Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[GENERAL] Use readiness container v3.0.1
[oom.git] / kubernetes / policy / components / policy-xacml-pdp / templates / deployment.yaml
1 #  ============LICENSE_START=======================================================
2 #   Copyright (C) 2020 AT&T Intellectual Property.
3 #  ================================================================================
4 #  Licensed under the Apache License, Version 2.0 (the "License");
5 #  you may not use this file except in compliance with the License.
6 #  You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 #  Unless required by applicable law or agreed to in writing, software
11 #  distributed under the License is distributed on an "AS IS" BASIS,
12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 #  See the License for the specific language governing permissions and
14 #  limitations under the License.
15 #
16 #  SPDX-License-Identifier: Apache-2.0
17 #  ============LICENSE_END=========================================================
18
19 apiVersion: apps/v1
20 kind: Deployment
21 metadata:
22   name: {{ include "common.fullname" . }}
23   namespace: {{ include "common.namespace" . }}
24   labels:
25     app: {{ include "common.name" . }}
26     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
27     release: {{ include "common.release" . }}
28     heritage: {{ .Release.Service }}
29 spec:
30   selector:
31     matchLabels:
32       app: {{ include "common.name" . }}
33   replicas: {{ .Values.replicaCount }}
34   template:
35     metadata:
36       labels:
37         app: {{ include "common.name" . }}
38         release: {{ include "common.release" . }}
39     spec:
40       initContainers:
41       - command:
42         - /app/ready.py
43         args:
44         - --job-name
45         - {{ include "common.release" . }}-policy-galera-config
46         env:
47         - name: NAMESPACE
48           valueFrom:
49             fieldRef:
50               apiVersion: v1
51               fieldPath: metadata.namespace
52         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
53         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
54         name: {{ include "common.name" . }}-readiness
55       - command:
56         - sh
57         args:
58         - -c
59         - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
60         env:
61         - name: RESTSERVER_USER
62           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
63         - name: RESTSERVER_PASSWORD
64           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
65         - name: API_USER
66           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
67         - name: API_PASSWORD
68           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
69         - name: SQL_USER
70           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
71         - name: SQL_PASSWORD
72           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
73         volumeMounts:
74         - mountPath: /config-input
75           name: pdpxconfig
76         - mountPath: /config
77           name: pdpxconfig-processed
78         image: "{{ .Values.global.envsubstImage }}"
79         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
80         name: {{ include "common.name" . }}-update-config
81 {{ include "common.certInitializer.initContainer" . | indent 6 }}
82       containers:
83         - name: {{ include "common.name" . }}
84           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
85           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
86 {{- if .Values.global.aafEnabled }}
87           command: ["bash","-c"]
88           args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
89                   cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
90                   /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
91 {{- else }}
92           command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
93           args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
94           env:
95           - name: KEYSTORE_PASSWD
96             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
97           - name: TRUSTSTORE_PASSWD
98             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
99 {{- end }}
100           ports:
101           - containerPort: {{ .Values.service.internalPort }}
102           # disable liveness probe when breakpoints set in debugger
103           # so K8s doesn't restart unresponsive container
104           {{- if eq .Values.liveness.enabled true }}
105           livenessProbe:
106             tcpSocket:
107               port: {{ .Values.service.internalPort }}
108             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
109             periodSeconds: {{ .Values.liveness.periodSeconds }}
110           {{ end -}}
111           readinessProbe:
112             tcpSocket:
113               port: {{ .Values.service.internalPort }}
114             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
115             periodSeconds: {{ .Values.readiness.periodSeconds }}
116           volumeMounts:
117 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
118           - mountPath: /etc/localtime
119             name: localtime
120             readOnly: true
121           - mountPath: /opt/app/policy/pdpx/etc/mounted
122             name: pdpxconfig-processed
123             emptyDir:
124               medium: Memory
125           resources:
126 {{ include "common.resources" . }}
127         {{- if .Values.nodeSelector }}
128         nodeSelector:
129 {{ toYaml .Values.nodeSelector | indent 10 }}
130         {{- end -}}
131         {{- if .Values.affinity }}
132         affinity:
133 {{ toYaml .Values.affinity | indent 10 }}
134         {{- end }}
135       volumes:
136 {{ include "common.certInitializer.volumes" . | indent 8 }}
137         - name: localtime
138           hostPath:
139              path: /etc/localtime
140         - name: pdpxconfig
141           configMap:
142             name: {{ include "common.fullname" . }}-configmap
143             defaultMode: 0755
144         - name: pdpxconfig-processed
145           emptyDir:
146             medium: Memory
147       imagePullSecrets:
148       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).