1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018 AT&T
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 apiVersion: extensions/v1beta1
19 name: {{ include "common.fullname" . }}
20 namespace: {{ include "common.namespace" . }}
22 app: {{ include "common.name" . }}
23 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
27 replicas: {{ .Values.replicaCount }}
30 app: {{ include "common.name" . }}
34 app: {{ include "common.name" . }}
35 release: {{ .Release.Name }}
36 name: {{ include "common.name" . }}
38 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
39 msb.onap.org/service-info: '[
41 "serviceName": "_aai-cloudInfrastructure",
43 "url": "/aai/v11/cloud-infrastructure",
47 "lb_policy":"ip_hash",
49 "path": "/aai/v11/cloud-infrastructure"
52 "serviceName": "_aai-cloudInfrastructure",
54 "url": "/aai/v12/cloud-infrastructure",
58 "lb_policy":"ip_hash",
60 "path": "/aai/v12/cloud-infrastructure"
63 "serviceName": "_aai-cloudInfrastructure",
65 "url": "/aai/v13/cloud-infrastructure",
69 "lb_policy":"ip_hash",
71 "path": "/aai/v13/cloud-infrastructure"
74 "serviceName": "_aai-cloudInfrastructure",
76 "url": "/aai/v14/cloud-infrastructure",
80 "lb_policy":"ip_hash",
82 "path": "/aai/v14/cloud-infrastructure"
85 "serviceName": "_aai-business",
87 "url": "/aai/v11/business",
91 "lb_policy":"ip_hash",
93 "path": "/aai/v11/business"
96 "serviceName": "_aai-business",
98 "url": "/aai/v12/business",
102 "lb_policy":"ip_hash",
104 "path": "/aai/v12/business"
107 "serviceName": "_aai-business",
109 "url": "/aai/v13/business",
113 "lb_policy":"ip_hash",
115 "path": "/aai/v13/business"
118 "serviceName": "_aai-business",
120 "url": "/aai/v14/business",
124 "lb_policy":"ip_hash",
126 "path": "/aai/v14/business"
129 "serviceName": "_aai-actions",
131 "url": "/aai/v11/actions",
135 "lb_policy":"ip_hash",
137 "path": "/aai/v11/actions"
140 "serviceName": "_aai-actions",
142 "url": "/aai/v12/actions",
146 "lb_policy":"ip_hash",
148 "path": "/aai/v12/actions"
151 "serviceName": "_aai-actions",
153 "url": "/aai/v13/actions",
157 "lb_policy":"ip_hash",
159 "path": "/aai/v13/actions"
162 "serviceName": "_aai-actions",
164 "url": "/aai/v14/actions",
168 "lb_policy":"ip_hash",
170 "path": "/aai/v14/actions"
173 "serviceName": "_aai-service-design-and-creation",
175 "url": "/aai/v11/service-design-and-creation",
179 "lb_policy":"ip_hash",
181 "path": "/aai/v11/service-design-and-creation"
184 "serviceName": "_aai-service-design-and-creation",
186 "url": "/aai/v12/service-design-and-creation",
190 "lb_policy":"ip_hash",
192 "path": "/aai/v12/service-design-and-creation"
195 "serviceName": "_aai-service-design-and-creation",
197 "url": "/aai/v13/service-design-and-creation",
201 "lb_policy":"ip_hash",
203 "path": "/aai/v13/service-design-and-creation"
206 "serviceName": "_aai-service-design-and-creation",
208 "url": "/aai/v14/service-design-and-creation",
212 "lb_policy":"ip_hash",
214 "path": "/aai/v14/service-design-and-creation"
217 "serviceName": "_aai-network",
219 "url": "/aai/v11/network",
223 "lb_policy":"ip_hash",
225 "path": "/aai/v11/network"
228 "serviceName": "_aai-network",
230 "url": "/aai/v12/network",
234 "lb_policy":"ip_hash",
236 "path": "/aai/v12/network"
239 "serviceName": "_aai-network",
241 "url": "/aai/v13/network",
245 "lb_policy":"ip_hash",
247 "path": "/aai/v13/network"
250 "serviceName": "_aai-network",
252 "url": "/aai/v14/network",
256 "lb_policy":"ip_hash",
258 "path": "/aai/v14/network"
261 "serviceName": "_aai-externalSystem",
263 "url": "/aai/v11/external-system",
267 "lb_policy":"ip_hash",
269 "path": "/aai/v11/external-system"
272 "serviceName": "_aai-externalSystem",
274 "url": "/aai/v12/external-system",
278 "lb_policy":"ip_hash",
280 "path": "/aai/v12/external-system"
283 "serviceName": "_aai-externalSystem",
285 "url": "/aai/v13/external-system",
289 "lb_policy":"ip_hash",
291 "path": "/aai/v13/external-system"
294 "serviceName": "_aai-externalSystem",
296 "url": "/aai/v14/external-system",
300 "lb_policy":"ip_hash",
302 "path": "/aai/v14/external-system"
305 "serviceName": "aai-cloudInfrastructure",
307 "url": "/aai/v11/cloud-infrastructure",
311 "lb_policy":"ip_hash",
315 "serviceName": "aai-cloudInfrastructure",
317 "url": "/aai/v12/cloud-infrastructure",
321 "lb_policy":"ip_hash",
325 "serviceName": "aai-cloudInfrastructure",
327 "url": "/aai/v13/cloud-infrastructure",
331 "lb_policy":"ip_hash",
335 "serviceName": "aai-cloudInfrastructure",
337 "url": "/aai/v14/cloud-infrastructure",
341 "lb_policy":"ip_hash",
345 "serviceName": "aai-business",
347 "url": "/aai/v11/business",
351 "lb_policy":"ip_hash",
355 "serviceName": "aai-business",
357 "url": "/aai/v12/business",
361 "lb_policy":"ip_hash",
365 "serviceName": "aai-business",
367 "url": "/aai/v13/business",
371 "lb_policy":"ip_hash",
375 "serviceName": "aai-business",
377 "url": "/aai/v14/business",
381 "lb_policy":"ip_hash",
385 "serviceName": "aai-actions",
387 "url": "/aai/v11/actions",
391 "lb_policy":"ip_hash",
395 "serviceName": "aai-actions",
397 "url": "/aai/v12/actions",
401 "lb_policy":"ip_hash",
405 "serviceName": "aai-actions",
407 "url": "/aai/v13/actions",
411 "lb_policy":"ip_hash",
415 "serviceName": "aai-actions",
417 "url": "/aai/v14/actions",
421 "lb_policy":"ip_hash",
425 "serviceName": "aai-service-design-and-creation",
427 "url": "/aai/v11/service-design-and-creation",
431 "lb_policy":"ip_hash",
435 "serviceName": "aai-service-design-and-creation",
437 "url": "/aai/v12/service-design-and-creation",
441 "lb_policy":"ip_hash",
445 "serviceName": "aai-service-design-and-creation",
447 "url": "/aai/v13/service-design-and-creation",
451 "lb_policy":"ip_hash",
455 "serviceName": "aai-service-design-and-creation",
457 "url": "/aai/v14/service-design-and-creation",
461 "lb_policy":"ip_hash",
465 "serviceName": "aai-network",
467 "url": "/aai/v11/network",
471 "lb_policy":"ip_hash",
475 "serviceName": "aai-network",
477 "url": "/aai/v12/network",
481 "lb_policy":"ip_hash",
485 "serviceName": "aai-network",
487 "url": "/aai/v13/network",
491 "lb_policy":"ip_hash",
495 "serviceName": "aai-network",
497 "url": "/aai/v14/network",
501 "lb_policy":"ip_hash",
505 "serviceName": "aai-externalSystem",
507 "url": "/aai/v11/external-system",
511 "lb_policy":"ip_hash",
515 "serviceName": "aai-externalSystem",
517 "url": "/aai/v12/external-system",
521 "lb_policy":"ip_hash",
525 "serviceName": "aai-externalSystem",
527 "url": "/aai/v13/external-system",
531 "lb_policy":"ip_hash",
535 "serviceName": "aai-externalSystem",
537 "url": "/aai/v14/external-system",
541 "lb_policy":"ip_hash",
546 hostname: aai-resources
547 {{ if .Values.global.initContainers.enabled }}
548 {{ if .Values.global.installSidecarSecurity }}
550 - ip: {{ .Values.global.aaf.serverIp }}
552 - {{ .Values.global.aaf.serverHostname }}
556 {{ if .Values.global.jobs.createSchema.enabled }}
557 - /root/job_complete.py
560 - {{ .Release.Name }}-aai-graphadmin-create-db-schema
574 fieldPath: metadata.namespace
575 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
576 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
577 name: {{ include "common.name" . }}-readiness
578 {{ if .Values.global.installSidecarSecurity }}
579 - name: {{ .Values.global.tproxyConfig.name }}
580 image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
581 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
587 - name: {{ include "common.name" . }}
588 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
589 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
591 - name: LOCAL_USER_ID
592 value: {{ .Values.global.config.userId | quote }}
593 - name: LOCAL_GROUP_ID
594 value: {{ .Values.global.config.groupId | quote }}
596 - mountPath: /etc/localtime
599 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
600 name: {{ include "common.fullname" . }}-db-real-conf
601 subPath: janusgraph-realtime.properties
602 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
603 name: {{ include "common.fullname" . }}-db-cached-conf
604 subPath: janusgraph-cached.properties
605 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
606 name: {{ include "common.fullname" . }}-aaiconfig-conf
607 subPath: aaiconfig.properties
608 - mountPath: /opt/aai/logroot/AAI-RES
609 name: {{ include "common.fullname" . }}-logs
610 - mountPath: /opt/app/aai-resources/resources/logback.xml
611 name: {{ include "common.fullname" . }}-log-conf
613 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
614 name: {{ include "common.fullname" . }}-localhost-access-log-conf
615 subPath: localhost-access-logback.xml
616 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
617 name: {{ include "common.fullname" . }}-realm-conf
618 subPath: realm.properties
619 {{ if .Values.global.installSidecarSecurity }}
620 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
621 name: {{ include "common.fullname" . }}-aai-policy
622 subPath: aai_policy.json
624 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
625 name: {{ include "common.fullname" . }}-aaf-certs
626 subPath: org.onap.aai.keyfile
627 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
628 name: {{ include "common.fullname" . }}-aaf-certs
629 subPath: bath_config.csv
630 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
631 name: {{ include "common.fullname" . }}-aaf-properties
632 subPath: org.onap.aai.props
633 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
634 name: {{ include "common.fullname" . }}-aaf-properties
635 subPath: org.osaaf.location.props
636 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
637 name: {{ include "common.fullname" . }}-aaf-properties
638 subPath: permissions.properties
639 - mountPath: /opt/app/aai-resources/resources/cadi.properties
640 name: {{ include "common.fullname" . }}-aaf-properties
641 subPath: cadi.properties
642 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
643 name: {{ include "common.fullname" . }}-aaf-certs
644 subPath: org.onap.aai.p12
645 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
646 name: aai-common-aai-auth-mount
647 subPath: truststoreONAPall.jks
648 - mountPath: /opt/app/aai-resources/resources/application.properties
649 name: {{ include "common.fullname" . }}-springapp-conf
650 subPath: application.properties
652 {{ range $job := .Values.global.config.auth.files }}
653 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
654 name: {{ include "common.fullname" $global }}-auth-truststore-sec
658 - containerPort: {{ .Values.service.internalPort }}
659 - containerPort: {{ .Values.service.internalPort2 }}
660 # disable liveness probe when breakpoints set in debugger
661 # so K8s doesn't restart unresponsive container
662 {{ if .Values.liveness.enabled }}
665 port: {{ .Values.service.internalPort }}
666 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
667 periodSeconds: {{ .Values.liveness.periodSeconds }}
671 port: {{ .Values.service.internalPort }}
672 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
673 periodSeconds: {{ .Values.readiness.periodSeconds }}
675 {{ include "common.resources" . }}
676 {{- if .Values.nodeSelector }}
678 {{ toYaml .Values.nodeSelector | indent 8 }}
680 {{- if .Values.affinity }}
682 {{ toYaml .Values.affinity | indent 8 }}
685 # side car containers
686 - name: filebeat-onap
687 image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
688 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
690 - mountPath: /usr/share/filebeat/filebeat.yml
691 subPath: filebeat.yml
693 - mountPath: /var/log/onap
694 name: {{ include "common.fullname" . }}-logs
695 - mountPath: /usr/share/filebeat/data
696 name: {{ include "common.fullname" . }}-filebeat
698 {{ include "common.resources" . }}
699 {{ if .Values.global.installSidecarSecurity }}
700 - name: {{ .Values.global.rproxy.name }}
701 image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
702 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
705 value: "/opt/app/rproxy/config"
706 - name: KEY_STORE_PASSWORD
707 value: {{ .Values.sidecar.keyStorePassword }}
708 - name: spring_profiles_active
709 value: {{ .Values.global.rproxy.activeSpringProfiles }}
711 - name: {{ include "common.fullname" . }}-rproxy-config
712 mountPath: /opt/app/rproxy/config/forward-proxy.properties
713 subPath: forward-proxy.properties
714 - name: {{ include "common.fullname" . }}-rproxy-config
715 mountPath: /opt/app/rproxy/config/primary-service.properties
716 subPath: primary-service.properties
717 - name: {{ include "common.fullname" . }}-rproxy-config
718 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
719 subPath: reverse-proxy.properties
720 - name: {{ include "common.fullname" . }}-rproxy-config
721 mountPath: /opt/app/rproxy/config/cadi.properties
722 subPath: cadi.properties
723 - name: {{ include "common.fullname" . }}-rproxy-log-config
724 mountPath: /opt/app/rproxy/config/logback-spring.xml
725 subPath: logback-spring.xml
726 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
727 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
728 subPath: uri-authorization.json
729 - name: {{ include "common.fullname" . }}-rproxy-auth-config
730 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
731 subPath: tomcat_keystore
732 - name: {{ include "common.fullname" . }}-rproxy-auth-config
733 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
734 subPath: client-cert.p12
735 - name: {{ include "common.fullname" . }}-rproxy-auth-config
736 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
737 subPath: aaf_truststore.jks
738 - name: {{ include "common.fullname" . }}-rproxy-security-config
739 mountPath: /opt/app/rproxy/config/security/keyfile
741 - name: {{ include "common.fullname" . }}-rproxy-auth-config
742 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
743 subPath: org.onap.aai.p12
745 - containerPort: {{ .Values.global.rproxy.port }}
747 - name: {{ .Values.global.fproxy.name }}
748 image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
749 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
752 value: "/opt/app/fproxy/config"
753 - name: KEY_STORE_PASSWORD
754 value: {{ .Values.sidecar.keyStorePassword }}
755 - name: TRUST_STORE_PASSWORD
756 value: {{ .Values.sidecar.trustStorePassword }}
757 - name: spring_profiles_active
758 value: {{ .Values.global.fproxy.activeSpringProfiles }}
760 - name: {{ include "common.fullname" . }}-fproxy-config
761 mountPath: /opt/app/fproxy/config/fproxy.properties
762 subPath: fproxy.properties
763 - name: {{ include "common.fullname" . }}-fproxy-log-config
764 mountPath: /opt/app/fproxy/config/logback-spring.xml
765 subPath: logback-spring.xml
766 - name: {{ include "common.fullname" . }}-fproxy-auth-config
767 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
768 subPath: fproxy_truststore
769 - name: {{ include "common.fullname" . }}-fproxy-auth-config
770 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
771 subPath: tomcat_keystore
772 - name: {{ include "common.fullname" . }}-fproxy-auth-config
773 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
774 subPath: client-cert.p12
776 - containerPort: {{ .Values.global.fproxy.port }}
780 - name: aai-common-aai-auth-mount
782 secretName: aai-common-aai-auth
786 - name: filebeat-conf
789 - name: {{ include "common.fullname" . }}-logs
791 - name: {{ include "common.fullname" . }}-filebeat
793 - name: {{ include "common.fullname" . }}-log-conf
795 name: {{ include "common.fullname" . }}-log
796 - name: {{ include "common.fullname" . }}-localhost-access-log-conf
798 name: {{ include "common.fullname" . }}-localhost-access-log-configmap
799 - name: {{ include "common.fullname" . }}-db-real-conf
801 name: {{ include "common.fullname" . }}-db-real-configmap
802 - name: {{ include "common.fullname" . }}-db-cached-conf
804 name: {{ include "common.fullname" . }}-db-cached-configmap
805 - name: {{ include "common.fullname" . }}-aaiconfig-conf
807 name: {{ include "common.fullname" . }}-aaiconfig-configmap
808 - name: {{ include "common.fullname" . }}-aaf-properties
810 name: {{ include "common.fullname" . }}-aaf-props
811 - name: {{ include "common.fullname" . }}-aaf-certs
813 secretName: {{ include "common.fullname" . }}-aaf-keys
814 - name: {{ include "common.fullname" . }}-springapp-conf
816 name: {{ include "common.fullname" . }}-springapp-configmap
817 - name: {{ include "common.fullname" . }}-realm-conf
819 name: {{ include "common.fullname" . }}-realm-configmap
820 - name: {{ include "common.fullname" . }}-auth-truststore-sec
822 secretName: aai-common-truststore
824 {{ range $job := .Values.global.config.auth.files }}
828 {{ if .Values.global.installSidecarSecurity }}
829 - name: {{ include "common.fullname" . }}-aai-policy
831 name: {{ include "common.fullname" . }}-aai-policy-configmap
832 - name: {{ include "common.fullname" . }}-rproxy-config
834 name: {{ include "common.fullname" . }}-rproxy-config
835 - name: {{ include "common.fullname" . }}-rproxy-log-config
837 name: {{ include "common.fullname" . }}-rproxy-log-config
838 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
840 name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
841 - name: {{ include "common.fullname" . }}-rproxy-auth-config
843 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
844 - name: {{ include "common.fullname" . }}-rproxy-security-config
846 secretName: {{ include "common.fullname" . }}-rproxy-security-config
847 - name: {{ include "common.fullname" . }}-fproxy-config
849 name: {{ include "common.fullname" . }}-fproxy-config
850 - name: {{ include "common.fullname" . }}-fproxy-log-config
852 name: {{ include "common.fullname" . }}-fproxy-log-config
853 - name: {{ include "common.fullname" . }}-fproxy-auth-config
855 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
857 restartPolicy: {{ .Values.restartPolicy }}
859 - name: "{{ include "common.namespace" . }}-docker-registry-key"