2 # Copyright (c) 2017 Amdocs, Bell Canada
3 # Modifications Copyright (c) 2018 AT&T
4 # Modifications Copyright (c) 2020 Nokia
5 # Modifications Copyright (c) 2021 Orange
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
23 name: {{ include "common.fullname" . }}
24 namespace: {{ include "common.namespace" . }}
26 app: {{ include "common.name" . }}
27 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
28 release: {{ include "common.release" . }}
29 heritage: {{ .Release.Service }}
31 replicas: {{ .Values.replicaCount }}
34 app: {{ include "common.name" . }}
38 app: {{ include "common.name" . }}
39 release: {{ include "common.release" . }}
40 name: {{ include "common.name" . }}
42 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
43 {{- if .Values.global.msbEnabled }}
44 {{ $values := .Values }}
45 msb.onap.org/service-info: '[
46 {{- range $api_endpoint := $values.aai_enpoints -}}
47 {{- range $api_version := $values.api_list }}
49 "serviceName": "_{{ $api_endpoint.name }}",
50 "version": "v{{ $api_version }}",
51 "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
55 "lb_policy":"ip_hash",
57 "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
60 "serviceName": "{{ $api_endpoint.name }}",
61 "version": "v{{ $api_version }}",
62 "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
66 "lb_policy":"ip_hash",
74 hostname: aai-resources
75 {{- if .Values.global.initContainers.enabled }}
76 {{- if .Values.global.installSidecarSecurity }}
78 - ip: {{ .Values.global.aaf.serverIp }}
80 - {{ .Values.global.aaf.serverHostname }}
84 {{- if .Values.global.jobs.migration.enabled }}
88 - {{ include "common.release" . }}-aai-graphadmin-migration
89 {{- else if .Values.global.jobs.createSchema.enabled }}
93 - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
98 {{- if .Values.global.cassandra.localCluster }}
111 fieldPath: metadata.namespace
112 image: {{ include "repositoryGenerator.image.readiness" . }}
113 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
114 name: {{ include "common.name" . }}-readiness
115 {{- if .Values.global.installSidecarSecurity }}
116 - name: {{ .Values.global.tproxyConfig.name }}
117 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
118 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
124 - name: {{ include "common.name" . }}
125 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
126 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
128 - name: LOCAL_USER_ID
129 value: {{ .Values.global.config.userId | quote }}
130 - name: LOCAL_GROUP_ID
131 value: {{ .Values.global.config.groupId | quote }}
132 - name: POST_JAVA_OPTS
133 value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit'
135 - mountPath: /etc/localtime
138 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
139 name: {{ include "common.fullname" . }}-config
140 subPath: janusgraph-realtime.properties
141 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
142 name: {{ include "common.fullname" . }}-config
143 subPath: janusgraph-cached.properties
144 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
145 name: {{ include "common.fullname" . }}-config
146 subPath: aaiconfig.properties
147 - mountPath: /opt/aai/logroot/AAI-RES
148 name: {{ include "common.fullname" . }}-logs
149 - mountPath: /opt/app/aai-resources/resources/logback.xml
150 name: {{ include "common.fullname" . }}-config
152 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
153 name: {{ include "common.fullname" . }}-config
154 subPath: localhost-access-logback.xml
155 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
156 name: {{ include "common.fullname" . }}-config
157 subPath: realm.properties
158 {{- if .Values.global.installSidecarSecurity }}
159 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
160 name: {{ include "common.fullname" . }}-aai-policy
161 subPath: aai_policy.json
163 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
164 name: {{ include "common.fullname" . }}-aaf-certs
165 subPath: org.onap.aai.keyfile
166 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
167 name: {{ include "common.fullname" . }}-aaf-certs
168 subPath: bath_config.csv
169 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
170 name: {{ include "common.fullname" . }}-aaf-properties
171 subPath: org.onap.aai.props
172 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
173 name: {{ include "common.fullname" . }}-aaf-properties
174 subPath: org.osaaf.location.props
175 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
176 name: {{ include "common.fullname" . }}-aaf-properties
177 subPath: permissions.properties
178 - mountPath: /opt/app/aai-resources/resources/cadi.properties
179 name: {{ include "common.fullname" . }}-aaf-properties
180 subPath: cadi.properties
181 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
182 name: {{ include "common.fullname" . }}-aaf-certs
183 subPath: org.onap.aai.p12
184 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
185 name: aai-common-aai-auth-mount
186 subPath: truststoreONAPall.jks
187 - mountPath: /opt/app/aai-resources/resources/application.properties
188 name: {{ include "common.fullname" . }}-config
189 subPath: application.properties
190 - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
191 name: {{ include "common.fullname" . }}-config
192 subPath: application-keycloak.properties
194 {{- range $job := .Values.global.config.auth.files }}
195 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
196 name: {{ include "common.fullname" $global }}-auth-truststore-sec
200 - containerPort: {{ .Values.service.internalPort }}
201 - containerPort: {{ .Values.service.internalPort2 }}
202 # disable liveness probe when breakpoints set in debugger
203 # so K8s doesn't restart unresponsive container
204 {{- if .Values.liveness.enabled }}
207 port: {{ .Values.service.internalPort }}
208 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
209 periodSeconds: {{ .Values.liveness.periodSeconds }}
213 port: {{ .Values.service.internalPort }}
214 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
215 periodSeconds: {{ .Values.readiness.periodSeconds }}
216 resources: {{ include "common.resources" . | nindent 12 }}
217 {{- if .Values.nodeSelector }}
218 nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
220 {{- if .Values.affinity }}
221 affinity: {{ toYaml .Values.affinity | nindent 8 }}
223 # side car containers
224 - name: filebeat-onap
225 image: {{ include "repositoryGenerator.image.logging" . }}
226 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
228 - mountPath: /usr/share/filebeat/filebeat.yml
229 subPath: filebeat.yml
231 - mountPath: /var/log/onap
232 name: {{ include "common.fullname" . }}-logs
233 - mountPath: /usr/share/filebeat/data
234 name: {{ include "common.fullname" . }}-filebeat
235 resources: {{ include "common.resources" . | nindent 12 }}
236 {{- if .Values.global.installSidecarSecurity }}
237 - name: {{ .Values.global.rproxy.name }}
238 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
239 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
242 value: "/opt/app/rproxy/config"
243 - name: KEY_STORE_PASSWORD
244 value: {{ .Values.sidecar.keyStorePassword }}
245 - name: spring_profiles_active
246 value: {{ .Values.global.rproxy.activeSpringProfiles }}
248 - name: {{ include "common.fullname" . }}-rproxy-config
249 mountPath: /opt/app/rproxy/config/forward-proxy.properties
250 subPath: forward-proxy.properties
251 - name: {{ include "common.fullname" . }}-rproxy-config
252 mountPath: /opt/app/rproxy/config/primary-service.properties
253 subPath: primary-service.properties
254 - name: {{ include "common.fullname" . }}-rproxy-config
255 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
256 subPath: reverse-proxy.properties
257 - name: {{ include "common.fullname" . }}-rproxy-config
258 mountPath: /opt/app/rproxy/config/cadi.properties
259 subPath: cadi.properties
260 - name: {{ include "common.fullname" . }}-rproxy-log-config
261 mountPath: /opt/app/rproxy/config/logback-spring.xml
262 subPath: logback-spring.xml
263 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
264 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
265 subPath: uri-authorization.json
266 - name: {{ include "common.fullname" . }}-rproxy-auth-config
267 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
268 subPath: tomcat_keystore
269 - name: {{ include "common.fullname" . }}-rproxy-auth-config
270 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
271 subPath: client-cert.p12
272 - name: {{ include "common.fullname" . }}-rproxy-auth-config
273 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
274 subPath: aaf_truststore.jks
275 - name: {{ include "common.fullname" . }}-rproxy-security-config
276 mountPath: /opt/app/rproxy/config/security/keyfile
278 - name: {{ include "common.fullname" . }}-rproxy-auth-config
279 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
280 subPath: org.onap.aai.p12
282 - containerPort: {{ .Values.global.rproxy.port }}
283 - name: {{ .Values.global.fproxy.name }}
284 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
285 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
288 value: "/opt/app/fproxy/config"
289 - name: KEY_STORE_PASSWORD
290 value: {{ .Values.sidecar.keyStorePassword }}
291 - name: TRUST_STORE_PASSWORD
292 value: {{ .Values.sidecar.trustStorePassword }}
293 - name: spring_profiles_active
294 value: {{ .Values.global.fproxy.activeSpringProfiles }}
296 - name: {{ include "common.fullname" . }}-fproxy-config
297 mountPath: /opt/app/fproxy/config/fproxy.properties
298 subPath: fproxy.properties
299 - name: {{ include "common.fullname" . }}-fproxy-log-config
300 mountPath: /opt/app/fproxy/config/logback-spring.xml
301 subPath: logback-spring.xml
302 - name: {{ include "common.fullname" . }}-fproxy-auth-config
303 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
304 subPath: fproxy_truststore
305 - name: {{ include "common.fullname" . }}-fproxy-auth-config
306 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
307 subPath: tomcat_keystore
308 - name: {{ include "common.fullname" . }}-fproxy-auth-config
309 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
310 subPath: client-cert.p12
312 - containerPort: {{ .Values.global.fproxy.port }}
315 - name: aai-common-aai-auth-mount
317 secretName: aai-common-aai-auth
321 - name: filebeat-conf
324 - name: {{ include "common.fullname" . }}-logs
326 - name: {{ include "common.fullname" . }}-filebeat
328 - name: {{ include "common.fullname" . }}-config
330 name: {{ include "common.fullname" . }}-configmap
331 - name: {{ include "common.fullname" . }}-aaf-properties
333 name: {{ include "common.fullname" . }}-aaf-props
334 - name: {{ include "common.fullname" . }}-aaf-certs
336 secretName: {{ include "common.fullname" . }}-aaf-keys
337 - name: {{ include "common.fullname" . }}-auth-truststore-sec
339 secretName: aai-common-truststore
341 {{- range $job := .Values.global.config.auth.files }}
345 {{- if .Values.global.installSidecarSecurity }}
346 - name: {{ include "common.fullname" . }}-aai-policy
348 name: {{ include "common.fullname" . }}-aai-policy-configmap
349 - name: {{ include "common.fullname" . }}-rproxy-config
351 name: {{ include "common.fullname" . }}-rproxy-config
352 - name: {{ include "common.fullname" . }}-rproxy-log-config
354 name: {{ include "common.fullname" . }}-rproxy-log-config
355 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
357 name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
358 - name: {{ include "common.fullname" . }}-rproxy-auth-config
360 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
361 - name: {{ include "common.fullname" . }}-rproxy-security-config
363 secretName: {{ include "common.fullname" . }}-rproxy-security-config
364 - name: {{ include "common.fullname" . }}-fproxy-config
366 name: {{ include "common.fullname" . }}-fproxy-config
367 - name: {{ include "common.fullname" . }}-fproxy-log-config
369 name: {{ include "common.fullname" . }}-fproxy-log-config
370 - name: {{ include "common.fullname" . }}-fproxy-auth-config
372 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
374 restartPolicy: {{ .Values.restartPolicy }}
376 - name: "{{ include "common.namespace" . }}-docker-registry-key"