kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml

   1 # Copyright © 2018 Amdocs, AT&T
   2 # Modifications Copyright © 2018 Bell Canada
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: extensions/v1beta1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ .Release.Name }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   replicas: {{ .Values.replicaCount }}
  28   template:
  29     metadata:
  30       labels:
  31         app: {{ include "common.name" . }}
  32         release: {{ .Release.Name }}
  33     spec:
  34     {{ if .Values.global.installSidecarSecurity }}
  35       initContainers:
  36         - name: {{ .Values.global.tproxyConfig.name }}
  37           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
  38           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  39           securityContext:
  40             privileged: true
  41     {{ end }}
  42       containers:
  43         - name: {{ .Chart.Name }}
  44           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  45           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  46           ports:
  47           - containerPort: {{ .Values.service.internalPort }}
  48           # disable liveness probe when breakpoints set in debugger
  49           # so K8s doesn't restart unresponsive container
  50           {{ if .Values.liveness.enabled }}
  51           livenessProbe:
  52             tcpSocket:
  53               port: {{ .Values.service.internalPort }}
  54             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  55             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
  56             periodSeconds: {{ .Values.liveness.periodSeconds }}
  57           {{ end }}
  58           readinessProbe:
  59             tcpSocket:
  60               port: {{ .Values.service.internalPort }}
  61             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  62             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
  63             periodSeconds: {{ .Values.readiness.periodSeconds }}
  64           env:
  65             - name: CONFIG_HOME
  66               value: /opt/app/crud-service/config/
  67             - name: KEY_STORE_PASSWORD
  68               valueFrom:
  69                 secretKeyRef:
  70                   name: {{ template "common.fullname" . }}-pass
  71                   key: KEY_STORE_PASSWORD
  72             - name: KEY_MANAGER_PASSWORD
  73               valueFrom:
  74                 secretKeyRef:
  75                   name: {{ template "common.fullname" . }}-pass
  76                   key: KEY_MANAGER_PASSWORD
  77             - name: SERVICE_BEANS
  78               value: /opt/app/crud-service/dynamic/conf
  79           volumeMounts:
  80           - mountPath: /etc/localtime
  81             name: localtime
  82             readOnly: true
  83           - mountPath: /opt/app/crud-service/config/crud-api.properties
  84             subPath: crud-api.properties
  85             name: {{ include "common.fullname" . }}-config
  86           - mountPath: /opt/app/crud-service/config/schema-ingest.properties
  87             subPath: schema-ingest.properties
  88             name: {{ include "common.fullname" . }}-config
  89           - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties
  90             subPath: edgeprops-ingest.properties
  91             name: {{ include "common.fullname" . }}-config
  92           - mountPath: /opt/app/crud-service/config/model/
  93             name: {{ include "common.fullname" . }}-model-config
  94           - mountPath: /opt/app/crud-service/config/auth
  95             name: {{ include "common.fullname" . }}-auth-secret
  96           - mountPath: /opt/app/crud-service/dynamic/conf/crud-beans.xml
  97             name: {{ include "common.fullname" . }}-config
  98             subPath: crud-beans.xml
  99           - mountPath: /var/log/onap
 100             name: {{ include "common.fullname" . }}-logs
 101           - mountPath: /opt/app/crud-api/bundleconfig/etc/logback.xml
 102             name: {{ include "common.fullname" . }}-logback-config
 103             subPath: logback.xml
 104           resources:
 105 {{ include "common.resources" . }}
 106       {{- if .Values.nodeSelector }}
 107       nodeSelector:
 108 {{ toYaml .Values.nodeSelector | indent 8 }}
 109       {{- end -}}
 110       {{- if .Values.affinity }}
 111       affinity:
 112 {{ toYaml .Values.affinity | indent 8 }}
 113       {{- end }}
 114
 115         - name: filebeat-onap
 116           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 117           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 118           volumeMounts:
 119           - mountPath: /usr/share/filebeat/filebeat.yml
 120             name: filebeat-conf
 121             subPath: filebeat.yml
 122           - mountPath: /var/log/onap
 123             name: {{ include "common.fullname" . }}-logs
 124           - mountPath: /usr/share/filebeat/data
 125             name: {{ include "common.fullname" . }}-data-filebeat
 126
 127     {{ if .Values.global.installSidecarSecurity }}
 128         - name: {{ .Values.global.rproxy.name }}
 129           image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 130           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 131           env:
 132           - name: CONFIG_HOME
 133             value: "/opt/app/rproxy/config"
 134           - name: KEY_STORE_PASSWORD
 135             value: {{ .Values.config.keyStorePassword }}
 136           - name: spring_profiles_active
 137             value: {{ .Values.global.rproxy.activeSpringProfiles }}
 138           volumeMounts:
 139           - name: {{ include "common.fullname" . }}-rproxy-config
 140             mountPath: /opt/app/rproxy/config/forward-proxy.properties
 141             subPath: forward-proxy.properties
 142           - name: {{ include "common.fullname" . }}-rproxy-config
 143             mountPath: /opt/app/rproxy/config/primary-service.properties
 144             subPath: primary-service.properties
 145           - name: {{ include "common.fullname" . }}-rproxy-config
 146             mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 147             subPath: reverse-proxy.properties
 148           - name: {{ include "common.fullname" . }}-rproxy-config
 149             mountPath: /opt/app/rproxy/config/cadi.properties
 150             subPath: cadi.properties
 151           - name: {{ include "common.fullname" . }}-rproxy-log-config
 152             mountPath: /opt/app/rproxy/config/logback-spring.xml
 153             subPath: logback-spring.xml
 154           - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 155             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 156             subPath: uri-authorization.json
 157           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 158             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 159             subPath: tomcat_keystore
 160           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 161             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 162             subPath: client-cert.p12
 163           - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 164             mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 165             subPath: org.onap.aai.p12
 166           - name: {{ include "common.fullname" . }}-rproxy-security-config
 167             mountPath: /opt/app/rproxy/config/security/keyfile
 168             subPath: keyfile
 169
 170           ports:
 171           - containerPort: {{ .Values.global.rproxy.port }}
 172
 173         - name: {{ .Values.global.fproxy.name }}
 174           image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 175           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 176           env:
 177           - name: CONFIG_HOME
 178             value: "/opt/app/fproxy/config"
 179           - name: KEY_STORE_PASSWORD
 180             value: {{ .Values.config.keyStorePassword }}
 181           - name: TRUST_STORE_PASSWORD
 182             value: {{ .Values.config.trustStorePassword }}
 183           - name: spring_profiles_active
 184             value: {{ .Values.global.fproxy.activeSpringProfiles }}
 185           volumeMounts:
 186           - name: {{ include "common.fullname" . }}-fproxy-config
 187             mountPath: /opt/app/fproxy/config/fproxy.properties
 188             subPath: fproxy.properties
 189           - name: {{ include "common.fullname" . }}-fproxy-log-config
 190             mountPath: /opt/app/fproxy/config/logback-spring.xml
 191             subPath: logback-spring.xml
 192           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 193             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 194             subPath: tomcat_keystore
 195           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 196             mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 197             subPath: fproxy_truststore
 198           - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 199             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 200             subPath: client-cert.p12
 201           ports:
 202           - containerPort: {{ .Values.global.fproxy.port }}
 203     {{ end }}
 204
 205       volumes:
 206         - name: localtime
 207           hostPath:
 208             path: /etc/localtime
 209         - name: {{ include "common.fullname" . }}-data-filebeat
 210           emptyDir: {}
 211         - name: filebeat-conf
 212           configMap:
 213             name: {{ include "common.fullname" . }}-filebeat-configmap
 214         - name: {{ include "common.fullname" . }}-logs
 215           emptyDir: {}
 216         - name: {{ include "common.fullname" . }}-auth-secret
 217           secret:
 218             secretName: {{ include "common.fullname" . }}-auth
 219         - name: {{ include "common.fullname" . }}-config
 220           configMap:
 221             name: {{ include "common.fullname" . }}-configmap
 222             items:
 223             - key: crud-api.properties
 224               path: crud-api.properties
 225             - key: schema-ingest.properties
 226               path: schema-ingest.properties
 227             - key: edgeprops-ingest.properties
 228               path: edgeprops-ingest.properties
 229             - key: crud-beans.xml
 230               path: crud-beans.xml
 231         - name: {{ include "common.fullname" . }}-logback-config
 232           configMap:
 233             name: {{ include "common.fullname" . }}-log-configmap
 234             items:
 235             - key: logback.xml
 236               path: logback.xml
 237         - name: {{ include "common.fullname" . }}-model-config
 238           configMap:
 239             name: {{ include "common.fullname" . }}-model-configmap
 240     {{ if .Values.global.installSidecarSecurity }}
 241         - name: {{ include "common.fullname" . }}-rproxy-config
 242           configMap:
 243             name: {{ include "common.fullname" . }}-rproxy-config
 244         - name: {{ include "common.fullname" . }}-rproxy-log-config
 245           configMap:
 246             name: {{ include "common.fullname" . }}-rproxy-log-config
 247         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 248           configMap:
 249             name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 250         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 251           secret:
 252             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 253         - name: {{ include "common.fullname" . }}-rproxy-auth-certs
 254           secret:
 255             secretName: aai-rproxy-auth-certs
 256         - name: {{ include "common.fullname" . }}-rproxy-security-config
 257           secret:
 258             secretName: aai-rproxy-security-config
 259         - name: {{ include "common.fullname" . }}-fproxy-config
 260           configMap:
 261             name: {{ include "common.fullname" . }}-fproxy-config
 262         - name: {{ include "common.fullname" . }}-fproxy-log-config
 263           configMap:
 264             name: {{ include "common.fullname" . }}-fproxy-log-config
 265         - name: {{ include "common.fullname" . }}-fproxy-auth-certs
 266           secret:
 267             secretName: aai-fproxy-auth-certs
 268     {{ end }}
 269
 270       imagePullSecrets:
 271       - name: "{{ include "common.namespace" . }}-docker-registry-key"