2 # Copyright (c) 2017 Amdocs, Bell Canada
3 # Modifications Copyright (c) 2018 AT&T
4 # Modifications Copyright (c) 2020 Nokia
5 # Modifications Copyright (c) 2021 Orange
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
23 name: {{ include "common.fullname" . }}
24 namespace: {{ include "common.namespace" . }}
26 app: {{ include "common.name" . }}
27 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
28 release: {{ include "common.release" . }}
29 heritage: {{ .Release.Service }}
31 replicas: {{ .Values.replicaCount }}
34 app: {{ include "common.name" . }}
38 app: {{ include "common.name" . }}
39 release: {{ include "common.release" . }}
40 name: {{ include "common.name" . }}
42 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
43 {{- if .Values.global.msbEnabled }}
44 {{ $values := .Values }}
45 msb.onap.org/service-info: '[
46 {{- range $api_endpoint := $values.aai_enpoints -}}
47 {{- range $api_version := $values.api_list }}
49 "serviceName": "_{{ $api_endpoint.name }}",
50 "version": "v{{ $api_version }}",
51 "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
55 "lb_policy":"ip_hash",
57 "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
60 "serviceName": "{{ $api_endpoint.name }}",
61 "version": "v{{ $api_version }}",
62 "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
66 "lb_policy":"ip_hash",
74 hostname: aai-resources
75 {{- if .Values.global.initContainers.enabled }}
76 {{- if .Values.global.installSidecarSecurity }}
78 - ip: {{ .Values.global.aaf.serverIp }}
80 - {{ .Values.global.aaf.serverHostname }}
84 {{- if .Values.global.jobs.migration.enabled }}
88 - {{ include "common.release" . }}-aai-graphadmin-migration
89 {{- else if .Values.global.jobs.createSchema.enabled }}
93 - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
98 {{- if .Values.global.cassandra.localCluster }}
111 fieldPath: metadata.namespace
112 image: {{ include "repositoryGenerator.image.readiness" . }}
113 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
114 name: {{ include "common.name" . }}-readiness
115 {{- if .Values.global.installSidecarSecurity }}
116 - name: {{ .Values.global.tproxyConfig.name }}
117 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
118 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
124 - name: {{ include "common.name" . }}
125 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
126 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
128 - name: LOCAL_USER_ID
129 value: {{ .Values.global.config.userId | quote }}
130 - name: LOCAL_GROUP_ID
131 value: {{ .Values.global.config.groupId | quote }}
133 - mountPath: /etc/localtime
136 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
137 name: {{ include "common.fullname" . }}-config
138 subPath: janusgraph-realtime.properties
139 - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
140 name: {{ include "common.fullname" . }}-config
141 subPath: janusgraph-cached.properties
142 - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
143 name: {{ include "common.fullname" . }}-config
144 subPath: aaiconfig.properties
145 - mountPath: /opt/aai/logroot/AAI-RES
146 name: {{ include "common.fullname" . }}-logs
147 - mountPath: /opt/app/aai-resources/resources/logback.xml
148 name: {{ include "common.fullname" . }}-config
150 - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
151 name: {{ include "common.fullname" . }}-config
152 subPath: localhost-access-logback.xml
153 - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
154 name: {{ include "common.fullname" . }}-config
155 subPath: realm.properties
156 {{- if .Values.global.installSidecarSecurity }}
157 - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
158 name: {{ include "common.fullname" . }}-aai-policy
159 subPath: aai_policy.json
161 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
162 name: {{ include "common.fullname" . }}-aaf-certs
163 subPath: org.onap.aai.keyfile
164 - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
165 name: {{ include "common.fullname" . }}-aaf-certs
166 subPath: bath_config.csv
167 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
168 name: {{ include "common.fullname" . }}-aaf-properties
169 subPath: org.onap.aai.props
170 - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
171 name: {{ include "common.fullname" . }}-aaf-properties
172 subPath: org.osaaf.location.props
173 - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
174 name: {{ include "common.fullname" . }}-aaf-properties
175 subPath: permissions.properties
176 - mountPath: /opt/app/aai-resources/resources/cadi.properties
177 name: {{ include "common.fullname" . }}-aaf-properties
178 subPath: cadi.properties
179 - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
180 name: {{ include "common.fullname" . }}-aaf-certs
181 subPath: org.onap.aai.p12
182 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
183 name: aai-common-aai-auth-mount
184 subPath: truststoreONAPall.jks
185 - mountPath: /opt/app/aai-resources/resources/application.properties
186 name: {{ include "common.fullname" . }}-config
187 subPath: application.properties
188 - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
189 name: {{ include "common.fullname" . }}-config
190 subPath: application-keycloak.properties
192 {{- range $job := .Values.global.config.auth.files }}
193 - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
194 name: {{ include "common.fullname" $global }}-auth-truststore-sec
198 - containerPort: {{ .Values.service.internalPort }}
199 - containerPort: {{ .Values.service.internalPort2 }}
200 # disable liveness probe when breakpoints set in debugger
201 # so K8s doesn't restart unresponsive container
202 {{- if .Values.liveness.enabled }}
205 port: {{ .Values.service.internalPort }}
206 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
207 periodSeconds: {{ .Values.liveness.periodSeconds }}
211 port: {{ .Values.service.internalPort }}
212 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
213 periodSeconds: {{ .Values.readiness.periodSeconds }}
214 resources: {{ include "common.resources" . | nindent 12 }}
215 {{- if .Values.nodeSelector }}
216 nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
218 {{- if .Values.affinity }}
219 affinity: {{ toYaml .Values.affinity | nindent 8 }}
221 # side car containers
222 - name: filebeat-onap
223 image: {{ include "repositoryGenerator.image.logging" . }}
224 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
226 - mountPath: /usr/share/filebeat/filebeat.yml
227 subPath: filebeat.yml
229 - mountPath: /var/log/onap
230 name: {{ include "common.fullname" . }}-logs
231 - mountPath: /usr/share/filebeat/data
232 name: {{ include "common.fullname" . }}-filebeat
233 resources: {{ include "common.resources" . | nindent 12 }}
234 {{- if .Values.global.installSidecarSecurity }}
235 - name: {{ .Values.global.rproxy.name }}
236 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
237 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
240 value: "/opt/app/rproxy/config"
241 - name: KEY_STORE_PASSWORD
242 value: {{ .Values.sidecar.keyStorePassword }}
243 - name: spring_profiles_active
244 value: {{ .Values.global.rproxy.activeSpringProfiles }}
246 - name: {{ include "common.fullname" . }}-rproxy-config
247 mountPath: /opt/app/rproxy/config/forward-proxy.properties
248 subPath: forward-proxy.properties
249 - name: {{ include "common.fullname" . }}-rproxy-config
250 mountPath: /opt/app/rproxy/config/primary-service.properties
251 subPath: primary-service.properties
252 - name: {{ include "common.fullname" . }}-rproxy-config
253 mountPath: /opt/app/rproxy/config/reverse-proxy.properties
254 subPath: reverse-proxy.properties
255 - name: {{ include "common.fullname" . }}-rproxy-config
256 mountPath: /opt/app/rproxy/config/cadi.properties
257 subPath: cadi.properties
258 - name: {{ include "common.fullname" . }}-rproxy-log-config
259 mountPath: /opt/app/rproxy/config/logback-spring.xml
260 subPath: logback-spring.xml
261 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
262 mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
263 subPath: uri-authorization.json
264 - name: {{ include "common.fullname" . }}-rproxy-auth-config
265 mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
266 subPath: tomcat_keystore
267 - name: {{ include "common.fullname" . }}-rproxy-auth-config
268 mountPath: /opt/app/rproxy/config/auth/client-cert.p12
269 subPath: client-cert.p12
270 - name: {{ include "common.fullname" . }}-rproxy-auth-config
271 mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
272 subPath: aaf_truststore.jks
273 - name: {{ include "common.fullname" . }}-rproxy-security-config
274 mountPath: /opt/app/rproxy/config/security/keyfile
276 - name: {{ include "common.fullname" . }}-rproxy-auth-config
277 mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
278 subPath: org.onap.aai.p12
280 - containerPort: {{ .Values.global.rproxy.port }}
281 - name: {{ .Values.global.fproxy.name }}
282 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
283 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
286 value: "/opt/app/fproxy/config"
287 - name: KEY_STORE_PASSWORD
288 value: {{ .Values.sidecar.keyStorePassword }}
289 - name: TRUST_STORE_PASSWORD
290 value: {{ .Values.sidecar.trustStorePassword }}
291 - name: spring_profiles_active
292 value: {{ .Values.global.fproxy.activeSpringProfiles }}
294 - name: {{ include "common.fullname" . }}-fproxy-config
295 mountPath: /opt/app/fproxy/config/fproxy.properties
296 subPath: fproxy.properties
297 - name: {{ include "common.fullname" . }}-fproxy-log-config
298 mountPath: /opt/app/fproxy/config/logback-spring.xml
299 subPath: logback-spring.xml
300 - name: {{ include "common.fullname" . }}-fproxy-auth-config
301 mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
302 subPath: fproxy_truststore
303 - name: {{ include "common.fullname" . }}-fproxy-auth-config
304 mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
305 subPath: tomcat_keystore
306 - name: {{ include "common.fullname" . }}-fproxy-auth-config
307 mountPath: /opt/app/fproxy/config/auth/client-cert.p12
308 subPath: client-cert.p12
310 - containerPort: {{ .Values.global.fproxy.port }}
313 - name: aai-common-aai-auth-mount
315 secretName: aai-common-aai-auth
319 - name: filebeat-conf
322 - name: {{ include "common.fullname" . }}-logs
324 - name: {{ include "common.fullname" . }}-filebeat
326 - name: {{ include "common.fullname" . }}-config
328 name: {{ include "common.fullname" . }}-configmap
329 - name: {{ include "common.fullname" . }}-aaf-properties
331 name: {{ include "common.fullname" . }}-aaf-props
332 - name: {{ include "common.fullname" . }}-aaf-certs
334 secretName: {{ include "common.fullname" . }}-aaf-keys
335 - name: {{ include "common.fullname" . }}-auth-truststore-sec
337 secretName: aai-common-truststore
339 {{- range $job := .Values.global.config.auth.files }}
343 {{- if .Values.global.installSidecarSecurity }}
344 - name: {{ include "common.fullname" . }}-aai-policy
346 name: {{ include "common.fullname" . }}-aai-policy-configmap
347 - name: {{ include "common.fullname" . }}-rproxy-config
349 name: {{ include "common.fullname" . }}-rproxy-config
350 - name: {{ include "common.fullname" . }}-rproxy-log-config
352 name: {{ include "common.fullname" . }}-rproxy-log-config
353 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
355 name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
356 - name: {{ include "common.fullname" . }}-rproxy-auth-config
358 secretName: {{ include "common.fullname" . }}-rproxy-auth-config
359 - name: {{ include "common.fullname" . }}-rproxy-security-config
361 secretName: {{ include "common.fullname" . }}-rproxy-security-config
362 - name: {{ include "common.fullname" . }}-fproxy-config
364 name: {{ include "common.fullname" . }}-fproxy-config
365 - name: {{ include "common.fullname" . }}-fproxy-log-config
367 name: {{ include "common.fullname" . }}-fproxy-log-config
368 - name: {{ include "common.fullname" . }}-fproxy-auth-config
370 secretName: {{ include "common.fullname" . }}-fproxy-auth-config
372 restartPolicy: {{ .Values.restartPolicy }}
374 - name: "{{ include "common.namespace" . }}-docker-registry-key"