Code Review / oom.git / blob
? search:


d3136d8dda58ee10f500747744000acdfaef67e0
[oom.git] / kubernetes / aai / components / aai-modelloader / templates / deployment.yaml
1 {{/*
2 # Copyright © 2018 Amdocs, AT&T
3 # Modifications Copyright © 2018 Bell Canada
4 # Modifications Copyright © 2020-2021 Orange
5 #
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
9 #
10 #       http://www.apache.org/licenses/LICENSE-2.0
11 #
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 */}}
18
19 apiVersion: apps/v1
20 kind: Deployment
21 metadata:
22   name: {{ include "common.fullname" . }}
23   namespace: {{ include "common.namespace" . }}
24   labels:
25     app: {{ include "common.name" . }}
26     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
27     release: {{ include "common.release" . }}
28     heritage: {{ .Release.Service }}
29 spec:
30   replicas: {{ .Values.replicaCount }}
31   strategy:
32     type: {{ .Values.updateStrategy.type }}
33     {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
34     rollingUpdate:
35       maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
36       maxSurge: {{ .Values.updateStrategy.maxSurge }}
37     {{- end }}
38   selector:
39     matchLabels:
40       app: {{ include "common.name" . }}
41   template:
42     metadata:
43       labels:
44         app: {{ include "common.name" . }}
45         release: {{ include "common.release" . }}
46       name: {{ include "common.name" . }}
47     spec:
48       {{- if .Values.nodeSelector }}
49       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
50       {{- end -}}
51       {{- if .Values.affinity }}
52       affinity: {{ toYaml .Values.affinity | nindent 8 }}
53       {{- end }}
54       {{- if .Values.global.aafEnabled }}
55       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
56       - command:
57         - sh
58         args:
59         - -c
60         - |
61           echo "*** retrieve Truststore and Keystore password"
62           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
63           echo "*** obfuscate them "
64           export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
65           export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
66           export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
67           export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
68           export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
69           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
70           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
71         image: {{ include "repositoryGenerator.image.jetty" . }}
72         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
73         name: {{ include "common.name" . }}-obfuscate
74         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
75         securityContext:
76           runAsUser: {{ .Values.securityContext.user_id }}
77       - command:
78         - sh
79         args:
80         - -c
81         - |
82           echo "*** Set obfuscated Truststore and Keystore password into configuration file"
83           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
84           cd /config-input
85           for PFILE in `ls -1`
86           do
87             envsubst <${PFILE} >/config/${PFILE}
88           done
89         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
90         - mountPath: /config-input
91           name: prop-config-input
92         - mountPath: /config
93           name: prop-config
94         image: {{ include "repositoryGenerator.image.envsubst" . }}
95         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
96         name: {{ include "common.name" . }}-update-config
97       {{- end }}
98       containers:
99       - name: {{ include "common.name" . }}
100         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
101         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
102         env:
103         - name: CONFIG_HOME
104           value: /opt/app/model-loader/config/
105         - name: SECURITY_PROTOCOL
106           value: {{ .Values.config.kafka.securityProtocol }}
107         - name: SASL_MECHANISM
108           value: {{ .Values.config.kafka.saslMechanism }}
109         - name: SASL_JAAS_CONFIG
110           value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
111         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
112         - mountPath: /etc/localtime
113           name: localtime
114           readOnly: true
115         - mountPath: /opt/app/model-loader/config/model-loader.properties
116           subPath: model-loader.properties
117           name: prop-config
118         - mountPath: /opt/app/model-loader/config/auth/
119           name: auth-config
120         - mountPath: {{ .Values.log.path }}
121           name: logs
122         - mountPath: /opt/app/model-loader/logback.xml
123           name: log-config
124           subPath: logback.xml
125         resources: {{ include "common.resources" . | nindent 10 }}
126       # side car containers
127         {{ include "common.log.sidecar" . | nindent 6 }}
128       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
129       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
130       - name: localtime
131         hostPath:
132           path: /etc/localtime
133       - name: prop-config
134       {{- if .Values.global.aafEnabled }}
135         emptyDir:
136           medium: Memory
137       - name: prop-config-input
138       {{- end }}
139         configMap:
140           name: {{ include "common.fullname" . }}-prop
141       - name: auth-config
142         secret:
143           secretName: {{ include "common.fullname" . }}
144       - name: logs
145         emptyDir: {}
146       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
147       - name: log-config
148         configMap:
149           name: {{ include "common.fullname" . }}-log
150       restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
151       imagePullSecrets:
152       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).