kubernetes/aai/charts/aai-resources/templates/deployment.yaml

   1 # Copyright © 2017 Amdocs, Bell Canada
   2 # Modifications Copyright © 2018 AT&T
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: extensions/v1beta1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ .Release.Name }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   replicas: {{ .Values.replicaCount }}
  28   selector:
  29     matchLabels:
  30       app: {{ include "common.name" . }}
  31   template:
  32     metadata:
  33       labels:
  34         app: {{ include "common.name" . }}
  35         release: {{ .Release.Name }}
  36       name: {{ include "common.name" . }}
  37       annotations:
  38         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  39         msb.onap.org/service-info: '[
  40           {
  41               "serviceName": "_aai-cloudInfrastructure",
  42               "version": "v11",
  43               "url": "/aai/v11/cloud-infrastructure",
  44               "protocol": "REST",
  45               "port": "8447",
  46               "enable_ssl": true,
  47               "lb_policy":"ip_hash",
  48               "visualRange": "1",
  49               "path": "/aai/v11/cloud-infrastructure"
  50           },
  51           {
  52               "serviceName": "_aai-cloudInfrastructure",
  53               "version": "v12",
  54               "url": "/aai/v12/cloud-infrastructure",
  55               "protocol": "REST",
  56               "port": "8447",
  57               "enable_ssl": true,
  58               "lb_policy":"ip_hash",
  59               "visualRange": "1",
  60               "path": "/aai/v12/cloud-infrastructure"
  61           },
  62           {
  63               "serviceName": "_aai-cloudInfrastructure",
  64               "version": "v13",
  65               "url": "/aai/v13/cloud-infrastructure",
  66               "protocol": "REST",
  67               "port": "8447",
  68               "enable_ssl": true,
  69               "lb_policy":"ip_hash",
  70               "visualRange": "1",
  71               "path": "/aai/v13/cloud-infrastructure"
  72           },
  73           {
  74               "serviceName": "_aai-cloudInfrastructure",
  75               "version": "v14",
  76               "url": "/aai/v14/cloud-infrastructure",
  77               "protocol": "REST",
  78               "port": "8447",
  79               "enable_ssl": true,
  80               "lb_policy":"ip_hash",
  81               "visualRange": "1",
  82               "path": "/aai/v14/cloud-infrastructure"
  83           },
  84           {
  85               "serviceName": "_aai-business",
  86               "version": "v11",
  87               "url": "/aai/v11/business",
  88               "protocol": "REST",
  89               "port": "8447",
  90               "enable_ssl": true,
  91               "lb_policy":"ip_hash",
  92               "visualRange": "1",
  93               "path": "/aai/v11/business"
  94           },
  95           {
  96               "serviceName": "_aai-business",
  97               "version": "v12",
  98               "url": "/aai/v12/business",
  99               "protocol": "REST",
 100               "port": "8447",
 101               "enable_ssl": true,
 102               "lb_policy":"ip_hash",
 103               "visualRange": "1",
 104               "path": "/aai/v12/business"
 105           },
 106           {
 107               "serviceName": "_aai-business",
 108               "version": "v13",
 109               "url": "/aai/v13/business",
 110               "protocol": "REST",
 111               "port": "8447",
 112               "enable_ssl": true,
 113               "lb_policy":"ip_hash",
 114               "visualRange": "1",
 115               "path": "/aai/v13/business"
 116           },
 117           {
 118               "serviceName": "_aai-business",
 119               "version": "v14",
 120               "url": "/aai/v14/business",
 121               "protocol": "REST",
 122               "port": "8447",
 123               "enable_ssl": true,
 124               "lb_policy":"ip_hash",
 125               "visualRange": "1",
 126               "path": "/aai/v14/business"
 127           },
 128           {
 129               "serviceName": "_aai-actions",
 130               "version": "v11",
 131               "url": "/aai/v11/actions",
 132               "protocol": "REST",
 133               "port": "8447",
 134               "enable_ssl": true,
 135               "lb_policy":"ip_hash",
 136               "visualRange": "1",
 137               "path": "/aai/v11/actions"
 138           },
 139           {
 140               "serviceName": "_aai-actions",
 141               "version": "v12",
 142               "url": "/aai/v12/actions",
 143               "protocol": "REST",
 144               "port": "8447",
 145               "enable_ssl": true,
 146               "lb_policy":"ip_hash",
 147               "visualRange": "1",
 148               "path": "/aai/v12/actions"
 149           },
 150           {
 151               "serviceName": "_aai-actions",
 152               "version": "v13",
 153               "url": "/aai/v13/actions",
 154               "protocol": "REST",
 155               "port": "8447",
 156               "enable_ssl": true,
 157               "lb_policy":"ip_hash",
 158               "visualRange": "1",
 159               "path": "/aai/v13/actions"
 160           },
 161           {
 162               "serviceName": "_aai-actions",
 163               "version": "v14",
 164               "url": "/aai/v14/actions",
 165               "protocol": "REST",
 166               "port": "8447",
 167               "enable_ssl": true,
 168               "lb_policy":"ip_hash",
 169               "visualRange": "1",
 170               "path": "/aai/v14/actions"
 171           },
 172           {
 173               "serviceName": "_aai-service-design-and-creation",
 174               "version": "v11",
 175               "url": "/aai/v11/service-design-and-creation",
 176               "protocol": "REST",
 177               "port": "8447",
 178               "enable_ssl": true,
 179               "lb_policy":"ip_hash",
 180               "visualRange": "1",
 181               "path": "/aai/v11/service-design-and-creation"
 182           },
 183           {
 184               "serviceName": "_aai-service-design-and-creation",
 185               "version": "v12",
 186               "url": "/aai/v12/service-design-and-creation",
 187               "protocol": "REST",
 188               "port": "8447",
 189               "enable_ssl": true,
 190               "lb_policy":"ip_hash",
 191               "visualRange": "1",
 192               "path": "/aai/v12/service-design-and-creation"
 193           },
 194           {
 195               "serviceName": "_aai-service-design-and-creation",
 196               "version": "v13",
 197               "url": "/aai/v13/service-design-and-creation",
 198               "protocol": "REST",
 199               "port": "8447",
 200               "enable_ssl": true,
 201               "lb_policy":"ip_hash",
 202               "visualRange": "1",
 203               "path": "/aai/v13/service-design-and-creation"
 204           },
 205           {
 206               "serviceName": "_aai-service-design-and-creation",
 207               "version": "v14",
 208               "url": "/aai/v14/service-design-and-creation",
 209               "protocol": "REST",
 210               "port": "8447",
 211               "enable_ssl": true,
 212               "lb_policy":"ip_hash",
 213               "visualRange": "1",
 214               "path": "/aai/v14/service-design-and-creation"
 215           },
 216           {
 217               "serviceName": "_aai-network",
 218               "version": "v11",
 219               "url": "/aai/v11/network",
 220               "protocol": "REST",
 221               "port": "8447",
 222               "enable_ssl": true,
 223               "lb_policy":"ip_hash",
 224               "visualRange": "1",
 225               "path": "/aai/v11/network"
 226           },
 227           {
 228               "serviceName": "_aai-network",
 229               "version": "v12",
 230               "url": "/aai/v12/network",
 231               "protocol": "REST",
 232               "port": "8447",
 233               "enable_ssl": true,
 234               "lb_policy":"ip_hash",
 235               "visualRange": "1",
 236               "path": "/aai/v12/network"
 237           },
 238           {
 239               "serviceName": "_aai-network",
 240               "version": "v13",
 241               "url": "/aai/v13/network",
 242               "protocol": "REST",
 243               "port": "8447",
 244               "enable_ssl": true,
 245               "lb_policy":"ip_hash",
 246               "visualRange": "1",
 247               "path": "/aai/v13/network"
 248           },
 249           {
 250               "serviceName": "_aai-network",
 251               "version": "v14",
 252               "url": "/aai/v14/network",
 253               "protocol": "REST",
 254               "port": "8447",
 255               "enable_ssl": true,
 256               "lb_policy":"ip_hash",
 257               "visualRange": "1",
 258               "path": "/aai/v14/network"
 259           },
 260           {
 261               "serviceName": "_aai-externalSystem",
 262               "version": "v11",
 263               "url": "/aai/v11/external-system",
 264               "protocol": "REST",
 265               "port": "8447",
 266               "enable_ssl": true,
 267               "lb_policy":"ip_hash",
 268               "visualRange": "1",
 269               "path": "/aai/v11/external-system"
 270           },
 271           {
 272               "serviceName": "_aai-externalSystem",
 273               "version": "v12",
 274               "url": "/aai/v12/external-system",
 275               "protocol": "REST",
 276               "port": "8447",
 277               "enable_ssl": true,
 278               "lb_policy":"ip_hash",
 279               "visualRange": "1",
 280               "path": "/aai/v12/external-system"
 281           },
 282           {
 283               "serviceName": "_aai-externalSystem",
 284               "version": "v13",
 285               "url": "/aai/v13/external-system",
 286               "protocol": "REST",
 287               "port": "8447",
 288               "enable_ssl": true,
 289               "lb_policy":"ip_hash",
 290               "visualRange": "1",
 291               "path": "/aai/v13/external-system"
 292           },
 293           {
 294               "serviceName": "_aai-externalSystem",
 295               "version": "v14",
 296               "url": "/aai/v14/external-system",
 297               "protocol": "REST",
 298               "port": "8447",
 299               "enable_ssl": true,
 300               "lb_policy":"ip_hash",
 301               "visualRange": "1",
 302               "path": "/aai/v14/external-system"
 303           },
 304           {
 305               "serviceName": "aai-cloudInfrastructure",
 306               "version": "v11",
 307               "url": "/aai/v11/cloud-infrastructure",
 308               "protocol": "REST",
 309               "port": "8447",
 310               "enable_ssl": true,
 311               "lb_policy":"ip_hash",
 312               "visualRange": "1"
 313           },
 314           {
 315               "serviceName": "aai-cloudInfrastructure",
 316               "version": "v12",
 317               "url": "/aai/v12/cloud-infrastructure",
 318               "protocol": "REST",
 319               "port": "8447",
 320               "enable_ssl": true,
 321               "lb_policy":"ip_hash",
 322               "visualRange": "1"
 323           },
 324           {
 325               "serviceName": "aai-cloudInfrastructure",
 326               "version": "v13",
 327               "url": "/aai/v13/cloud-infrastructure",
 328               "protocol": "REST",
 329               "port": "8447",
 330               "enable_ssl": true,
 331               "lb_policy":"ip_hash",
 332               "visualRange": "1"
 333           },
 334           {
 335               "serviceName": "aai-cloudInfrastructure",
 336               "version": "v14",
 337               "url": "/aai/v14/cloud-infrastructure",
 338               "protocol": "REST",
 339               "port": "8447",
 340               "enable_ssl": true,
 341               "lb_policy":"ip_hash",
 342               "visualRange": "1"
 343           },
 344           {
 345               "serviceName": "aai-business",
 346               "version": "v11",
 347               "url": "/aai/v11/business",
 348               "protocol": "REST",
 349               "port": "8447",
 350               "enable_ssl": true,
 351               "lb_policy":"ip_hash",
 352               "visualRange": "1"
 353           },
 354           {
 355               "serviceName": "aai-business",
 356               "version": "v12",
 357               "url": "/aai/v12/business",
 358               "protocol": "REST",
 359               "port": "8447",
 360               "enable_ssl": true,
 361               "lb_policy":"ip_hash",
 362               "visualRange": "1"
 363           },
 364           {
 365               "serviceName": "aai-business",
 366               "version": "v13",
 367               "url": "/aai/v13/business",
 368               "protocol": "REST",
 369               "port": "8447",
 370               "enable_ssl": true,
 371               "lb_policy":"ip_hash",
 372               "visualRange": "1"
 373           },
 374           {
 375               "serviceName": "aai-business",
 376               "version": "v14",
 377               "url": "/aai/v14/business",
 378               "protocol": "REST",
 379               "port": "8447",
 380               "enable_ssl": true,
 381               "lb_policy":"ip_hash",
 382               "visualRange": "1"
 383           },
 384           {
 385               "serviceName": "aai-actions",
 386               "version": "v11",
 387               "url": "/aai/v11/actions",
 388               "protocol": "REST",
 389               "port": "8447",
 390               "enable_ssl": true,
 391               "lb_policy":"ip_hash",
 392               "visualRange": "1"
 393           },
 394           {
 395               "serviceName": "aai-actions",
 396               "version": "v12",
 397               "url": "/aai/v12/actions",
 398               "protocol": "REST",
 399               "port": "8447",
 400               "enable_ssl": true,
 401               "lb_policy":"ip_hash",
 402               "visualRange": "1"
 403           },
 404           {
 405               "serviceName": "aai-actions",
 406               "version": "v13",
 407               "url": "/aai/v13/actions",
 408               "protocol": "REST",
 409               "port": "8447",
 410               "enable_ssl": true,
 411               "lb_policy":"ip_hash",
 412               "visualRange": "1"
 413           },
 414           {
 415               "serviceName": "aai-actions",
 416               "version": "v14",
 417               "url": "/aai/v14/actions",
 418               "protocol": "REST",
 419               "port": "8447",
 420               "enable_ssl": true,
 421               "lb_policy":"ip_hash",
 422               "visualRange": "1"
 423           },
 424           {
 425               "serviceName": "aai-service-design-and-creation",
 426               "version": "v11",
 427               "url": "/aai/v11/service-design-and-creation",
 428               "protocol": "REST",
 429               "port": "8447",
 430               "enable_ssl": true,
 431               "lb_policy":"ip_hash",
 432               "visualRange": "1"
 433           },
 434           {
 435               "serviceName": "aai-service-design-and-creation",
 436               "version": "v12",
 437               "url": "/aai/v12/service-design-and-creation",
 438               "protocol": "REST",
 439               "port": "8447",
 440               "enable_ssl": true,
 441               "lb_policy":"ip_hash",
 442               "visualRange": "1"
 443           },
 444           {
 445               "serviceName": "aai-service-design-and-creation",
 446               "version": "v13",
 447               "url": "/aai/v13/service-design-and-creation",
 448               "protocol": "REST",
 449               "port": "8447",
 450               "enable_ssl": true,
 451               "lb_policy":"ip_hash",
 452               "visualRange": "1"
 453           },
 454           {
 455               "serviceName": "aai-service-design-and-creation",
 456               "version": "v14",
 457               "url": "/aai/v14/service-design-and-creation",
 458               "protocol": "REST",
 459               "port": "8447",
 460               "enable_ssl": true,
 461               "lb_policy":"ip_hash",
 462               "visualRange": "1"
 463           },
 464           {
 465               "serviceName": "aai-network",
 466               "version": "v11",
 467               "url": "/aai/v11/network",
 468               "protocol": "REST",
 469               "port": "8447",
 470               "enable_ssl": true,
 471               "lb_policy":"ip_hash",
 472               "visualRange": "1"
 473           },
 474           {
 475               "serviceName": "aai-network",
 476               "version": "v12",
 477               "url": "/aai/v12/network",
 478               "protocol": "REST",
 479               "port": "8447",
 480               "enable_ssl": true,
 481               "lb_policy":"ip_hash",
 482               "visualRange": "1"
 483           },
 484           {
 485               "serviceName": "aai-network",
 486               "version": "v13",
 487               "url": "/aai/v13/network",
 488               "protocol": "REST",
 489               "port": "8447",
 490               "enable_ssl": true,
 491               "lb_policy":"ip_hash",
 492               "visualRange": "1"
 493           },
 494           {
 495               "serviceName": "aai-network",
 496               "version": "v14",
 497               "url": "/aai/v14/network",
 498               "protocol": "REST",
 499               "port": "8447",
 500               "enable_ssl": true,
 501               "lb_policy":"ip_hash",
 502               "visualRange": "1"
 503           },
 504           {
 505               "serviceName": "aai-externalSystem",
 506               "version": "v11",
 507               "url": "/aai/v11/external-system",
 508               "protocol": "REST",
 509               "port": "8447",
 510               "enable_ssl": true,
 511               "lb_policy":"ip_hash",
 512               "visualRange": "1"
 513           },
 514           {
 515               "serviceName": "aai-externalSystem",
 516               "version": "v12",
 517               "url": "/aai/v12/external-system",
 518               "protocol": "REST",
 519               "port": "8447",
 520               "enable_ssl": true,
 521               "lb_policy":"ip_hash",
 522               "visualRange": "1"
 523           },
 524           {
 525               "serviceName": "aai-externalSystem",
 526               "version": "v13",
 527               "url": "/aai/v13/external-system",
 528               "protocol": "REST",
 529               "port": "8447",
 530               "enable_ssl": true,
 531               "lb_policy":"ip_hash",
 532               "visualRange": "1"
 533           },
 534           {
 535               "serviceName": "aai-externalSystem",
 536               "version": "v14",
 537               "url": "/aai/v14/external-system",
 538               "protocol": "REST",
 539               "port": "8447",
 540               "enable_ssl": true,
 541               "lb_policy":"ip_hash",
 542               "visualRange": "1"
 543           }
 544           ]'
 545     spec:
 546       hostname: aai-resources
 547     {{ if .Values.global.initContainers.enabled }}
 548       {{ if .Values.global.installSidecarSecurity }}
 549       hostAliases:
 550       - ip: {{ .Values.global.aaf.serverIp }}
 551         hostnames:
 552         - {{ .Values.global.aaf.serverHostname }}
 553       {{ end }}
 554       initContainers:
 555       - command:
 556       {{  if .Values.global.jobs.createSchema.enabled  }}
 557         - /root/job_complete.py
 558         args:
 559         - --job-name
 560         - {{ .Release.Name }}-aai-graphadmin-create-db-schema
 561       {{  else }}
 562         - /root/ready.py
 563         args:
 564         - --container-name
 565         - aai-cassandra
 566         - --container-name
 567         - aai-schema-service
 568       {{  end  }}
 569         env:
 570         - name: NAMESPACE
 571           valueFrom:
 572             fieldRef:
 573               apiVersion: v1
 574               fieldPath: metadata.namespace
 575         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
 576         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 577         name: {{ include "common.name" . }}-readiness
 578       {{ if .Values.global.installSidecarSecurity }}
 579       - name: {{ .Values.global.tproxyConfig.name }}
 580         image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
 581         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 582         securityContext:
 583           privileged: true
 584       {{ end }}
 585     {{ end }}
 586       containers:
 587       - name: {{ include "common.name" . }}
 588         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
 589         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 590         env:
 591         - name: LOCAL_USER_ID
 592           value: {{ .Values.global.config.userId | quote }}
 593         - name: LOCAL_GROUP_ID
 594           value: {{ .Values.global.config.groupId | quote }}
 595         volumeMounts:
 596         - mountPath: /etc/localtime
 597           name: localtime
 598           readOnly: true
 599         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
 600           name: {{ include "common.fullname" . }}-db-real-conf
 601           subPath: janusgraph-realtime.properties
 602         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
 603           name: {{ include "common.fullname" . }}-db-cached-conf
 604           subPath: janusgraph-cached.properties
 605         - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
 606           name: {{ include "common.fullname" . }}-aaiconfig-conf
 607           subPath: aaiconfig.properties
 608         - mountPath: /opt/aai/logroot/AAI-RES
 609           name: {{ include "common.fullname" . }}-logs
 610         - mountPath: /opt/app/aai-resources/resources/logback.xml
 611           name: {{ include "common.fullname" . }}-log-conf
 612           subPath: logback.xml
 613         - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
 614           name: {{ include "common.fullname" . }}-localhost-access-log-conf
 615           subPath: localhost-access-logback.xml
 616         - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
 617           name: {{ include "common.fullname" . }}-realm-conf
 618           subPath: realm.properties
 619         {{ if .Values.global.installSidecarSecurity }}
 620         - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
 621           name: {{ include "common.fullname" . }}-aai-policy
 622           subPath: aai_policy.json
 623         {{ end }}
 624         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
 625           name: {{ include "common.fullname" . }}-aaf-certs
 626           subPath: org.onap.aai.keyfile
 627         - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
 628           name: {{ include "common.fullname" . }}-aaf-certs
 629           subPath: bath_config.csv
 630         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
 631           name: {{ include "common.fullname" . }}-aaf-properties
 632           subPath: org.onap.aai.props
 633         - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
 634           name: {{ include "common.fullname" . }}-aaf-properties
 635           subPath: org.osaaf.location.props
 636         - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
 637           name: {{ include "common.fullname" . }}-aaf-properties
 638           subPath: permissions.properties
 639         - mountPath: /opt/app/aai-resources/resources/cadi.properties
 640           name: {{ include "common.fullname" . }}-aaf-properties
 641           subPath: cadi.properties
 642         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
 643           name: {{ include "common.fullname" . }}-aaf-certs
 644           subPath: org.onap.aai.p12
 645         - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
 646           name: aai-common-aai-auth-mount
 647           subPath: truststoreONAPall.jks
 648         - mountPath: /opt/app/aai-resources/resources/application.properties
 649           name: {{ include "common.fullname" . }}-springapp-conf
 650           subPath: application.properties
 651           {{ $global := . }}
 652           {{ range $job := .Values.global.config.auth.files }}
 653         - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
 654           name: {{ include "common.fullname" $global }}-auth-truststore-sec
 655           subPath: {{ . }}
 656           {{ end }}
 657         ports:
 658         - containerPort: {{ .Values.service.internalPort }}
 659         - containerPort: {{ .Values.service.internalPort2 }}
 660         # disable liveness probe when breakpoints set in debugger
 661         # so K8s doesn't restart unresponsive container
 662         {{ if .Values.liveness.enabled }}
 663         livenessProbe:
 664           tcpSocket:
 665             port: {{ .Values.service.internalPort }}
 666           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 667           periodSeconds: {{ .Values.liveness.periodSeconds }}
 668         {{ end }}
 669         readinessProbe:
 670           tcpSocket:
 671             port: {{ .Values.service.internalPort }}
 672           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 673           periodSeconds: {{ .Values.readiness.periodSeconds }}
 674         resources:
 675 {{ include "common.resources" . }}
 676       {{- if .Values.nodeSelector }}
 677       nodeSelector:
 678 {{ toYaml .Values.nodeSelector | indent 8 }}
 679       {{- end -}}
 680       {{- if .Values.affinity }}
 681       affinity:
 682 {{ toYaml .Values.affinity | indent 8 }}
 683       {{- end }}
 684
 685       # side car containers
 686       - name: filebeat-onap
 687         image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 688         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 689         volumeMounts:
 690         - mountPath: /usr/share/filebeat/filebeat.yml
 691           subPath: filebeat.yml
 692           name: filebeat-conf
 693         - mountPath: /var/log/onap
 694           name: {{ include "common.fullname" . }}-logs
 695         - mountPath: /usr/share/filebeat/data
 696           name: {{ include "common.fullname" . }}-filebeat
 697         resources:
 698 {{ include "common.resources" . }}
 699     {{ if .Values.global.installSidecarSecurity }}
 700       - name: {{ .Values.global.rproxy.name }}
 701         image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 702         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 703         env:
 704         - name: CONFIG_HOME
 705           value: "/opt/app/rproxy/config"
 706         - name: KEY_STORE_PASSWORD
 707           value: {{ .Values.sidecar.keyStorePassword }}
 708         - name: spring_profiles_active
 709           value: {{ .Values.global.rproxy.activeSpringProfiles }}
 710         volumeMounts:
 711         - name: {{ include "common.fullname" . }}-rproxy-config
 712           mountPath: /opt/app/rproxy/config/forward-proxy.properties
 713           subPath: forward-proxy.properties
 714         - name: {{ include "common.fullname" . }}-rproxy-config
 715           mountPath: /opt/app/rproxy/config/primary-service.properties
 716           subPath: primary-service.properties
 717         - name: {{ include "common.fullname" . }}-rproxy-config
 718           mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 719           subPath: reverse-proxy.properties
 720         - name: {{ include "common.fullname" . }}-rproxy-config
 721           mountPath: /opt/app/rproxy/config/cadi.properties
 722           subPath: cadi.properties
 723         - name: {{ include "common.fullname" . }}-rproxy-log-config
 724           mountPath: /opt/app/rproxy/config/logback-spring.xml
 725           subPath: logback-spring.xml
 726         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 727           mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 728           subPath: uri-authorization.json
 729         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 730           mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 731           subPath: tomcat_keystore
 732         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 733           mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 734           subPath: client-cert.p12
 735         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 736           mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
 737           subPath: aaf_truststore.jks
 738         - name: {{ include "common.fullname" . }}-rproxy-security-config
 739           mountPath: /opt/app/rproxy/config/security/keyfile
 740           subPath: keyfile
 741         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 742           mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 743           subPath: org.onap.aai.p12
 744         ports:
 745         - containerPort: {{ .Values.global.rproxy.port }}
 746
 747       - name: {{ .Values.global.fproxy.name }}
 748         image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 749         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 750         env:
 751         - name: CONFIG_HOME
 752           value: "/opt/app/fproxy/config"
 753         - name: KEY_STORE_PASSWORD
 754           value: {{ .Values.sidecar.keyStorePassword }}
 755         - name: TRUST_STORE_PASSWORD
 756           value: {{ .Values.sidecar.trustStorePassword }}
 757         - name: spring_profiles_active
 758           value: {{ .Values.global.fproxy.activeSpringProfiles }}
 759         volumeMounts:
 760         - name: {{ include "common.fullname" . }}-fproxy-config
 761           mountPath: /opt/app/fproxy/config/fproxy.properties
 762           subPath: fproxy.properties
 763         - name: {{ include "common.fullname" . }}-fproxy-log-config
 764           mountPath: /opt/app/fproxy/config/logback-spring.xml
 765           subPath: logback-spring.xml
 766         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 767           mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 768           subPath: fproxy_truststore
 769         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 770           mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 771           subPath: tomcat_keystore
 772         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 773           mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 774           subPath: client-cert.p12
 775         ports:
 776         - containerPort: {{ .Values.global.fproxy.port }}
 777     {{ end }}
 778
 779       volumes:
 780       - name: aai-common-aai-auth-mount
 781         secret:
 782           secretName: aai-common-aai-auth
 783       - name: localtime
 784         hostPath:
 785           path: /etc/localtime
 786       - name: filebeat-conf
 787         configMap:
 788           name: aai-filebeat
 789       - name: {{ include "common.fullname" . }}-logs
 790         emptyDir: {}
 791       - name: {{ include "common.fullname" . }}-filebeat
 792         emptyDir: {}
 793       - name: {{ include "common.fullname" . }}-log-conf
 794         configMap:
 795          name: {{ include "common.fullname" . }}-log
 796       - name: {{ include "common.fullname" . }}-localhost-access-log-conf
 797         configMap:
 798          name: {{ include "common.fullname" . }}-localhost-access-log-configmap
 799       - name: {{ include "common.fullname" . }}-db-real-conf
 800         configMap:
 801          name: {{ include "common.fullname" . }}-db-real-configmap
 802       - name: {{ include "common.fullname" . }}-db-cached-conf
 803         configMap:
 804          name: {{ include "common.fullname" . }}-db-cached-configmap
 805       - name: {{ include "common.fullname" . }}-aaiconfig-conf
 806         configMap:
 807          name: {{ include "common.fullname" . }}-aaiconfig-configmap
 808       - name: {{ include "common.fullname" . }}-aaf-properties
 809         configMap:
 810          name: {{ include "common.fullname" . }}-aaf-props
 811       - name: {{ include "common.fullname" . }}-aaf-certs
 812         secret:
 813          secretName: {{ include "common.fullname" . }}-aaf-keys
 814       - name: {{ include "common.fullname" . }}-springapp-conf
 815         configMap:
 816          name: {{ include "common.fullname" . }}-springapp-configmap
 817       - name: {{ include "common.fullname" . }}-realm-conf
 818         configMap:
 819          name: {{ include "common.fullname" . }}-realm-configmap
 820       - name: {{ include "common.fullname" . }}-auth-truststore-sec
 821         secret:
 822          secretName: aai-common-truststore
 823          items:
 824           {{ range $job := .Values.global.config.auth.files }}
 825            - key: {{ . }}
 826              path: {{ . }}
 827           {{ end }}
 828     {{ if .Values.global.installSidecarSecurity }}
 829       - name: {{ include "common.fullname" . }}-aai-policy
 830         configMap:
 831          name: {{ include "common.fullname" . }}-aai-policy-configmap
 832       - name: {{ include "common.fullname" . }}-rproxy-config
 833         configMap:
 834          name: {{ include "common.fullname" . }}-rproxy-config
 835       - name: {{ include "common.fullname" . }}-rproxy-log-config
 836         configMap:
 837          name: {{ include "common.fullname" . }}-rproxy-log-config
 838       - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 839         configMap:
 840          name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 841       - name: {{ include "common.fullname" . }}-rproxy-auth-config
 842         secret:
 843          secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 844       - name: {{ include "common.fullname" . }}-rproxy-security-config
 845         secret:
 846          secretName: {{ include "common.fullname" . }}-rproxy-security-config
 847       - name: {{ include "common.fullname" . }}-fproxy-config
 848         configMap:
 849          name: {{ include "common.fullname" . }}-fproxy-config
 850       - name: {{ include "common.fullname" . }}-fproxy-log-config
 851         configMap:
 852          name: {{ include "common.fullname" . }}-fproxy-log-config
 853       - name: {{ include "common.fullname" . }}-fproxy-auth-config
 854         secret:
 855          secretName: {{ include "common.fullname" . }}-fproxy-auth-config
 856     {{ end }}
 857       restartPolicy: {{ .Values.restartPolicy }}
 858       imagePullSecrets:
 859       - name: "{{ include "common.namespace" . }}-docker-registry-key"