kubernetes/aai/components/aai-resources/templates/deployment.yaml

   1 {{/*
   2 # Copyright (c) 2017 Amdocs, Bell Canada
   3 # Modifications Copyright (c) 2018 AT&T
   4 # Modifications Copyright (c) 2020 Nokia
   5 # Modifications Copyright (c) 2021 Orange
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #       http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 */}}
  19
  20 apiVersion: apps/v1
  21 kind: Deployment
  22 metadata:
  23   name: {{ include "common.fullname" . }}
  24   namespace: {{ include "common.namespace" . }}
  25   labels:
  26     app: {{ include "common.name" . }}
  27     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  28     release: {{ include "common.release" . }}
  29     heritage: {{ .Release.Service }}
  30 spec:
  31   replicas: {{ .Values.replicaCount }}
  32   selector:
  33     matchLabels:
  34       app: {{ include "common.name" . }}
  35   template:
  36     metadata:
  37       labels:
  38         app: {{ include "common.name" . }}
  39         release: {{ include "common.release" . }}
  40       name: {{ include "common.name" . }}
  41       annotations:
  42         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  43       {{- if .Values.global.msbEnabled }}
  44         {{ $values := .Values }}
  45         msb.onap.org/service-info: '[
  46         {{- range $api_endpoint := $values.aai_enpoints -}}
  47           {{- range $api_version := $values.api_list }}
  48           {
  49               "serviceName": "_{{ $api_endpoint.name }}",
  50               "version": "v{{ $api_version }}",
  51               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  52               "protocol": "REST",
  53               "port": "8447",
  54               "enable_ssl": true,
  55               "lb_policy":"ip_hash",
  56               "visualRange": "1",
  57               "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
  58           },
  59           {
  60               "serviceName": "{{ $api_endpoint.name }}",
  61               "version": "v{{ $api_version }}",
  62               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  63               "protocol": "REST",
  64               "port": "8447",
  65               "enable_ssl": true,
  66               "lb_policy":"ip_hash",
  67               "visualRange": "1"
  68           },
  69           {{- end }}
  70         {{- end }}
  71           ]'
  72       {{- end }}
  73     spec:
  74       hostname: aai-resources
  75     {{- if .Values.global.initContainers.enabled }}
  76       {{- if .Values.global.installSidecarSecurity }}
  77       hostAliases:
  78       - ip: {{ .Values.global.aaf.serverIp }}
  79         hostnames:
  80         - {{ .Values.global.aaf.serverHostname }}
  81       {{- end }}
  82       initContainers:
  83       - command:
  84       {{- if .Values.global.jobs.migration.enabled }}
  85         - /app/ready.py
  86         args:
  87         - --job-name
  88         - {{ include "common.release" . }}-aai-graphadmin-migration
  89       {{- else if .Values.global.jobs.createSchema.enabled  }}
  90         - /app/ready.py
  91         args:
  92         - --job-name
  93         - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
  94       {{- else }}
  95         - /app/ready.py
  96         args:
  97         - --container-name
  98         {{- if .Values.global.cassandra.localCluster }}
  99         - aai-cassandra
 100         {{- else }}
 101         - cassandra
 102         {{- end }}
 103         - --container-name
 104         - aai-schema-service
 105       {{- end }}
 106         env:
 107         - name: NAMESPACE
 108           valueFrom:
 109             fieldRef:
 110               apiVersion: v1
 111               fieldPath: metadata.namespace
 112         image: {{ include "repositoryGenerator.image.readiness" . }}
 113         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 114         name: {{ include "common.name" . }}-readiness
 115       {{- if .Values.global.installSidecarSecurity }}
 116       - name: {{ .Values.global.tproxyConfig.name }}
 117         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
 118         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 119         securityContext:
 120           privileged: true
 121       {{- end }}
 122     {{- end }}
 123       containers:
 124       - name: {{ include "common.name" . }}
 125         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
 126         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 127         env:
 128         - name: LOCAL_USER_ID
 129           value: {{ .Values.global.config.userId | quote }}
 130         - name: LOCAL_GROUP_ID
 131           value: {{ .Values.global.config.groupId | quote }}
 132         volumeMounts:
 133         - mountPath: /etc/localtime
 134           name: localtime
 135           readOnly: true
 136         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
 137           name: {{ include "common.fullname" . }}-config
 138           subPath: janusgraph-realtime.properties
 139         - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
 140           name: {{ include "common.fullname" . }}-config
 141           subPath: janusgraph-cached.properties
 142         - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
 143           name: {{ include "common.fullname" . }}-config
 144           subPath: aaiconfig.properties
 145         - mountPath: /opt/aai/logroot/AAI-RES
 146           name: {{ include "common.fullname" . }}-logs
 147         - mountPath: /opt/app/aai-resources/resources/logback.xml
 148           name: {{ include "common.fullname" . }}-config
 149           subPath: logback.xml
 150         - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
 151           name: {{ include "common.fullname" . }}-config
 152           subPath: localhost-access-logback.xml
 153         - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
 154           name: {{ include "common.fullname" . }}-config
 155           subPath: realm.properties
 156         {{- if .Values.global.installSidecarSecurity }}
 157         - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
 158           name: {{ include "common.fullname" . }}-aai-policy
 159           subPath: aai_policy.json
 160         {{- end }}
 161         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
 162           name: {{ include "common.fullname" . }}-aaf-certs
 163           subPath: org.onap.aai.keyfile
 164         - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
 165           name: {{ include "common.fullname" . }}-aaf-certs
 166           subPath: bath_config.csv
 167         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
 168           name: {{ include "common.fullname" . }}-aaf-properties
 169           subPath: org.onap.aai.props
 170         - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
 171           name: {{ include "common.fullname" . }}-aaf-properties
 172           subPath: org.osaaf.location.props
 173         - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
 174           name: {{ include "common.fullname" . }}-aaf-properties
 175           subPath: permissions.properties
 176         - mountPath: /opt/app/aai-resources/resources/cadi.properties
 177           name: {{ include "common.fullname" . }}-aaf-properties
 178           subPath: cadi.properties
 179         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
 180           name: {{ include "common.fullname" . }}-aaf-certs
 181           subPath: org.onap.aai.p12
 182         - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
 183           name: aai-common-aai-auth-mount
 184           subPath: truststoreONAPall.jks
 185         - mountPath: /opt/app/aai-resources/resources/application.properties
 186           name: {{ include "common.fullname" . }}-config
 187           subPath: application.properties
 188         - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
 189           name: {{ include "common.fullname" . }}-config
 190           subPath: application-keycloak.properties
 191           {{- $global := . }}
 192           {{- range $job := .Values.global.config.auth.files }}
 193         - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
 194           name: {{ include "common.fullname" $global }}-auth-truststore-sec
 195           subPath: {{ . }}
 196           {{- end }}
 197         ports:
 198         - containerPort: {{ .Values.service.internalPort }}
 199         - containerPort: {{ .Values.service.internalPort2 }}
 200         # disable liveness probe when breakpoints set in debugger
 201         # so K8s doesn't restart unresponsive container
 202         {{- if .Values.liveness.enabled }}
 203         livenessProbe:
 204           tcpSocket:
 205             port: {{ .Values.service.internalPort }}
 206           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 207           periodSeconds: {{ .Values.liveness.periodSeconds }}
 208         {{- end }}
 209         readinessProbe:
 210           tcpSocket:
 211             port: {{ .Values.service.internalPort }}
 212           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 213           periodSeconds: {{ .Values.readiness.periodSeconds }}
 214         resources: {{ include "common.resources" . | nindent 12 }}
 215       {{- if .Values.nodeSelector }}
 216       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
 217       {{- end }}
 218       {{- if .Values.affinity }}
 219       affinity: {{ toYaml .Values.affinity | nindent 8 }}
 220       {{- end }}
 221       # side car containers
 222       - name: filebeat-onap
 223         image: {{ include "repositoryGenerator.image.logging" . }}
 224         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 225         volumeMounts:
 226         - mountPath: /usr/share/filebeat/filebeat.yml
 227           subPath: filebeat.yml
 228           name: filebeat-conf
 229         - mountPath: /var/log/onap
 230           name: {{ include "common.fullname" . }}-logs
 231         - mountPath: /usr/share/filebeat/data
 232           name: {{ include "common.fullname" . }}-filebeat
 233         resources: {{ include "common.resources" . | nindent 12 }}
 234     {{- if .Values.global.installSidecarSecurity }}
 235       - name: {{ .Values.global.rproxy.name }}
 236         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
 237         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 238         env:
 239         - name: CONFIG_HOME
 240           value: "/opt/app/rproxy/config"
 241         - name: KEY_STORE_PASSWORD
 242           value: {{ .Values.sidecar.keyStorePassword }}
 243         - name: spring_profiles_active
 244           value: {{ .Values.global.rproxy.activeSpringProfiles }}
 245         volumeMounts:
 246         - name: {{ include "common.fullname" . }}-rproxy-config
 247           mountPath: /opt/app/rproxy/config/forward-proxy.properties
 248           subPath: forward-proxy.properties
 249         - name: {{ include "common.fullname" . }}-rproxy-config
 250           mountPath: /opt/app/rproxy/config/primary-service.properties
 251           subPath: primary-service.properties
 252         - name: {{ include "common.fullname" . }}-rproxy-config
 253           mountPath: /opt/app/rproxy/config/reverse-proxy.properties
 254           subPath: reverse-proxy.properties
 255         - name: {{ include "common.fullname" . }}-rproxy-config
 256           mountPath: /opt/app/rproxy/config/cadi.properties
 257           subPath: cadi.properties
 258         - name: {{ include "common.fullname" . }}-rproxy-log-config
 259           mountPath: /opt/app/rproxy/config/logback-spring.xml
 260           subPath: logback-spring.xml
 261         - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 262           mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
 263           subPath: uri-authorization.json
 264         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 265           mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
 266           subPath: tomcat_keystore
 267         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 268           mountPath: /opt/app/rproxy/config/auth/client-cert.p12
 269           subPath: client-cert.p12
 270         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 271           mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
 272           subPath: aaf_truststore.jks
 273         - name: {{ include "common.fullname" . }}-rproxy-security-config
 274           mountPath: /opt/app/rproxy/config/security/keyfile
 275           subPath: keyfile
 276         - name: {{ include "common.fullname" . }}-rproxy-auth-config
 277           mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
 278           subPath: org.onap.aai.p12
 279         ports:
 280         - containerPort: {{ .Values.global.rproxy.port }}
 281       - name: {{ .Values.global.fproxy.name }}
 282         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
 283         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 284         env:
 285         - name: CONFIG_HOME
 286           value: "/opt/app/fproxy/config"
 287         - name: KEY_STORE_PASSWORD
 288           value: {{ .Values.sidecar.keyStorePassword }}
 289         - name: TRUST_STORE_PASSWORD
 290           value: {{ .Values.sidecar.trustStorePassword }}
 291         - name: spring_profiles_active
 292           value: {{ .Values.global.fproxy.activeSpringProfiles }}
 293         volumeMounts:
 294         - name: {{ include "common.fullname" . }}-fproxy-config
 295           mountPath: /opt/app/fproxy/config/fproxy.properties
 296           subPath: fproxy.properties
 297         - name: {{ include "common.fullname" . }}-fproxy-log-config
 298           mountPath: /opt/app/fproxy/config/logback-spring.xml
 299           subPath: logback-spring.xml
 300         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 301           mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
 302           subPath: fproxy_truststore
 303         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 304           mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
 305           subPath: tomcat_keystore
 306         - name: {{ include "common.fullname" . }}-fproxy-auth-config
 307           mountPath: /opt/app/fproxy/config/auth/client-cert.p12
 308           subPath: client-cert.p12
 309         ports:
 310         - containerPort: {{ .Values.global.fproxy.port }}
 311     {{- end }}
 312       volumes:
 313       - name: aai-common-aai-auth-mount
 314         secret:
 315           secretName: aai-common-aai-auth
 316       - name: localtime
 317         hostPath:
 318           path: /etc/localtime
 319       - name: filebeat-conf
 320         configMap:
 321           name: aai-filebeat
 322       - name: {{ include "common.fullname" . }}-logs
 323         emptyDir: {}
 324       - name: {{ include "common.fullname" . }}-filebeat
 325         emptyDir: {}
 326       - name: {{ include "common.fullname" . }}-config
 327         configMap:
 328           name: {{ include "common.fullname" . }}-configmap
 329       - name: {{ include "common.fullname" . }}-aaf-properties
 330         configMap:
 331           name: {{ include "common.fullname" . }}-aaf-props
 332       - name: {{ include "common.fullname" . }}-aaf-certs
 333         secret:
 334           secretName: {{ include "common.fullname" . }}-aaf-keys
 335       - name: {{ include "common.fullname" . }}-auth-truststore-sec
 336         secret:
 337           secretName: aai-common-truststore
 338           items:
 339           {{- range $job := .Values.global.config.auth.files }}
 340           - key: {{ . }}
 341             path: {{ . }}
 342           {{- end }}
 343     {{- if .Values.global.installSidecarSecurity }}
 344       - name: {{ include "common.fullname" . }}-aai-policy
 345         configMap:
 346           name: {{ include "common.fullname" . }}-aai-policy-configmap
 347       - name: {{ include "common.fullname" . }}-rproxy-config
 348         configMap:
 349           name: {{ include "common.fullname" . }}-rproxy-config
 350       - name: {{ include "common.fullname" . }}-rproxy-log-config
 351         configMap:
 352           name: {{ include "common.fullname" . }}-rproxy-log-config
 353       - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 354         configMap:
 355           name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
 356       - name: {{ include "common.fullname" . }}-rproxy-auth-config
 357         secret:
 358           secretName: {{ include "common.fullname" . }}-rproxy-auth-config
 359       - name: {{ include "common.fullname" . }}-rproxy-security-config
 360         secret:
 361           secretName: {{ include "common.fullname" . }}-rproxy-security-config
 362       - name: {{ include "common.fullname" . }}-fproxy-config
 363         configMap:
 364           name: {{ include "common.fullname" . }}-fproxy-config
 365       - name: {{ include "common.fullname" . }}-fproxy-log-config
 366         configMap:
 367           name: {{ include "common.fullname" . }}-fproxy-log-config
 368       - name: {{ include "common.fullname" . }}-fproxy-auth-config
 369         secret:
 370           secretName: {{ include "common.fullname" . }}-fproxy-auth-config
 371     {{- end }}
 372       restartPolicy: {{ .Values.restartPolicy }}
 373       imagePullSecrets:
 374       - name: "{{ include "common.namespace" . }}-docker-registry-key"