kubernetes/aai/components/aai-traversal/templates/deployment.yaml

   1 {{/*
   2 # Copyright (c) 2017 Amdocs, Bell Canada
   3 # Modifications Copyright (c) 2018 AT&T
   4 # Modifications Copyright (c) 2020 Nokia, Orange
   5 # Modifications Copyright (c) 2021 Orange
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #       http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 */}}
  19
  20 apiVersion: apps/v1
  21 kind: Deployment
  22 metadata:
  23   name: {{ include "common.fullname" . }}
  24   namespace: {{ include "common.namespace" . }}
  25   labels:
  26     app: {{ include "common.name" . }}
  27     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  28     release: {{ include "common.release" . }}
  29     heritage: {{ .Release.Service }}
  30 spec:
  31   replicas: {{ .Values.replicaCount }}
  32   minReadySeconds: {{ .Values.minReadySeconds }}
  33   strategy:
  34     type: {{ .Values.updateStrategy.type }}
  35     rollingUpdate:
  36       maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
  37       maxSurge: {{ .Values.updateStrategy.maxSurge }}
  38   selector:
  39     matchLabels:
  40       app: {{ include "common.name" . }}
  41   template:
  42     metadata:
  43       labels:
  44         app: {{ include "common.name" . }}
  45         release: {{ include "common.release" . }}
  46       name: {{ include "common.name" . }}
  47       annotations:
  48         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  49       {{- if .Values.global.msbEnabled }}
  50         {{ $values := .Values }}
  51         msb.onap.org/service-info: '[
  52         {{- range $api_endpoint := $values.aai_enpoints -}}
  53           {{- range $api_version := $values.api_list }}
  54           {
  55               "serviceName": "_{{ $api_endpoint.name }}",
  56               "version": "v{{ $api_version }}",
  57               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  58               "protocol": "REST",
  59               "port": "8446",
  60               "enable_ssl": true,
  61               "lb_policy":"ip_hash",
  62               "visualRange": "1",
  63               "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
  64           },
  65           {
  66               "serviceName": "{{ $api_endpoint.name }}",
  67               "version": "v{{ $api_version }}",
  68               "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
  69               "protocol": "REST",
  70               "port": "8446",
  71               "enable_ssl": true,
  72               "lb_policy":"ip_hash",
  73               "visualRange": "1"
  74           },
  75           {{- end }}
  76         {{- end }}
  77           {
  78               "serviceName": "_aai-named-query",
  79               "url": "/aai/search",
  80               "protocol": "REST",
  81               "port": "8446",
  82               "enable_ssl": true,
  83               "lb_policy":"ip_hash",
  84               "visualRange": "1",
  85               "path": "/aai/search"
  86           },
  87           {
  88               "serviceName": "aai-named-query",
  89               "url": "/aai/search",
  90               "protocol": "REST",
  91               "port": "8446",
  92               "enable_ssl": true,
  93               "lb_policy":"ip_hash",
  94               "visualRange": "1"
  95           }
  96           ]'
  97       {{- end }}
  98     spec:
  99       hostname: aai-traversal
 100       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
 101       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
 102       - command:
 103         - /app/ready.py
 104         args:
 105       {{- if .Values.global.jobs.migration.enabled }}
 106         - --job-name
 107         - {{ include "common.release" . }}-aai-graphadmin-migration
 108       {{- else  }}
 109         {{- if .Values.global.jobs.createSchema.enabled  }}
 110         - --job-name
 111         - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
 112         {{- else }}
 113         - --container-name
 114           {{- if .Values.global.cassandra.localCluster }}
 115         - aai-cassandra
 116           {{- else }}
 117         - cassandra
 118           {{- end }}
 119         - --container-name
 120         - aai-schema-service
 121         {{- end }}
 122       {{- end }}
 123         env:
 124         - name: NAMESPACE
 125           valueFrom:
 126             fieldRef:
 127               apiVersion: v1
 128               fieldPath: metadata.namespace
 129         image: {{ include "repositoryGenerator.image.readiness" . }}
 130         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 131         name: {{ include "common.name" . }}-readiness
 132       containers:
 133       - name: {{ include "common.name" . }}
 134         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
 135         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 136         command:
 137         - sh
 138         args:
 139         - -c
 140         - |
 141           echo "*** retrieve Truststore and Keystore password"
 142           export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
 143           echo "*** actual launch of AAI Resources"
 144           /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
 145         env:
 146         - name: TRUSTORE_ALL_PASSWORD
 147           value: {{ .Values.certInitializer.truststorePassword }}
 148         - name: DISABLE_UPDATE_QUERY
 149           value: {{ .Values.config.disableUpdateQuery | quote }}
 150         - name: LOCAL_USER_ID
 151           value: {{ .Values.global.config.userId | quote }}
 152         - name: LOCAL_GROUP_ID
 153           value: {{ .Values.global.config.groupId | quote }}
 154         - name: INTERNAL_PORT_1
 155           value: {{ .Values.service.internalPort | quote }}
 156         - name: INTERNAL_PORT_2
 157           value: {{ .Values.service.internalPort2 | quote }}
 158         - name: INTERNAL_PORT_3
 159           value: {{ .Values.service.internalPort3 | quote }}
 160         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
 161         - mountPath: /etc/localtime
 162           name: localtime
 163           readOnly: true
 164         - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
 165           name: {{ include "common.fullname" . }}-config
 166           subPath: janusgraph-realtime.properties
 167         - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
 168           name: {{ include "common.fullname" . }}-config
 169           subPath: janusgraph-cached.properties
 170         - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
 171           name: {{ include "common.fullname" . }}-config
 172           subPath: aaiconfig.properties
 173         - mountPath: /opt/aai/logroot/AAI-GQ
 174           name: logs
 175         - mountPath: /opt/aai/logroot/AAI-GQ/misc
 176           name: {{ include "common.fullname" . }}-logs-misc
 177         - mountPath: /opt/app/aai-traversal/resources/logback.xml
 178           name: {{ include "common.fullname" . }}-config
 179           subPath: logback.xml
 180         - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
 181           name: {{ include "common.fullname" . }}-config
 182           subPath: localhost-access-logback.xml
 183         - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
 184           name: {{ include "common.fullname" . }}-config
 185           subPath: realm.properties
 186         - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv
 187           name: {{ include "common.fullname" . }}-aaf-certs
 188           subPath: bath_config.csv
 189         - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props
 190           name: {{ include "common.fullname" . }}-aaf-properties
 191           subPath: org.onap.aai.props
 192         - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props
 193           name: {{ include "common.fullname" . }}-aaf-properties
 194           subPath: org.osaaf.location.props
 195         - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties
 196           name: {{ include "common.fullname" . }}-aaf-properties
 197           subPath: permissions.properties
 198         - mountPath: /opt/app/aai-traversal/resources/cadi.properties
 199           name: {{ include "common.fullname" . }}-aaf-properties
 200           subPath: cadi.properties
 201         - mountPath: /opt/app/aai-traversal/resources/application.properties
 202           name: {{ include "common.fullname" . }}-config
 203           subPath: application.properties
 204         - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties
 205           name: {{ include "common.fullname" . }}-config
 206           subPath: application-keycloak.properties
 207         ports:
 208         - containerPort: {{ .Values.service.internalPort }}
 209         - containerPort: {{ .Values.service.internalPort2 }}
 210         - containerPort: {{ .Values.service.internalPort3 }}
 211         lifecycle:
 212           # wait for active requests (long-running tasks) to be finished
 213           # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
 214           preStop:
 215             exec:
 216               command:
 217                 - sh
 218                 - -c
 219                 - |
 220                   while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
 221                   do sleep 10
 222                   done
 223         # disable liveness probe when breakpoints set in debugger
 224         # so K8s doesn't restart unresponsive container
 225         {{ if .Values.liveness.enabled }}
 226         livenessProbe:
 227           httpGet:
 228             path: /aai/util/echo?action=checkDB
 229             port: {{ .Values.service.internalPort }}
 230             scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
 231             httpHeaders:
 232             - name: X-FromAppId
 233               value: LivenessCheck
 234             - name: X-TransactionId
 235               value: LiveCheck_TID
 236             - name: Accept
 237               value: application/json
 238           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 239           periodSeconds: {{ .Values.liveness.periodSeconds }}
 240         {{ end }}
 241         readinessProbe:
 242           httpGet:
 243             path: /aai/util/echo?action=checkDB
 244             port: {{ .Values.service.internalPort }}
 245             scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
 246             httpHeaders:
 247             - name: X-FromAppId
 248               value: ReadinessCheck
 249             - name: X-TransactionId
 250               value: ReadinessCheck_TID
 251             - name: Accept
 252               value: application/json
 253           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 254           periodSeconds: {{ .Values.readiness.periodSeconds }}
 255         resources: {{ include "common.resources" . | nindent 12 }}
 256       {{- if .Values.nodeSelector }}
 257       nodeSelector:
 258 {{ toYaml .Values.nodeSelector | indent 8 }}
 259       {{- end }}
 260       {{- if .Values.affinity }}
 261       affinity:
 262 {{ toYaml .Values.affinity | indent 8 }}
 263       {{- end }}
 264
 265       # side car containers
 266       {{ include "common.log.sidecar" . | nindent 6 }}
 267       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
 268       volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
 269       - name: localtime
 270         hostPath:
 271           path: /etc/localtime
 272       - name: logs
 273         emptyDir: {}
 274       - name: {{ include "common.fullname" . }}-logs-misc
 275         emptyDir: {}
 276       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
 277       - name: {{ include "common.fullname" . }}-config
 278         configMap:
 279           name: {{ include "common.fullname" . }}
 280       - name: {{ include "common.fullname" . }}-aaf-properties
 281         configMap:
 282           name: {{ include "common.fullname" . }}-aaf-props
 283       - name: {{ include "common.fullname" . }}-aaf-certs
 284         secret:
 285           secretName: {{ include "common.fullname" . }}-aaf
 286       - name: aai-common-aai-auth-mount
 287         secret:
 288           secretName: aai-common-aai-auth
 289       restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
 290       imagePullSecrets:
 291       - name: "{{ include "common.namespace" . }}-docker-registry-key"