kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml

   1 {{/*
   2 #
   3 # ============LICENSE_START=======================================================
   4 # org.onap.aai
   5 # ================================================================================
   6 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   7 # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
   8 # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
   9 # ================================================================================
  10 # Licensed under the Apache License, Version 2.0 (the "License");
  11 # you may not use this file except in compliance with the License.
  12 # You may obtain a copy of the License at
  13 #
  14 #    http://www.apache.org/licenses/LICENSE-2.0
  15 #
  16 # Unless required by applicable law or agreed to in writing, software
  17 # distributed under the License is distributed on an "AS IS" BASIS,
  18 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  19 # See the License for the specific language governing permissions and
  20 # limitations under the License.
  21 # ============LICENSE_END=========================================================
  22 */}}
  23 apiVersion: apps/v1
  24 kind: Deployment
  25 metadata:
  26   name: {{ include "common.fullname" . }}
  27   namespace: {{ include "common.namespace" . }}
  28   labels:
  29     app: {{ include "common.name" . }}
  30     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  31     release: {{ include "common.release" . }}
  32     heritage: {{ .Release.Service }}
  33 spec:
  34   replicas: {{ .Values.replicaCount }}
  35   minReadySeconds: {{ .Values.minReadySeconds }}
  36   strategy:
  37     type: {{ .Values.updateStrategy.type }}
  38     rollingUpdate:
  39       maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
  40       maxSurge: {{ .Values.updateStrategy.maxSurge }}
  41   selector:
  42     matchLabels:
  43       app: {{ include "common.name" . }}
  44   template:
  45     metadata:
  46       labels:
  47         app: {{ include "common.name" . }}
  48         release: {{ include "common.release" . }}
  49       name: {{ include "common.name" . }}
  50       annotations:
  51         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  52     spec:
  53       hostname: aai-graphadmin
  54       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
  55     {{ if .Values.global.initContainers.enabled }}
  56       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
  57       {{- if .Values.global.aafEnabled }}
  58       - command:
  59         - sh
  60         args:
  61         - -c
  62         - |
  63           echo "*** retrieve Truststore and Keystore password"
  64           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
  65           echo "*** obfuscate them "
  66           export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
  67           export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
  68           export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
  69           export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
  70           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
  71           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
  72           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
  73         image: {{ include "repositoryGenerator.image.jetty" . }}
  74         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  75         name: {{ include "common.name" . }}-obfuscate
  76         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
  77         securityContext:
  78           runAsUser: {{ .Values.securityContext.user_id }}
  79       - command:
  80         - sh
  81         args:
  82         - -c
  83         - |
  84           echo "*** Set obfuscated Truststore and Keystore password into configuration file"
  85           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
  86           cd /config-input
  87           for PFILE in `ls -1`
  88           do
  89             envsubst <${PFILE} >/config/${PFILE}
  90           done
  91         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
  92         - mountPath: /config-input
  93           name: properties-input
  94         - mountPath: /config
  95           name: properties
  96         image: {{ include "repositoryGenerator.image.envsubst" . }}
  97         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  98         name: {{ include "common.name" . }}-update-config
  99       {{- end }}
 100       - command:
 101       {{ if .Values.global.jobs.migration.enabled }}
 102         - /app/ready.py
 103         args:
 104         - --job-name
 105         - {{ include "common.release" . }}-aai-graphadmin-migration
 106       {{  else if .Values.global.jobs.createSchema.enabled  }}
 107         - /app/ready.py
 108         args:
 109         - --job-name
 110         - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
 111       {{  else }}
 112         - /app/ready.py
 113         args:
 114         - --container-name
 115         {{- if .Values.global.cassandra.localCluster }}
 116         - aai-cassandra
 117         {{- else }}
 118         - cassandra
 119         {{- end }}
 120         - --container-name
 121         - aai-schema-service
 122       {{  end  }}
 123         env:
 124         - name: NAMESPACE
 125           valueFrom:
 126             fieldRef:
 127               apiVersion: v1
 128               fieldPath: metadata.namespace
 129         image: {{ include "repositoryGenerator.image.readiness" . }}
 130         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 131         name: {{ include "common.name" . }}-readiness
 132       {{  end  }}
 133       containers:
 134       - name: {{ include "common.name" . }}
 135         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
 136         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 137         env:
 138         - name: LOCAL_USER_ID
 139           value: {{ .Values.securityContext.user_id | quote }}
 140         - name: LOCAL_GROUP_ID
 141           value: {{ .Values.securityContext.group_id | quote }}
 142         - name: INTERNAL_PORT_1
 143           value: {{ .Values.service.internalPort | quote }}
 144         - name: INTERNAL_PORT_2
 145           value: {{ .Values.service.internalPort2 | quote }}
 146         - name: INTERNAL_PORT_3
 147           value: {{ .Values.service.internalPort3 | quote }}
 148         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
 149         - mountPath: /etc/localtime
 150           name: localtime
 151           readOnly: true
 152         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
 153           name: config
 154           subPath: janusgraph-realtime.properties
 155         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
 156           name: config
 157           subPath: janusgraph-cached.properties
 158         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
 159           name: properties
 160           subPath: aaiconfig.properties
 161         - mountPath: /opt/aai/logroot/AAI-RES
 162           name: logs
 163         - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
 164           name: config
 165           subPath: logback.xml
 166         - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
 167           name: config
 168           subPath: localhost-access-logback.xml
 169         - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties
 170           name: config
 171           subPath: realm.properties
 172         - mountPath: /opt/app/aai-graphadmin/resources/application.properties
 173           name: properties
 174           subPath: application.properties
 175         ports:
 176         - containerPort: {{ .Values.service.internalPort }}
 177         - containerPort: {{ .Values.service.internalPort2 }}
 178         - containerPort: {{ .Values.service.internalPort3 }}
 179         lifecycle:
 180           # wait for active requests (long-running tasks) to be finished
 181           # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
 182           preStop:
 183             exec:
 184               command:
 185                 - sh
 186                 - -c
 187                 - |
 188                   while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
 189                   do sleep 10
 190                   done
 191         # disable liveness probe when breakpoints set in debugger
 192         # so K8s doesn't restart unresponsive container
 193         {{ if .Values.liveness.enabled }}
 194         livenessProbe:
 195           tcpSocket:
 196             port: {{ .Values.service.internalPort }}
 197           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 198           periodSeconds: {{ .Values.liveness.periodSeconds }}
 199         {{ end }}
 200         readinessProbe:
 201           tcpSocket:
 202             port: {{ .Values.service.internalPort }}
 203           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 204           periodSeconds: {{ .Values.readiness.periodSeconds }}
 205         resources:
 206 {{ include "common.resources" . }}
 207       {{- if .Values.nodeSelector }}
 208       nodeSelector:
 209 {{ toYaml .Values.nodeSelector | indent 8 }}
 210       {{- end -}}
 211       {{- if .Values.affinity }}
 212       affinity:
 213 {{ toYaml .Values.affinity | indent 8 }}
 214       {{- end }}
 215
 216       # side car containers
 217       {{ include "common.log.sidecar" . | nindent 6 }}
 218       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
 219       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
 220       - name: localtime
 221         hostPath:
 222           path: /etc/localtime
 223       - name: logs
 224         emptyDir: {}
 225       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
 226       - name: config
 227         configMap:
 228           name: {{ include "common.fullname" . }}
 229       - name: properties
 230       {{- if .Values.global.aafEnabled }}
 231         emptyDir:
 232           medium: Memory
 233       - name: properties-input
 234       {{- end }}
 235         configMap:
 236           name: {{ include "common.fullname" . }}-properties
 237       restartPolicy: {{ .Values.restartPolicy }}
 238       imagePullSecrets:
 239       - name: {{ include "common.namespace" . }}-docker-registry-key