Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[POLICY] add env passwords to api/pap/xacml/dist
[oom.git] / kubernetes / policy / charts / policy-xacml-pdp / templates / deployment.yaml
1 apiVersion: extensions/v1beta1
2 kind: Deployment
3 metadata:
4   name: {{ include "common.fullname" . }}
5   namespace: {{ include "common.namespace" . }}
6   labels:
7     app: {{ include "common.name" . }}
8     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
9     release: {{ include "common.release" . }}
10     heritage: {{ .Release.Service }}
11 spec:
12   replicas: {{ .Values.replicaCount }}
13   template:
14     metadata:
15       labels:
16         app: {{ include "common.name" . }}
17         release: {{ include "common.release" . }}
18     spec:
19       initContainers:
20       - command:
21         - /root/ready.py
22         args:
23         - --container-name
24         - {{ include "common.release" . }}-galera-config
25         env:
26         - name: NAMESPACE
27           valueFrom:
28             fieldRef:
29               apiVersion: v1
30               fieldPath: metadata.namespace
31         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
32         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
33         name: {{ include "common.name" . }}-readiness
34       - command:
35         - sh
36         args:
37         - -c
38         - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
39         env:
40         - name: RESTSERVER_USER
41           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
42         - name: RESTSERVER_PASSWORD
43           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
44         - name: API_USER
45           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
46         - name: API_PASSWORD
47           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
48         - name: SQL_USER
49           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
50         - name: SQL_PASSWORD
51           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
52         volumeMounts:
53         - mountPath: /config-input
54           name: pdpxconfig
55         - mountPath: /config
56           name: pdpxconfig-processed
57         image: "{{ .Values.global.envsubstImage }}"
58         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
59         name: {{ include "common.name" . }}-update-config
60       containers:
61         - name: {{ include "common.name" . }}
62           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
63           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
64           command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
65           args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
66           env:
67           - name: KEYSTORE_PASSWD
68             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
69           - name: TRUSTSTORE_PASSWD
70             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
71           ports:
72           - containerPort: {{ .Values.service.internalPort }}
73           # disable liveness probe when breakpoints set in debugger
74           # so K8s doesn't restart unresponsive container
75           {{- if eq .Values.liveness.enabled true }}
76           livenessProbe:
77             tcpSocket:
78               port: {{ .Values.service.internalPort }}
79             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
80             periodSeconds: {{ .Values.liveness.periodSeconds }}
81           {{ end -}}
82           readinessProbe:
83             tcpSocket:
84               port: {{ .Values.service.internalPort }}
85             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
86             periodSeconds: {{ .Values.readiness.periodSeconds }}
87           volumeMounts:
88           - mountPath: /etc/localtime
89             name: localtime
90             readOnly: true
91           - mountPath: /opt/app/policy/pdpx/etc/mounted
92             name: pdpxconfig-processed
93             emptyDir:
94               medium: Memory
95           resources:
96 {{ include "common.resources" . | indent 12 }}
97         {{- if .Values.nodeSelector }}
98         nodeSelector:
99 {{ toYaml .Values.nodeSelector | indent 10 }}
100         {{- end -}}
101         {{- if .Values.affinity }}
102         affinity:
103 {{ toYaml .Values.affinity | indent 10 }}
104         {{- end }}
105       volumes:
106         - name: localtime
107           hostPath:
108              path: /etc/localtime
109         - name: pdpxconfig
110           configMap:
111             name: {{ include "common.fullname" . }}-configmap
112             defaultMode: 0755
113         - name: pdpxconfig-processed
114           emptyDir:
115             medium: Memory
116       imagePullSecrets:
117       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).