebeat/data
 136             name: aai-filebeat
 137     {{ if .Values.global.installSidecarSecurity }}
 138         - name: {{ .Values.global.rproxy.name }}
 139           image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 140           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 141           env:
 142           - name: CONFIG_HOME
 143             value: "/opt/app/rproxy/config"
 144           - name: KEY_STORE_PASSWORD
 145             value: {{ .Values.config.keyStorePassword }}
 146           - name: spring_profiles_active
 147             value: {{ .Values.global.rproxy.activeSpringProfiles }}
 148           volumeMounts:
 149           - name: {{ include "common.fullname" . }}-rproxy-config
 150             mountPath: /opt/app/rproxy/config/forward-proxy.properties
 151             subPath: forward-proxy.properties
 152           - name: {{ include "common.fullname" . }}-rproxy-config
 153             mountPath: /opt/app/rproxy/config/primary-service.properties
 154             subPath: primary-service.properties
 155           - name: {{ include "common.fullname" . }}-rproxy-config
 156             mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 157             subPath: reverse-proxy.properties
 158           - name: {{ include "common.fullname" . }}-rproxy-config
 159             mountPath: /opt/app/rproxy/config/cadi.properties
 160             subPath: cadi.properties
 161           - name: {{ include "common.fullname" . }}-rproxy-log-config
 162             mountPath: /opt/app/rproxy/config/logback-spring.xml
 163             subPath: logback-spring.xml
 164           - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 165             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 166             subPath: uri-authorization.json
 167           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 168             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 169             subPath: tomcat_keystore
 170           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 171             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 172             subPath: client-cert.p12
 173           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 174             mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 175             subPath: org.onap.aai.p12
 176           - name: {{ include "common.fullname" . }}-rproxy-security-config
 177             mountPath: /opt/app/rproxy/config/security/keyfile
 178             subPath: keyfile
 179
 180           ports:
 181           - containerPort: {{ .Values.global.rproxy.port }}
 182
 183         - name: {{ .Values.global.fproxy.name }}
 184           image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 185           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 186           env:
 187           - name: CONFIG_HOME
 188             value: "/opt/app/fproxy/config"
 189           - name: KEY_STORE_PASSWORD
 190             value: {{ .Values.config.keyStorePassword }}
 191           - name: TRUST_STORE_PASSWORD
 192             value: {{ .Values.config.trustStorePassword }}
 193           - name: spring_profiles_active
 194             value: {{ .Values.global.fproxy.activeSpringProfiles }}
 195           volumeMounts:
 196           - name: {{ include "common.fullname" . }}-fproxy-config
 197             mountPath: /opt/app/fproxy/config/fproxy.properties
 198             subPath: fproxy.properties
 199           - name: {{ include "common.fullname" . }}-fproxy-log-config
 200             mountPath: /opt/app/fproxy/config/logback-spring.xml
 201             subPath: logback-spring.xml
 202           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 203             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 204             subPath: tomcat_keystore
 205           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 206             mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 207             subPath: fproxy_truststore
 208           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 209             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 210             subPath: client-cert.p12
 211           ports:
 212           - containerPort: {{ .Values.global.fproxy.port }}
 213     {{ end }}
 214
 215       volumes:
 216         - name: localtime
 217           hostPath:
 218             path: /etc/localtime
 219         - name: {{ include "common.fullname" . }}-config
 220           configMap:
 221             name: {{ include "common.fullname" . }}
 222             items:
 223             - key: champ-api.properties
 224               path: champ-api.properties
 225         - name: {{ include "common.fullname" . }}-secrets
 226           secret:
 227             secretName: {{ include "common.fullname" . }}-champ
 228         - name: {{ include "common.fullname" . }}-dynamic-config
 229           configMap:
 230             name: {{ include "common.fullname" . }}-dynamic
 231             items:
 232             - key: champ-beans.xml
 233               path: champ-beans.xml
 234         - name: {{ include "common.fullname" . }}-logs
 235           emptyDir: {}
 236         - name: {{ include "common.fullname" . }}-logback-config
 237           configMap:
 238             name: {{ include "common.fullname" . }}-log-configmap
 239             items:
 240             - key: logback.xml
 241               path: logback.xml
 242         - name: filebeat-conf
 243           configMap:
 244             name: aai-filebeat
 245         - name: aai-filebeat
 246           emptyDir: {}
 247     {{ if .Values.global.installSidecarSecurity }}
 248         - name: {{ include "common.fullname" . }}-rproxy-config
 249           configMap:
 250             name: {{ include "common.fullname" . }}-rproxy-config
 251         - name: {{ include "common.fullname" . }}-rproxy-log-config
 252           configMap:
 253             name: {{ include "common.fullname" . }}-rproxy-log-config
 254         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 255           configMap:
 256             name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 257         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 258           secret:
 259             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 260         - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 261           secret:
 262             secretName: aai-rproxy-auth-certs
 263         - name: {{ include "common.fullname" . }}-rproxy-security-config
 264           secret:
 265             secretName: aai-rproxy-security-config
 266         - name: {{ include "common.fullname" . }}-fproxy-config
 267           configMap:
 268             name: {{ include "common.fullname" . }}-fproxy-config
 269         - name: {{ include "common.fullname" . }}-fproxy-log-config
 270           configMap:
 271             name: {{ include "common.fullname" . }}-fproxy-log-config
 272         - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 273           secret:
 274             secretName: aai-fproxy-auth-certs
 275     {{ end }}
 276       imagePullSecrets:
 277       - name: "{{ include "common.namespace" . }}-docker-registry-key"