Code Review / oom.git / blob
? search:


cd58b959ade38663aab1854b45af458d374d5db7
[oom.git] / kubernetes / aai / components / aai-schema-service / templates / deployment.yaml
1 {{/*
2 # Copyright © 2017 Amdocs, Bell Canada
3 # Modifications Copyright © 2018 AT&T
4 # Modifications Copyright © 2020 Orange
5 #
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
9 #
10 #       http://www.apache.org/licenses/LICENSE-2.0
11 #
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 */}}
18
19 apiVersion: apps/v1
20 kind: Deployment
21 metadata:
22   name: {{ include "common.fullname" . }}
23   namespace: {{ include "common.namespace" . }}
24   labels:
25     app: {{ include "common.name" . }}
26     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
27     release: {{ include "common.release" . }}
28     heritage: {{ .Release.Service }}
29 spec:
30   replicas: {{ .Values.replicaCount }}
31   selector:
32     matchLabels:
33       app: {{ include "common.name" . }}
34   template:
35     metadata:
36       labels:
37         app: {{ include "common.name" . }}
38         release: {{ include "common.release" . }}
39       name: {{ include "common.name" . }}
40       annotations:
41         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
42     spec:
43       {{- if .Values.global.aafEnabled }}
44       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
45       - command:
46         - sh
47         args:
48         - -c
49         - |
50           echo "*** retrieve Truststore and Keystore password"
51           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
52           echo "*** obfuscate them "
53           export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
54           export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
55           export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
56           export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
57           export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
58           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
59           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
60         image: {{ include "repositoryGenerator.image.jetty" . }}
61         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
62         name: {{ include "common.name" . }}-obfuscate
63         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
64         securityContext:
65           runAsUser: {{ .Values.securityContext.user_id }}
66       {{- end }}
67       containers:
68       - name: {{ include "common.name" . }}
69         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
70         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
71         {{- if .Values.global.aafEnabled }}
72         command:
73         - sh
74         args:
75         - -c
76         - |
77           echo "*** retrieve Truststore and Keystore password"
78           export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
79           echo "*** actual launch of AAI Schema Service"
80           /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh
81         {{- end }}
82         env:
83         - name: LOCAL_USER_ID
84           value: {{ .Values.securityContext.user_id | quote }}
85         - name: LOCAL_GROUP_ID
86           value: {{ .Values.securityContext.group_id | quote }}
87         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
88         - mountPath: /etc/localtime
89           name: localtime
90           readOnly: true
91         - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
92           name: aaiconfig-conf
93           subPath: aaiconfig.properties
94         - mountPath: /opt/aai/logroot/AAI-SS
95           name: logs
96         - mountPath: /opt/app/aai-schema-service/resources/logback.xml
97           name: log-conf
98           subPath: logback.xml
99         - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml
100           name: localhost-access-log-conf
101           subPath: localhost-access-logback.xml
102         - mountPath: /opt/app/aai-schema-service/resources/etc/auth/realm.properties
103           name: realm-conf
104           subPath: realm.properties
105         - mountPath: /opt/app/aai-schema-service/resources/application.properties
106           name: springapp-conf
107           subPath: application.properties
108         ports:
109         - containerPort: {{ .Values.service.internalPort }}
110         - containerPort: {{ .Values.service.internalPort2 }}
111         # disable liveness probe when breakpoints set in debugger
112         # so K8s doesn't restart unresponsive container
113         {{ if .Values.liveness.enabled }}
114         livenessProbe:
115           tcpSocket:
116             port: {{ .Values.service.internalPort }}
117           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
118           periodSeconds: {{ .Values.liveness.periodSeconds }}
119         {{ end }}
120         readinessProbe:
121           tcpSocket:
122             port: {{ .Values.service.internalPort }}
123           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
124           periodSeconds: {{ .Values.readiness.periodSeconds }}
125         resources:
126 {{ include "common.resources" . | indent 12 }}
127       {{- if .Values.nodeSelector }}
128       nodeSelector:
129 {{ toYaml .Values.nodeSelector | indent 8 }}
130       {{- end -}}
131       {{- if .Values.affinity }}
132       affinity:
133 {{ toYaml .Values.affinity | indent 8 }}
134       {{- end }}
135
136       # side car containers
137       {{ include "common.log.sidecar" . | nindent 6 }}
138       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
139       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
140       - name: aai-common-aai-auth-mount
141         secret:
142           secretName: aai-common-aai-auth
143       - name: localtime
144         hostPath:
145           path: /etc/localtime
146       - name: logs
147         emptyDir: {}
148       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
149       - name: log-conf
150         configMap:
151           name: {{ include "common.fullname" . }}-log
152       - name: localhost-access-log-conf
153         configMap:
154           name: {{ include "common.fullname" . }}-localhost-access-log
155       - name: springapp-conf
156         configMap:
157           name: {{ include "common.fullname" . }}-springapp
158       - name: aaiconfig-conf
159         configMap:
160           name: {{ include "common.fullname" . }}-aaiconfig
161       - name: realm-conf
162         configMap:
163           name: {{ include "common.fullname" . }}-realm
164       restartPolicy: {{ .Values.restartPolicy }}
165       imagePullSecrets:
166       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).