kubernetes/policy/components/policy-api/templates/deployment.yaml

   1 apiVersion: apps/v1
   2 kind: Deployment
   3 metadata:
   4   name: {{ include "common.fullname" . }}
   5   namespace: {{ include "common.namespace" . }}
   6   labels:
   7     app: {{ include "common.name" . }}
   8     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
   9     release: {{ include "common.release" . }}
  10     heritage: {{ .Release.Service }}
  11 spec:
  12   selector:
  13     matchLabels:
  14       app: {{ include "common.name" . }}
  15   replicas: {{ .Values.replicaCount }}
  16   template:
  17     metadata:
  18       labels:
  19         app: {{ include "common.name" . }}
  20         release: {{ include "common.release" . }}
  21     spec:
  22       initContainers:
  23         - command:
  24           - /app/ready.py
  25           args:
  26           - --job-name
  27           - {{ include "common.release" . }}-policy-galera-config
  28           env:
  29           - name: NAMESPACE
  30             valueFrom:
  31               fieldRef:
  32                 apiVersion: v1
  33                 fieldPath: metadata.namespace
  34           image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
  35           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  36           name: {{ include "common.name" . }}-readiness
  37         - command:
  38           - sh
  39           args:
  40           - -c
  41           - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
  42           env:
  43           - name: SQL_USER
  44             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
  45           - name: SQL_PASSWORD
  46             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
  47           - name: RESTSERVER_USER
  48             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
  49           - name: RESTSERVER_PASSWORD
  50             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
  51           volumeMounts:
  52           - mountPath: /config-input
  53             name: apiconfig
  54           - mountPath: /config
  55             name: apiconfig-processed
  56           image: "{{ .Values.global.envsubstImage }}"
  57           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  58           name: {{ include "common.name" . }}-update-config
  59 {{ include "common.certInitializer.initContainer" . | indent 8 }}
  60       containers:
  61         - name: {{ include "common.name" . }}
  62           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  63           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  64 {{- if .Values.global.aafEnabled }}
  65           command: ["bash","-c"]
  66           args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
  67                   cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
  68                   /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
  69 {{- else }}
  70           command: ["/opt/app/policy/api/bin/policy-api.sh"]
  71           args: ["/opt/app/policy/api/etc/mounted/config.json"]
  72           env:
  73           - name: KEYSTORE_PASSWD
  74             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
  75           - name: TRUSTSTORE_PASSWD
  76             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
  77 {{- end }}
  78           ports:
  79           - containerPort: {{ .Values.service.internalPort }}
  80           # disable liveness probe when breakpoints set in debugger
  81           # so K8s doesn't restart unresponsive container
  82           {{- if eq .Values.liveness.enabled true }}
  83           livenessProbe:
  84             tcpSocket:
  85               port: {{ .Values.service.internalPort }}
  86             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  87             periodSeconds: {{ .Values.liveness.periodSeconds }}
  88           {{ end -}}
  89           readinessProbe:
  90             tcpSocket:
  91               port: {{ .Values.service.internalPort }}
  92             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
  93             periodSeconds: {{ .Values.readiness.periodSeconds }}
  94           volumeMounts:
  95 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
  96           - mountPath: /etc/localtime
  97             name: localtime
  98             readOnly: true
  99           - mountPath: /opt/app/policy/api/etc/mounted
 100             name: apiconfig-processed
 101           resources:
 102 {{ include "common.resources" . }}
 103         {{- if .Values.nodeSelector }}
 104         nodeSelector:
 105 {{ toYaml .Values.nodeSelector | indent 10 }}
 106         {{- end -}}
 107         {{- if .Values.affinity }}
 108         affinity:
 109 {{ toYaml .Values.affinity | indent 10 }}
 110         {{- end }}
 111       volumes:
 112 {{ include "common.certInitializer.volumes" . | indent 8 }}
 113         - name: localtime
 114           hostPath:
 115              path: /etc/localtime
 116         - name: apiconfig
 117           configMap:
 118             name: {{ include "common.fullname" . }}-configmap
 119             defaultMode: 0755
 120         - name: apiconfig-processed
 121           emptyDir:
 122             medium: Memory
 123       imagePullSecrets:
 124       - name: "{{ include "common.namespace" . }}-docker-registry-key"