Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[AAI][RESOURCES] Remove Hardcoded certificates
[oom.git] / kubernetes / aai / components / aai-resources / templates / deployment.yaml
1 {{/*
2 # Copyright (c) 2017 Amdocs, Bell Canada
3 # Modifications Copyright (c) 2018 AT&T
4 # Modifications Copyright (c) 2020 Nokia
5 # Modifications Copyright (c) 2021 Orange
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #       http://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 */}}
19
20 apiVersion: apps/v1
21 kind: Deployment
22 metadata:
23   name: {{ include "common.fullname" . }}
24   namespace: {{ include "common.namespace" . }}
25   labels:
26     app: {{ include "common.name" . }}
27     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
28     release: {{ include "common.release" . }}
29     heritage: {{ .Release.Service }}
30 spec:
31   replicas: {{ .Values.replicaCount }}
32   selector:
33     matchLabels:
34       app: {{ include "common.name" . }}
35   template:
36     metadata:
37       labels:
38         app: {{ include "common.name" . }}
39         release: {{ include "common.release" . }}
40       name: {{ include "common.name" . }}
41       annotations:
42         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
43       {{- if .Values.global.msbEnabled }}
44         {{ $values := .Values }}
45         msb.onap.org/service-info: '[
46         {{- range $api_endpoint := $values.aai_enpoints -}}
47           {{- range $api_version := $values.api_list }}
48           {
49               "serviceName": "_{{ $api_endpoint.name }}",
50               "version": "v{{ $api_version }}",
51               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
52               "protocol": "REST",
53               "port": "8447",
54               "enable_ssl": true,
55               "lb_policy":"ip_hash",
56               "visualRange": "1",
57               "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
58           },
59           {
60               "serviceName": "{{ $api_endpoint.name }}",
61               "version": "v{{ $api_version }}",
62               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
63               "protocol": "REST",
64               "port": "8447",
65               "enable_ssl": true,
66               "lb_policy":"ip_hash",
67               "visualRange": "1"
68           },
69           {{- end }}
70         {{- end }}
71           ]'
72       {{- end }}
73     spec:
74       hostname: aai-resources
75       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
76       - name: {{ include "common.name" . }}-readiness
77         command:
78         - /app/ready.py
79         args:
80         {{- if .Values.global.jobs.migration.enabled }}
81         - --job-name
82         - {{ include "common.release" . }}-aai-graphadmin-migration
83         {{- else }}
84           {{- if .Values.global.jobs.createSchema.enabled  }}
85         - --job-name
86         - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
87           {{- else }}
88         - --container-name
89             {{- if .Values.global.cassandra.localCluster }}
90         - aai-cassandra
91             {{- else }}
92         - cassandra
93             {{- end }}
94         - --container-name
95         - aai-schema-service
96           {{- end }}
97         {{- end }}
98         env:
99         - name: NAMESPACE
100           valueFrom:
101             fieldRef:
102               apiVersion: v1
103               fieldPath: metadata.namespace
104         image: {{ include "repositoryGenerator.image.readiness" . }}
105         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
106       containers:
107       - name: {{ include "common.name" . }}
108         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
109         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
110         command:
111         - sh
112         args:
113         - -c
114         - |
115           echo "*** retrieve Truststore and Keystore password"
116           export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
117           echo "*** actual launch of AAI Resources"
118           /bin/bash /opt/app/aai-resources/docker-entrypoint.sh
119         env:
120         - name: LOCAL_USER_ID
121           value: {{ .Values.global.config.userId | quote }}
122         - name: LOCAL_GROUP_ID
123           value: {{ .Values.global.config.groupId | quote }}
124         - name: POST_JAVA_OPTS
125           value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}'
126         - name: TRUSTORE_ALL_PASSWORD
127           value: {{ .Values.certInitializer.truststoreAllPassword }}
128         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
129         - mountPath: /etc/localtime
130           name: localtime
131           readOnly: true
132         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
133           name: {{ include "common.fullname" . }}-config
134           subPath: janusgraph-realtime.properties
135         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
136           name: {{ include "common.fullname" . }}-config
137           subPath: janusgraph-cached.properties
138         - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
139           name: {{ include "common.fullname" . }}-config
140           subPath: aaiconfig.properties
141         - mountPath: /opt/aai/logroot/AAI-RES
142           name: {{ include "common.fullname" . }}-logs
143         - mountPath: /opt/app/aai-resources/resources/logback.xml
144           name: {{ include "common.fullname" . }}-config
145           subPath: logback.xml
146         - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
147           name: {{ include "common.fullname" . }}-config
148           subPath: localhost-access-logback.xml
149         - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
150           name: {{ include "common.fullname" . }}-config
151           subPath: realm.properties
152         - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
153           name: {{ include "common.fullname" . }}-aaf-certs
154           subPath: bath_config.csv
155         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
156           name: {{ include "common.fullname" . }}-aaf-properties
157           subPath: org.onap.aai.props
158         - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
159           name: {{ include "common.fullname" . }}-aaf-properties
160           subPath: org.osaaf.location.props
161         - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
162           name: {{ include "common.fullname" . }}-aaf-properties
163           subPath: permissions.properties
164         - mountPath: /opt/app/aai-resources/resources/cadi.properties
165           name: {{ include "common.fullname" . }}-aaf-properties
166           subPath: cadi.properties
167         - mountPath: /opt/app/aai-resources/resources/application.properties
168           name: {{ include "common.fullname" . }}-config
169           subPath: application.properties
170         - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
171           name: {{ include "common.fullname" . }}-config
172           subPath: application-keycloak.properties
173         ports:
174         - containerPort: {{ .Values.service.internalPort }}
175         - containerPort: {{ .Values.service.internalPort2 }}
176         # disable liveness probe when breakpoints set in debugger
177         # so K8s doesn't restart unresponsive container
178         {{- if .Values.liveness.enabled }}
179         livenessProbe:
180           tcpSocket:
181             port: {{ .Values.service.internalPort }}
182           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
183           periodSeconds: {{ .Values.liveness.periodSeconds }}
184         {{- end }}
185         readinessProbe:
186           tcpSocket:
187             port: {{ .Values.service.internalPort }}
188           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
189           periodSeconds: {{ .Values.readiness.periodSeconds }}
190         resources: {{ include "common.resources" . | nindent 12 }}
191       {{- if .Values.nodeSelector }}
192       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
193       {{- end }}
194       {{- if .Values.affinity }}
195       affinity: {{ toYaml .Values.affinity | nindent 8 }}
196       {{- end }}
197       # side car containers
198       - name: filebeat-onap
199         image: {{ include "repositoryGenerator.image.logging" . }}
200         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
201         volumeMounts:
202         - mountPath: /usr/share/filebeat/filebeat.yml
203           subPath: filebeat.yml
204           name: filebeat-conf
205         - mountPath: /var/log/onap
206           name: {{ include "common.fullname" . }}-logs
207         - mountPath: /usr/share/filebeat/data
208           name: {{ include "common.fullname" . }}-filebeat
209         resources: {{ include "common.resources" . | nindent 12 }}
210       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
211       - name: localtime
212         hostPath:
213           path: /etc/localtime
214       - name: filebeat-conf
215         configMap:
216           name: aai-filebeat
217       - name: {{ include "common.fullname" . }}-logs
218         emptyDir: {}
219       - name: {{ include "common.fullname" . }}-filebeat
220         emptyDir: {}
221       - name: {{ include "common.fullname" . }}-config
222         configMap:
223           name: {{ include "common.fullname" . }}
224       - name: {{ include "common.fullname" . }}-aaf-properties
225         configMap:
226           name: {{ include "common.fullname" . }}-aaf-props
227       - name: {{ include "common.fullname" . }}-aaf-certs
228         secret:
229           secretName: {{ include "common.fullname" . }}-aaf-keys
230       restartPolicy: {{ .Values.restartPolicy }}
231       imagePullSecrets:
232       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).