1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2018 AT&T
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 apiVersion: extensions/v1beta1
19 name: {{ include "common.fullname" . }}
20 namespace: {{ include "common.namespace" . }}
22 app: {{ include "common.name" . }}
23 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
27 replicas: {{ .Values.replicaCount }}
30 app: {{ include "common.name" . }}
34 app: {{ include "common.name" . }}
35 release: {{ .Release.Name }}
36 name: {{ include "common.name" . }}
38 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
39 msb.onap.org/service-info: '[
41 "serviceName": "_aai-cloudInfrastructure",
43 "url": "/aai/v11/cloud-infrastructure",
47 "lb_policy":"ip_hash",
49 "path": "/aai/v11/cloud-infrastructure"
52 "serviceName": "_aai-cloudInfrastructure",
54 "url": "/aai/v12/cloud-infrastructure",
58 "lb_policy":"ip_hash",
60 "path": "/aai/v12/cloud-infrastructure"
63 "serviceName": "_aai-cloudInfrastructure",
65 "url": "/aai/v13/cloud-infrastructure",
69 "lb_policy":"ip_hash",
71 "path": "/aai/v13/cloud-infrastructure"
74 "serviceName": "_aai-cloudInfrastructure",
76 "url": "/aai/v14/cloud-infrastructure",
80 "lb_policy":"ip_hash",
82 "path": "/aai/v14/cloud-infrastructure"
85 "serviceName": "_aai-business",
87 "url": "/aai/v11/business",
91 "lb_policy":"ip_hash",
93 "path": "/aai/v11/business"
96 "serviceName": "_aai-business",
98 "url": "/aai/v12/business",
102 "lb_policy":"ip_hash",
104 "path": "/aai/v12/business"
107 "serviceName": "_aai-business",
109 "url": "/aai/v13/business",
113 "lb_policy":"ip_hash",
115 "path": "/aai/v13/business"
118 "serviceName": "_aai-business",
120 "url": "/aai/v14/business",
124 "lb_policy":"ip_hash",
126 "path": "/aai/v14/business"
129 "serviceName": "_aai-actions",
131 "url": "/aai/v11/actions",
135 "lb_policy":"ip_hash",
137 "path": "/aai/v11/actions"
140 "serviceName": "_aai-actions",
142 "url": "/aai/v12/actions",
146 "lb_policy":"ip_hash",
148 "path": "/aai/v12/actions"
151 "serviceName": "_aai-actions",
153 "url": "/aai/v13/actions",
157 "lb_policy":"ip_hash",
159 "path": "/aai/v13/actions"
162 "serviceName": "_aai-actions",
164 "url": "/aai/v14/actions",
168 "lb_policy":"ip_hash",
170 "path": "/aai/v14/actions"
173 "serviceName": "_aai-service-design-and-creation",
175 "url": "/aai/v11/service-design-and-creation",
179 "lb_policy":"ip_hash",
181 "path": "/aai/v11/service-design-and-creation"
184 "serviceName": "_aai-service-design-and-creation",
186 "url": "/aai/v12/service-design-and-creation",
190 "lb_policy":"ip_hash",
192 "path": "/aai/v12/service-design-and-creation"
195 "serviceName": "_aai-service-design-and-creation",
197 "url": "/aai/v13/service-design-and-creation",
201 "lb_policy":"ip_hash",
203 "path": "/aai/v13/service-design-and-creation"
206 "serviceName": "_aai-service-design-and-creation",
208 "url": "/aai/v14/service-design-and-creation",
212 "lb_policy":"ip_hash",
214 "path": "/aai/v14/service-design-and-creation"
217 "serviceName": "_aai-network",
219 "url": "/aai/v11/network",
223 "lb_policy":"ip_hash",
225 "path": "/aai/v11/network"
228 "serviceName": "_aai-network",
230 "url": "/aai/v12/network",
234 "lb_policy":"ip_hash",
236 "path": "/aai/v12/network"
239 "serviceName": "_aai-network",
241 "url": "/aai/v13/network",
245 "lb_policy":"ip_hash",
247 "path": "/aai/v13/network"
250 "serviceName": "_aai-network",
252 "url": "/aai/v14/network",
256 "lb_policy":"ip_hash",
258 "path": "/aai/v14/network"
261 "serviceName": "_aai-externalSystem",
263 "url": "/aai/v11/external-system",
267 "lb_policy":"ip_hash",
269 "path": "/aai/v11/external-system"
272 "serviceName": "_aai-externalSystem",
274 "url": "/aai/v12/external-system",
278 "lb_policy":"ip_hash",
280 "path": "/aai/v12/external-system"
283 "serviceName": "_aai-externalSystem",
285 "url": "/aai/v13/external-system",
289 "lb_policy":"ip_hash",
291 "path": "/aai/v13/external-system"
294 "serviceName": "_aai-externalSystem",
296 "url": "/aai/v14/external-system",
300 "lb_policy":"ip_hash",
302 "path": "/aai/v14/external-system"
305 "serviceName": "aai-cloudInfrastructure",
307 "url": "/aai/v11/cloud-infrastructure",
311 "lb_policy":"ip_hash",
315 "serviceName": "aai-cloudInfrastructure",
317 "url": "/aai/v12/cloud-infrastructure",
321 "lb_policy":"ip_hash",
325 "serviceName": "aai-cloudInfrastructure",
327 "url": "/aai/v13/cloud-infrastructure",
331 "lb_policy":"ip_hash",
335 "serviceName": "aai-cloudInfrastructure",
337 "url": "/aai/v14/cloud-infrastructure",
341 "lb_policy":"ip_hash",
345 "serviceName": "aai-business",
347 "url": "/aai/v11/business",
351 "lb_policy":"ip_hash",
355 "serviceName": "aai-business",
357 "url": "/aai/v12/business",
361 "lb_policy":"ip_hash",
365 "serviceName": "aai-business",
367 "url": "/aai/v13/business",
371 "lb_policy":"ip_hash",
375 "serviceName": "aai-business",
377 "url": "/aai/v14/business",
381 "lb_policy":"ip_hash",
385 "serviceName": "aai-actions",
387 "url": "/aai/v11/actions",
391 "lb_policy":"ip_hash",
395 "serviceName": "aai-actions",
397 "url": "/aai/v12/actions",
401 "lb_policy":"ip_hash",
405 "serviceName": "aai-actions",
407 "url": "/aai/v13/actions",
411 "lb_policy":"ip_hash",
415 "serviceName": "aai-actions",
417 "url": "/aai/v14/actions",
421 "lb_policy":"ip_hash",
425 "serviceName": "aai-service-design-and-creation",
427 "url": "/aai/v11/service-design-and-creation",
431 "lb_policy":"ip_hash",
435 "serviceName": "aai-service-design-and-creation",
437 "url": "/aai/v12/service-design-and-creation",
441 "lb_policy":"ip_hash",
445 "serviceName": "aai-service-design-and-creation",
447 "url": "/aai/v13/service-design-and-creation",
451 "lb_policy":"ip_hash",
455 "serviceName": "aai-service-design-and-creation",
457 "url": "/aai/v14/service-design-and-creation",
461 "lb_policy":"ip_hash",
465 "serviceName": "aai-network",
467 "url": "/aai/v11/network",
471 "lb_policy":"ip_hash",
475 "serviceName": "aai-network",
477 "url": "/aai/v12/network",
481 "lb_policy":"ip_hash",
485 "serviceName": "aai-network",
487 "url": "/aai/v13/network",
491 "lb_policy":"ip_hash",
495 "serviceName": "aai-network",
497 "url": "/aai/v14/network",
501 "lb_policy":"ip_hash",
505 "serviceName": "aai-externalSystem",
507 "url": "/aai/v11/external-system",
511 "lb_policy":"ip_hash",
515 "serviceName": "aai-externalSystem",
517 "url": "/aai/v12/external-system",
521 "lb_policy":"ip_hash",
525 "serviceName": "aai-externalSystem",
527 "url": "/aai/v13/external-system",
531 "lb_policy":"ip_hash",
535 "serviceName": "aai-externalSystem",
537 "url": "/aai/v14/external-system",
541 "lb_policy":"ip_hash",
546 hostname: aai-resources
547 {{ if .Values.global.initContainers.enabled }}
548 {{ if .Values.global.installSidecarSecurity }}
550 - ip: {{ .Values.global.aaf.serverIp }}
552 - {{ .Values.global.aaf.serverHostname }}
556 {{ if .Values.global.jobs.createSchema.enabled }}
557 - /root/job_complete.py
560 - {{ .Release.Name }}-aai-graphadmin-create-db-schema
574 fieldPath: metadata.namespace
575 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
576 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
577 name: {{ include "common.name" . }}-readiness
578 {{ if .Values.global.installSidecarSecurity }}
579 - name: {{ .Values.global.tproxyConfig.name }}
580 image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
581 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
587 - name: {{ include "common.name" . }}
588 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
589 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
591 - name: LOCAL_USER_ID
592 value: {{ .Values.global.config.userId | quote }}
593 - name: LOCAL_GROUP_ID
594 value: {{ .Values.global.config.groupId | quote }}
596 - mountPath: /etc/localtime
599 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
600 name: {{ include "common.fullname" . }}-db-real-conf
601 subPath: janusgraph-realtime.properties
602 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
603 name: {{ include "common.fullname" . }}-db-cached-conf
604 subPath: janusgraph-cached.properties
605 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
606 name: {{ include "common.fullname" . }}-aaiconfig-conf
607 subPath: aaiconfig.properties
608 - mountPath: /opt/aai/logroot/AAI-RES
609 name: {{ include "common.fullname" . }}-logs
610 - mountPath: /opt/app/aai-resources/resources/logback.xml
611 name: {{ include "common.fullname" . }}-log-conf
613 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
614 name: {{ include "common.fullname" . }}-localhost-access-log-conf
615 subPath: localhost-access-logback.xml
616 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
617 name: {{ include "common.fullname" . }}-realm-conf
618 subPath: realm.properties
619 {{ if .Values.global.installSidecarSecurity }}
620 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
621 name: {{ include "common.fullname" . }}-aai-policy
622 subPath: aai_policy.json
624 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
625 name: {{ include "common.fullname" . }}-aaf-certs
626 subPath: org.onap.aai.keyfile
627 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
628 name: {{ include "common.fullname" . }}-aaf-certs
629 subPath: bath_config.csv
630 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
631 name: {{ include "common.fullname" . }}-aaf-properties
632 subPath: org.onap.aai.props
633 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
634 name: {{ include "common.fullname" . }}-aaf-properties
635 subPath: org.osaaf.location.props
636 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
637 name: {{ include "common.fullname" . }}-aaf-properties
638 subPath: permissions.properties
639 - mountPath: /opt/app/aai-resources/resources/cadi.properties
640 name: {{ include "common.fullname" . }}-aaf-properties
641 subPath: cadi.properties
642 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
643 name: {{ include "common.fullname" . }}-aaf-certs
644 subPath: org.onap.aai.p12
645 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
646 name: aai-common-aai-auth-mount
647 subPath: truststoreONAPall.jks
648 - mountPath: /opt/app/aai-resources/resources/application.properties
649 name: {{ include "common.fullname" . }}-springapp-conf
650 subPath: application.properties
652 {{ range $job := .Values.global.config.auth.files }}
653 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
654 name: {{ include "common.fullname" $global }}-auth-truststore-sec
658 - containerPort: {{ .Values.service.internalPort }}
659 - containerPort: {{ .Values.service.internalPort2 }}
660 # disable liveness probe when breakpoints set in debugger
661 # so K8s doesn't restart unresponsive container
662 {{ if .Values.liveness.enabled }}
665 port: {{ .Values.service.internalPort }}
666 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
667 periodSeconds: {{ .Values.liveness.periodSeconds }}
671 port: {{ .Values.service.internalPort }}
672 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
673 periodSeconds: {{ .Values.readiness.periodSeconds }}
675 {{ include "common.resources" . | indent 12 }}
676 {{- if .Values.nodeSelector }}
678 {{ toYaml .Values.nodeSelector | indent 8 }}
680 {{- if .Values.affinity }}
682 {{ toYaml .Values.affinity | indent 8 }}
685 # side car containers
686 - name: filebeat-onap
687 image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
688 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
690 - mountPath: /usr/share/filebeat/filebeat.yml
691 subPath: filebeat.yml
693 - mountPath: /var/log/onap
694 name: {{ include "common.fullname" . }}-logs
695 - mountPath: /usr/share/filebeat/data
696 name: {{ include "common.fullname" . }}-filebeat
697 {{ if .Values.global.installSidecarSecurity }}
698 - name: {{ .Values.global.rproxy.name }}
699 image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
700 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
703 value: "/opt/app/rproxy/config"
704 - name: KEY_STORE_PASSWORD
705 value: {{ .Values.sidecar.keyStorePassword }}
706 - name: spring_profiles_active
707 value: {{ .Values.global.rproxy.activeSpringProfiles }}
709 - name: {{ include "common.fullname" . }}-rproxy-config
710 mountPath: /opt/app/rproxy/config/forward-proxy.properties
711 subPath: forward-proxy.properties
712 - name: {{ include "common.fullname" . }}-rproxy-config
713 mountPath: /opt/app/rproxy/config/primary-service.properties
714 subPath: primary-service.properties
715 - name: {{ include "common.fullname" . }}-rproxy-config
716 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
717 subPath: reverse-proxy.properties
718 - name: {{ include "common.fullname" . }}-rproxy-config
719 mountPath: /opt/app/rproxy/config/cadi.properties
720 subPath: cadi.properties
721 - name: {{ include "common.fullname" . }}-rproxy-log-config
722 mountPath: /opt/app/rproxy/config/logback-spring.xml
723 subPath: logback-spring.xml
724 - name: {{ include "common.fullname" . }}-rproxy-auth-config
725 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
726 subPath: tomcat_keystore
727 - name: {{ include "common.fullname" . }}-rproxy-auth-config
728 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
729 subPath: client-cert.p12
730 - name: {{ include "common.fullname" . }}-rproxy-auth-config
731 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
732 subPath: uri-authorization.json
733 - name: {{ include "common.fullname" . }}-rproxy-auth-config
734 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
735 subPath: aaf_truststore.jks
736 - name: {{ include "common.fullname" . }}-rproxy-security-config
737 mountPath: /opt/app/rproxy/config/security/keyfile
739 - name: {{ include "common.fullname" . }}-rproxy-auth-config
740 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
741 subPath: org.onap.aai.p12
743 - containerPort: {{ .Values.global.rproxy.port }}
745 - name: {{ .Values.global.fproxy.name }}
746 image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
747 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
750 value: "/opt/app/fproxy/config"
751 - name: KEY_STORE_PASSWORD
752 value: {{ .Values.sidecar.keyStorePassword }}
753 - name: TRUST_STORE_PASSWORD
754 value: {{ .Values.sidecar.trustStorePassword }}
755 - name: spring_profiles_active
756 value: {{ .Values.global.fproxy.activeSpringProfiles }}
758 - name: {{ include "common.fullname" . }}-fproxy-config
759 mountPath: /opt/app/fproxy/config/fproxy.properties
760 subPath: fproxy.properties
761 - name: {{ include "common.fullname" . }}-fproxy-log-config
762 mountPath: /opt/app/fproxy/config/logback-spring.xml
763 subPath: logback-spring.xml
764 - name: {{ include "common.fullname" . }}-fproxy-auth-config
765 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
766 subPath: fproxy_truststore
767 - name: {{ include "common.fullname" . }}-fproxy-auth-config
768 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
769 subPath: tomcat_keystore
770 - name: {{ include "common.fullname" . }}-fproxy-auth-config
771 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
772 subPath: client-cert.p12
774 - containerPort: {{ .Values.global.fproxy.port }}
778 - name: aai-common-aai-auth-mount
780 secretName: aai-common-aai-auth
784 - name: filebeat-conf
787 - name: {{ include "common.fullname" . }}-logs
789 - name: {{ include "common.fullname" . }}-filebeat
791 - name: {{ include "common.fullname" . }}-log-conf
793 name: {{ include "common.fullname" . }}-log
794 - name: {{ include "common.fullname" . }}-localhost-access-log-conf
796 name: {{ include "common.fullname" . }}-localhost-access-log-configmap
797 - name: {{ include "common.fullname" . }}-db-real-conf
799 name: {{ include "common.fullname" . }}-db-real-configmap
800 - name: {{ include "common.fullname" . }}-db-cached-conf
802 name: {{ include "common.fullname" . }}-db-cached-configmap
803 - name: {{ include "common.fullname" . }}-aaiconfig-conf
805 name: {{ include "common.fullname" . }}-aaiconfig-configmap
806 - name: {{ include "common.fullname" . }}-aaf-properties
808 name: {{ include "common.fullname" . }}-aaf-props
809 - name: {{ include "common.fullname" . }}-aaf-certs
811 secretName: {{ include "common.fullname" . }}-aaf-keys
812 - name: {{ include "common.fullname" . }}-springapp-conf
814 name: {{ include "common.fullname" . }}-springapp-configmap
815 - name: {{ include "common.fullname" . }}-realm-conf
817 name: {{ include "common.fullname" . }}-realm-configmap
818 - name: {{ include "common.fullname" . }}-auth-truststore-sec
820 secretName: aai-common-truststore
822 {{ range $job := .Values.global.config.auth.files }}
826 {{ if .Values.global.installSidecarSecurity }}
827 - name: {{ include "common.fullname" . }}-aai-policy
829 name: {{ include "common.fullname" . }}-aai-policy-configmap
830 - name: {{ include "common.fullname" . }}-rproxy-config
832 name: {{ include "common.fullname" . }}-rproxy-config
833 - name: {{ include "common.fullname" . }}-rproxy-log-config
835 name: {{ include "common.fullname" . }}-rproxy-log-config
836 - name: {{ include "common.fullname" . }}-rproxy-auth-config
838 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
839 - name: {{ include "common.fullname" . }}-rproxy-security-config
841 secretName: {{ include "common.fullname" . }}-rproxy-security-config
842 - name: {{ include "common.fullname" . }}-fproxy-config
844 name: {{ include "common.fullname" . }}-fproxy-config
845 - name: {{ include "common.fullname" . }}-fproxy-log-config
847 name: {{ include "common.fullname" . }}-fproxy-log-config
848 - name: {{ include "common.fullname" . }}-fproxy-auth-config
850 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
852 restartPolicy: {{ .Values.restartPolicy }}
854 - name: "{{ include "common.namespace" . }}-docker-registry-key"