kubernetes/aai/components/aai-resources/templates/deployment.yaml

   1 {{/*
   2 # Copyright (c) 2017 Amdocs, Bell Canada
   3 # Modifications Copyright (c) 2018 AT&T
   4 # Modifications Copyright (c) 2020 Nokia
   5 # Modifications Copyright (c) 2021 Orange
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #       http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 */}}
  19
  20 apiVersion: apps/v1
  21 kind: Deployment
  22 metadata:
  23   name: {{ include "common.fullname" . }}
  24   namespace: {{ include "common.namespace" . }}
  25   labels:
  26     app: {{ include "common.name" . }}
  27     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  28     release: {{ include "common.release" . }}
  29     heritage: {{ .Release.Service }}
  30 spec:
  31   replicas: {{ .Values.replicaCount }}
  32   selector:
  33     matchLabels:
  34       app: {{ include "common.name" . }}
  35   template:
  36     metadata:
  37       labels:
  38         app: {{ include "common.name" . }}
  39         release: {{ include "common.release" . }}
  40       name: {{ include "common.name" . }}
  41       annotations:
  42         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  43       {{- if .Values.global.msbEnabled }}
  44         {{ $values := .Values }}
  45         msb.onap.org/service-info: '[
  46         {{- range $api_endpoint := $values.aai_enpoints -}}
  47           {{- range $api_version := $values.api_list }}
  48           {
  49               "serviceName": "_{{ $api_endpoint.name }}",
  50               "version": "v{{ $api_version }}",
  51               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  52               "protocol": "REST",
  53               "port": "8447",
  54               "enable_ssl": true,
  55               "lb_policy":"ip_hash",
  56               "visualRange": "1",
  57               "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
  58           },
  59           {
  60               "serviceName": "{{ $api_endpoint.name }}",
  61               "version": "v{{ $api_version }}",
  62               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  63               "protocol": "REST",
  64               "port": "8447",
  65               "enable_ssl": true,
  66               "lb_policy":"ip_hash",
  67               "visualRange": "1"
  68           },
  69           {{- end }}
  70         {{- end }}
  71           ]'
  72       {{- end }}
  73     spec:
  74       hostname: aai-resources
  75     {{- if .Values.global.initContainers.enabled }}
  76       {{- if .Values.global.installSidecarSecurity }}
  77       hostAliases:
  78       - ip: {{ .Values.global.aaf.serverIp }}
  79         hostnames:
  80         - {{ .Values.global.aaf.serverHostname }}
  81       {{- end }}
  82       initContainers:
  83       - command:
  84       {{- if .Values.global.jobs.migration.enabled }}
  85         - /app/ready.py
  86         args:
  87         - --job-name
  88         - {{ include "common.release" . }}-aai-graphadmin-migration
  89       {{- else if .Values.global.jobs.createSchema.enabled  }}
  90         - /app/ready.py
  91         args:
  92         - --job-name
  93         - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
  94       {{- else }}
  95         - /app/ready.py
  96         args:
  97         - --container-name
  98         {{- if .Values.global.cassandra.localCluster }}
  99         - aai-cassandra
 100         {{- else }}
 101         - cassandra
 102         {{- end }}
 103         - --container-name
 104         - aai-schema-service
 105       {{- end }}
 106         env:
 107         - name: NAMESPACE
 108           valueFrom:
 109             fieldRef:
 110               apiVersion: v1
 111               fieldPath: metadata.namespace
 112         image: {{ include "repositoryGenerator.image.readiness" . }}
 113         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 114         name: {{ include "common.name" . }}-readiness
 115       {{- if .Values.global.installSidecarSecurity }}
 116       - name: {{ .Values.global.tproxyConfig.name }}
 117         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
 118         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 119         securityContext:
 120           privileged: true
 121       {{- end }}
 122     {{- end }}
 123       containers:
 124       - name: {{ include "common.name" . }}
 125         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
 126         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 127         env:
 128         - name: LOCAL_USER_ID
 129           value: {{ .Values.global.config.userId | quote }}
 130         - name: LOCAL_GROUP_ID
 131           value: {{ .Values.global.config.groupId | quote }}
 132         - name: POST_JAVA_OPTS
 133           value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit'
 134         volumeMounts:
 135         - mountPath: /etc/localtime
 136           name: localtime
 137           readOnly: true
 138         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
 139           name: {{ include "common.fullname" . }}-config
 140           subPath: janusgraph-realtime.properties
 141         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
 142           name: {{ include "common.fullname" . }}-config
 143           subPath: janusgraph-cached.properties
 144         - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
 145           name: {{ include "common.fullname" . }}-config
 146           subPath: aaiconfig.properties
 147         - mountPath: /opt/aai/logroot/AAI-RES
 148           name: {{ include "common.fullname" . }}-logs
 149         - mountPath: /opt/app/aai-resources/resources/logback.xml
 150           name: {{ include "common.fullname" . }}-config
 151           subPath: logback.xml
 152         - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
 153           name: {{ include "common.fullname" . }}-config
 154           subPath: localhost-access-logback.xml
 155         - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
 156           name: {{ include "common.fullname" . }}-config
 157           subPath: realm.properties
 158         {{- if .Values.global.installSidecarSecurity }}
 159         - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
 160           name: {{ include "common.fullname" . }}-aai-policy
 161           subPath: aai_policy.json
 162         {{- end }}
 163         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
 164           name: {{ include "common.fullname" . }}-aaf-certs
 165           subPath: org.onap.aai.keyfile
 166         - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
 167           name: {{ include "common.fullname" . }}-aaf-certs
 168           subPath: bath_config.csv
 169         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
 170           name: {{ include "common.fullname" . }}-aaf-properties
 171           subPath: org.onap.aai.props
 172         - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
 173           name: {{ include "common.fullname" . }}-aaf-properties
 174           subPath: org.osaaf.location.props
 175         - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
 176           name: {{ include "common.fullname" . }}-aaf-properties
 177           subPath: permissions.properties
 178         - mountPath: /opt/app/aai-resources/resources/cadi.properties
 179           name: {{ include "common.fullname" . }}-aaf-properties
 180           subPath: cadi.properties
 181         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
 182           name: {{ include "common.fullname" . }}-aaf-certs
 183           subPath: org.onap.aai.p12
 184         - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
 185           name: aai-common-aai-auth-mount
 186           subPath: truststoreONAPall.jks
 187         - mountPath: /opt/app/aai-resources/resources/application.properties
 188           name: {{ include "common.fullname" . }}-config
 189           subPath: application.properties
 190         - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
 191           name: {{ include "common.fullname" . }}-config
 192           subPath: application-keycloak.properties
 193           {{- $global := . }}
 194           {{- range $job := .Values.global.config.auth.files }}
 195         - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
 196           name: {{ include "common.fullname" $global }}-auth-truststore-sec
 197           subPath: {{ . }}
 198           {{- end }}
 199         ports:
 200         - containerPort: {{ .Values.service.internalPort }}
 201         - containerPort: {{ .Values.service.internalPort2 }}
 202         # disable liveness probe when breakpoints set in debugger
 203         # so K8s doesn't restart unresponsive container
 204         {{- if .Values.liveness.enabled }}
 205         livenessProbe:
 206           tcpSocket:
 207             port: {{ .Values.service.internalPort }}
 208           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 209           periodSeconds: {{ .Values.liveness.periodSeconds }}
 210         {{- end }}
 211         readinessProbe:
 212           tcpSocket:
 213             port: {{ .Values.service.internalPort }}
 214           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 215           periodSeconds: {{ .Values.readiness.periodSeconds }}
 216         resources: {{ include "common.resources" . | nindent 12 }}
 217       {{- if .Values.nodeSelector }}
 218       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
 219       {{- end }}
 220       {{- if .Values.affinity }}
 221       affinity: {{ toYaml .Values.affinity | nindent 8 }}
 222       {{- end }}
 223       # side car containers
 224       - name: filebeat-onap
 225         image: {{ include "repositoryGenerator.image.logging" . }}
 226         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 227         volumeMounts:
 228         - mountPath: /usr/share/filebeat/filebeat.yml
 229           subPath: filebeat.yml
 230           name: filebeat-conf
 231         - mountPath: /var/log/onap
 232           name: {{ include "common.fullname" . }}-logs
 233         - mountPath: /usr/share/filebeat/data
 234           name: {{ include "common.fullname" . }}-filebeat
 235         resources: {{ include "common.resources" . | nindent 12 }}
 236     {{- if .Values.global.installSidecarSecurity }}
 237       - name: {{ .Values.global.rproxy.name }}
 238         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
 239         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 240         env:
 241         - name: CONFIG_HOME
 242           value: "/opt/app/rproxy/config"
 243         - name: KEY_STORE_PASSWORD
 244           value: {{ .Values.sidecar.keyStorePassword }}
 245         - name: spring_profiles_active
 246           value: {{ .Values.global.rproxy.activeSpringProfiles }}
 247         volumeMounts:
 248         - name: {{ include "common.fullname" . }}-rproxy-config
 249           mountPath: /opt/app/rproxy/config/forward-proxy.properties
 250           subPath: forward-proxy.properties
 251         - name: {{ include "common.fullname" . }}-rproxy-config
 252           mountPath: /opt/app/rproxy/config/primary-service.properties
 253           subPath: primary-service.properties
 254         - name: {{ include "common.fullname" . }}-rproxy-config
 255           mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 256           subPath: reverse-proxy.properties
 257         - name: {{ include "common.fullname" . }}-rproxy-config
 258           mountPath: /opt/app/rproxy/config/cadi.properties
 259           subPath: cadi.properties
 260         - name: {{ include "common.fullname" . }}-rproxy-log-config
 261           mountPath: /opt/app/rproxy/config/logback-spring.xml
 262           subPath: logback-spring.xml
 263         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 264           mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 265           subPath: uri-authorization.json
 266         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 267           mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 268           subPath: tomcat_keystore
 269         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 270           mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 271           subPath: client-cert.p12
 272         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 273           mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
 274           subPath: aaf_truststore.jks
 275         - name: {{ include "common.fullname" . }}-rproxy-security-config
 276           mountPath: /opt/app/rproxy/config/security/keyfile
 277           subPath: keyfile
 278         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 279           mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 280           subPath: org.onap.aai.p12
 281         ports:
 282         - containerPort: {{ .Values.global.rproxy.port }}
 283       - name: {{ .Values.global.fproxy.name }}
 284         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
 285         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 286         env:
 287         - name: CONFIG_HOME
 288           value: "/opt/app/fproxy/config"
 289         - name: KEY_STORE_PASSWORD
 290           value: {{ .Values.sidecar.keyStorePassword }}
 291         - name: TRUST_STORE_PASSWORD
 292           value: {{ .Values.sidecar.trustStorePassword }}
 293         - name: spring_profiles_active
 294           value: {{ .Values.global.fproxy.activeSpringProfiles }}
 295         volumeMounts:
 296         - name: {{ include "common.fullname" . }}-fproxy-config
 297           mountPath: /opt/app/fproxy/config/fproxy.properties
 298           subPath: fproxy.properties
 299         - name: {{ include "common.fullname" . }}-fproxy-log-config
 300           mountPath: /opt/app/fproxy/config/logback-spring.xml
 301           subPath: logback-spring.xml
 302         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 303           mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 304           subPath: fproxy_truststore
 305         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 306           mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 307           subPath: tomcat_keystore
 308         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 309           mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 310           subPath: client-cert.p12
 311         ports:
 312         - containerPort: {{ .Values.global.fproxy.port }}
 313     {{- end }}
 314       volumes:
 315       - name: aai-common-aai-auth-mount
 316         secret:
 317           secretName: aai-common-aai-auth
 318       - name: localtime
 319         hostPath:
 320           path: /etc/localtime
 321       - name: filebeat-conf
 322         configMap:
 323           name: aai-filebeat
 324       - name: {{ include "common.fullname" . }}-logs
 325         emptyDir: {}
 326       - name: {{ include "common.fullname" . }}-filebeat
 327         emptyDir: {}
 328       - name: {{ include "common.fullname" . }}-config
 329         configMap:
 330           name: {{ include "common.fullname" . }}-configmap
 331       - name: {{ include "common.fullname" . }}-aaf-properties
 332         configMap:
 333           name: {{ include "common.fullname" . }}-aaf-props
 334       - name: {{ include "common.fullname" . }}-aaf-certs
 335         secret:
 336           secretName: {{ include "common.fullname" . }}-aaf-keys
 337       - name: {{ include "common.fullname" . }}-auth-truststore-sec
 338         secret:
 339           secretName: aai-common-truststore
 340           items:
 341           {{- range $job := .Values.global.config.auth.files }}
 342           - key: {{ . }}
 343             path: {{ . }}
 344           {{- end }}
 345     {{- if .Values.global.installSidecarSecurity }}
 346       - name: {{ include "common.fullname" . }}-aai-policy
 347         configMap:
 348           name: {{ include "common.fullname" . }}-aai-policy-configmap
 349       - name: {{ include "common.fullname" . }}-rproxy-config
 350         configMap:
 351           name: {{ include "common.fullname" . }}-rproxy-config
 352       - name: {{ include "common.fullname" . }}-rproxy-log-config
 353         configMap:
 354           name: {{ include "common.fullname" . }}-rproxy-log-config
 355       - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 356         configMap:
 357           name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 358       - name: {{ include "common.fullname" . }}-rproxy-auth-config
 359         secret:
 360           secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 361       - name: {{ include "common.fullname" . }}-rproxy-security-config
 362         secret:
 363           secretName: {{ include "common.fullname" . }}-rproxy-security-config
 364       - name: {{ include "common.fullname" . }}-fproxy-config
 365         configMap:
 366           name: {{ include "common.fullname" . }}-fproxy-config
 367       - name: {{ include "common.fullname" . }}-fproxy-log-config
 368         configMap:
 369           name: {{ include "common.fullname" . }}-fproxy-log-config
 370       - name: {{ include "common.fullname" . }}-fproxy-auth-config
 371         secret:
 372           secretName: {{ include "common.fullname" . }}-fproxy-auth-config
 373     {{- end }}
 374       restartPolicy: {{ .Values.restartPolicy }}
 375       imagePullSecrets:
 376       - name: "{{ include "common.namespace" . }}-docker-registry-key"