kubernetes/aai/components/aai-babel/templates/deployment.yaml

   1 # Copyright © 2018 Amdocs, AT&T
   2 # Modifications Copyright © 2018 Bell Canada
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: apps/v1
  17 kind: Deployment
  18 metadata:
  19   name: {{ include "common.fullname" . }}
  20   namespace: {{ include "common.namespace" . }}
  21   labels:
  22     app: {{ include "common.name" . }}
  23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  24     release: {{ include "common.release" . }}
  25     heritage: {{ .Release.Service }}
  26 spec:
  27   selector:
  28     matchLabels:
  29       app: {{ include "common.name" . }}
  30   replicas: {{ .Values.replicaCount }}
  31   template:
  32     metadata:
  33       labels:
  34         app: {{ include "common.name" . }}
  35         release: {{ include "common.release" . }}
  36     spec:
  37     {{ if .Values.global.installSidecarSecurity }}
  38       hostAliases:
  39       - ip: {{ .Values.global.aaf.serverIp }}
  40         hostnames:
  41         - {{ .Values.global.aaf.serverHostname }}
  42
  43       initContainers:
  44         - name: {{ .Values.global.tproxyConfig.name }}
  45           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
  46           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  47           securityContext:
  48             privileged: true
  49     {{ end }}
  50       containers:
  51         - name: {{ include "common.name" . }}
  52           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  53           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  54           ports:
  55           - containerPort: {{ .Values.service.internalPort }}
  56           # disable liveness probe when breakpoints set in debugger
  57           # so K8s doesn't restart unresponsive container
  58           {{ if .Values.liveness.enabled }}
  59           livenessProbe:
  60             tcpSocket:
  61               port: {{ .Values.service.internalPort }}
  62             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  63             periodSeconds: {{ .Values.liveness.periodSeconds }}
  64           {{ end }}
  65           readinessProbe:
  66             tcpSocket:
  67               port: {{ .Values.service.internalPort }}
  68             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  69             periodSeconds: {{ .Values.readiness.periodSeconds }}
  70           env:
  71             - name: CONFIG_HOME
  72               value: /opt/app/babel/config
  73             - name: KEY_STORE_PASSWORD
  74               valueFrom:
  75                 secretKeyRef:
  76                   name: {{ template "common.fullname" . }}-pass
  77                   key: KEY_STORE_PASSWORD
  78             - name: KEY_MANAGER_PASSWORD
  79               valueFrom:
  80                 secretKeyRef:
  81                   name: {{ template "common.fullname" . }}-pass
  82                   key: KEY_MANAGER_PASSWORD
  83           volumeMounts:
  84           - mountPath: /etc/localtime
  85             name: localtime
  86             readOnly: true
  87           - mountPath: /opt/app/babel/config/artifact-generator.properties
  88             name: {{ include "common.fullname" . }}-config
  89             subPath: artifact-generator.properties
  90           - mountPath: /opt/app/babel/config/tosca-mappings.json
  91             name: {{ include "common.fullname" . }}-config
  92             subPath: tosca-mappings.json
  93           - mountPath: /opt/app/babel/config/babel-auth.properties
  94             name: {{ include "common.fullname" . }}-config
  95             subPath: babel-auth.properties
  96           - mountPath: /opt/app/babel/config/auth
  97             name: {{ include "common.fullname" . }}-secrets
  98           - mountPath: /var/log/onap
  99             name: {{ include "common.fullname" . }}-logs
 100           - mountPath: /opt/app/babel/config/logback.xml
 101             name: {{ include "common.fullname" . }}-config
 102             subPath: logback.xml
 103           resources:
 104 {{ include "common.resources" . }}
 105       {{- if .Values.nodeSelector }}
 106       nodeSelector:
 107 {{ toYaml .Values.nodeSelector | indent 8 }}
 108       {{- end -}}
 109       {{- if .Values.affinity }}
 110       affinity:
 111 {{ toYaml .Values.affinity | indent 8 }}
 112       {{- end }}
 113
 114         # side car containers
 115         - name: filebeat-onap
 116           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
 117           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 118           volumeMounts:
 119           - mountPath: /usr/share/filebeat/filebeat.yml
 120             subPath: filebeat.yml
 121             name: filebeat-conf
 122           - mountPath: /var/log/onap
 123             name: {{ include "common.fullname" . }}-logs
 124           - mountPath: /usr/share/filebeat/data
 125             name: aai-filebeat
 126
 127     {{ if .Values.global.installSidecarSecurity }}
 128         - name: {{ .Values.global.rproxy.name }}
 129           image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
 130           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 131           env:
 132           - name: CONFIG_HOME
 133             value: "/opt/app/rproxy/config"
 134           - name: KEY_STORE_PASSWORD
 135             value: {{ .Values.config.keyStorePassword }}
 136           - name: spring_profiles_active
 137             value: {{ .Values.global.rproxy.activeSpringProfiles }}
 138           volumeMounts:
 139           - name: {{ include "common.fullname" . }}-rproxy-config
 140             mountPath: /opt/app/rproxy/config/forward-proxy.properties
 141             subPath: forward-proxy.properties
 142           - name: {{ include "common.fullname" . }}-rproxy-config
 143             mountPath: /opt/app/rproxy/config/primary-service.properties
 144             subPath: primary-service.properties
 145           - name: {{ include "common.fullname" . }}-rproxy-config
 146             mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 147             subPath: reverse-proxy.properties
 148           - name: {{ include "common.fullname" . }}-rproxy-config
 149             mountPath: /opt/app/rproxy/config/cadi.properties
 150             subPath: cadi.properties
 151           - name: {{ include "common.fullname" . }}-rproxy-log-config
 152             mountPath: /opt/app/rproxy/config/logback-spring.xml
 153             subPath: logback-spring.xml
 154           - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 155             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 156             subPath: uri-authorization.json
 157           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 158             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 159             subPath: tomcat_keystore
 160           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 161             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 162             subPath: client-cert.p12
 163           - name: {{ include "common.fullname" . }}-rproxy-auth-config
 164             mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
 165             subPath: aaf_truststore.jks
 166           - name: {{ include "common.fullname" . }}-rproxy-security-config
 167             mountPath: /opt/app/rproxy/config/security/keyfile
 168             subPath: keyfile
 169
 170           ports:
 171           - containerPort: {{ .Values.global.rproxy.port }}
 172
 173         - name: {{ .Values.global.fproxy.name }}
 174           image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
 175           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 176           env:
 177           - name: CONFIG_HOME
 178             value: "/opt/app/fproxy/config"
 179           - name: KEY_STORE_PASSWORD
 180             value: {{ .Values.config.keyStorePassword }}
 181           - name: spring_profiles_active
 182             value: {{ .Values.global.fproxy.activeSpringProfiles }}
 183           volumeMounts:
 184           - name: {{ include "common.fullname" . }}-fproxy-config
 185             mountPath: /opt/app/fproxy/config/fproxy.properties
 186             subPath: fproxy.properties
 187           - name: {{ include "common.fullname" . }}-fproxy-log-config
 188             mountPath: /opt/app/fproxy/config/logback-spring.xml
 189             subPath: logback-spring.xml
 190           - name: {{ include "common.fullname" . }}-fproxy-auth-config
 191             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 192             subPath: tomcat_keystore
 193           - name: {{ include "common.fullname" . }}-fproxy-auth-config
 194             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 195             subPath: client-cert.p12
 196           ports:
 197           - containerPort: {{ .Values.global.fproxy.port }}
 198     {{ end }}
 199
 200       volumes:
 201         - name: localtime
 202           hostPath:
 203             path: /etc/localtime
 204         - name: {{ include "common.fullname" . }}-config
 205           configMap:
 206             name: {{ include "common.fullname" . }}-configmap
 207             items:
 208             - key: artifact-generator.properties
 209               path: artifact-generator.properties
 210             - key: tosca-mappings.json
 211               path: tosca-mappings.json
 212             - key: babel-auth.properties
 213               path: babel-auth.properties
 214             - key: logback.xml
 215               path: logback.xml
 216         - name: {{ include "common.fullname" . }}-secrets
 217           secret:
 218             secretName: {{ include "common.fullname" . }}-babel-secrets
 219         - name: filebeat-conf
 220           configMap:
 221             name: aai-filebeat
 222         - name: {{ include "common.fullname" . }}-logs
 223           emptyDir: {}
 224         - name: aai-filebeat
 225           emptyDir: {}
 226     {{ if .Values.global.installSidecarSecurity }}
 227         - name: {{ include "common.fullname" . }}-rproxy-config
 228           configMap:
 229             name: {{ include "common.fullname" . }}-rproxy-config
 230         - name: {{ include "common.fullname" . }}-rproxy-log-config
 231           configMap:
 232             name: {{ include "common.fullname" . }}-rproxy-log-config
 233         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 234           configMap:
 235             name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 236         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 237           secret:
 238             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 239         - name: {{ include "common.fullname" . }}-rproxy-security-config
 240           secret:
 241             secretName: {{ include "common.fullname" . }}-rproxy-security-config
 242         - name: {{ include "common.fullname" . }}-fproxy-config
 243           configMap:
 244             name: {{ include "common.fullname" . }}-fproxy-config
 245         - name: {{ include "common.fullname" . }}-fproxy-log-config
 246           configMap:
 247             name: {{ include "common.fullname" . }}-fproxy-log-config
 248         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 249           secret:
 250             secretName: {{ include "common.fullname" . }}-fproxy-auth-config
 251     {{ end }}
 252
 253       imagePullSecrets:
 254       - name: "{{ include "common.namespace" . }}-docker-registry-key"