Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[CONSUL] Add limits to consul chart.
[oom.git] / kubernetes / policy / components / policy-xacml-pdp / templates / deployment.yaml
1 #  ============LICENSE_START=======================================================
2 #   Copyright (C) 2020 AT&T Intellectual Property.
3 #  ================================================================================
4 #  Licensed under the Apache License, Version 2.0 (the "License");
5 #  you may not use this file except in compliance with the License.
6 #  You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 #  Unless required by applicable law or agreed to in writing, software
11 #  distributed under the License is distributed on an "AS IS" BASIS,
12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 #  See the License for the specific language governing permissions and
14 #  limitations under the License.
15 #
16 #  SPDX-License-Identifier: Apache-2.0
17 #  ============LICENSE_END=========================================================
18
19 apiVersion: apps/v1
20 kind: Deployment
21 metadata:
22   name: {{ include "common.fullname" . }}
23   namespace: {{ include "common.namespace" . }}
24   labels:
25     app: {{ include "common.name" . }}
26     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
27     release: {{ include "common.release" . }}
28     heritage: {{ .Release.Service }}
29 spec:
30   selector:
31     matchLabels:
32       app: {{ include "common.name" . }}
33   replicas: {{ .Values.replicaCount }}
34   template:
35     metadata:
36       labels:
37         app: {{ include "common.name" . }}
38         release: {{ include "common.release" . }}
39     spec:
40       initContainers:
41       - command:
42         - /app/ready.py
43         args:
44         - --job-name
45         - {{ include "common.release" . }}-policy-galera-config
46         env:
47         - name: NAMESPACE
48           valueFrom:
49             fieldRef:
50               apiVersion: v1
51               fieldPath: metadata.namespace
52         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
53         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
54         name: {{ include "common.name" . }}-readiness
55       - command:
56         - sh
57         args:
58         - -c
59         - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
60         env:
61         - name: RESTSERVER_USER
62           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
63         - name: RESTSERVER_PASSWORD
64           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
65         - name: API_USER
66           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
67         - name: API_PASSWORD
68           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
69         - name: SQL_USER
70           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
71         - name: SQL_PASSWORD
72           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
73         volumeMounts:
74         - mountPath: /config-input
75           name: pdpxconfig
76         - mountPath: /config
77           name: pdpxconfig-processed
78         image: "{{ .Values.global.envsubstImage }}"
79         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
80         name: {{ include "common.name" . }}-update-config
81 {{ include "common.certInitializer.initContainer" . | indent 6 }}
82       containers:
83         - name: {{ include "common.name" . }}
84           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
85           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
86 {{- if .Values.global.aafEnabled }}
87           command: ["bash","-c"]
88           args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
89                   /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
90 {{- else }}
91           command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
92           args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
93           env:
94           - name: KEYSTORE_PASSWD
95             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
96           - name: TRUSTSTORE_PASSWD
97             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
98 {{- end }}
99           ports:
100           - containerPort: {{ .Values.service.internalPort }}
101           # disable liveness probe when breakpoints set in debugger
102           # so K8s doesn't restart unresponsive container
103           {{- if eq .Values.liveness.enabled true }}
104           livenessProbe:
105             tcpSocket:
106               port: {{ .Values.service.internalPort }}
107             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
108             periodSeconds: {{ .Values.liveness.periodSeconds }}
109           {{ end -}}
110           readinessProbe:
111             tcpSocket:
112               port: {{ .Values.service.internalPort }}
113             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
114             periodSeconds: {{ .Values.readiness.periodSeconds }}
115           volumeMounts:
116 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
117           - mountPath: /etc/localtime
118             name: localtime
119             readOnly: true
120           - mountPath: /opt/app/policy/pdpx/etc/mounted
121             name: pdpxconfig-processed
122           resources:
123 {{ include "common.resources" . }}
124         {{- if .Values.nodeSelector }}
125         nodeSelector:
126 {{ toYaml .Values.nodeSelector | indent 10 }}
127         {{- end -}}
128         {{- if .Values.affinity }}
129         affinity:
130 {{ toYaml .Values.affinity | indent 10 }}
131         {{- end }}
132       volumes:
133 {{ include "common.certInitializer.volumes" . | indent 8 }}
134         - name: localtime
135           hostPath:
136              path: /etc/localtime
137         - name: pdpxconfig
138           configMap:
139             name: {{ include "common.fullname" . }}-configmap
140             defaultMode: 0755
141         - name: pdpxconfig-processed
142           emptyDir:
143             medium: Memory
144       imagePullSecrets:
145       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).