Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "[PORTAL] Non-root user for back-end database"
[oom.git] / kubernetes / portal / components / portal-app / templates / deployment.yaml
1 # Copyright © 2017 Amdocs, Bell Canada
2 # Modifications Copyright © 2020 AT&T
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 apiVersion: apps/v1
17 kind: Deployment
18 metadata:
19   name: {{ include "common.fullname" . }}
20   namespace: {{ include "common.namespace" . }}
21   labels:
22     app: {{ include "common.name" . }}
23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24     release: {{ include "common.release" . }}
25     heritage: {{ .Release.Service }}
26 spec:
27   selector:
28     matchLabels:
29       app: {{ include "common.name" . }}
30   replicas: {{ .Values.replicaCount }}
31   template:
32     metadata:
33       labels:
34         app: {{ include "common.name" . }}
35         release: {{ include "common.release" . }}
36     spec:
37       initContainers:
38       - name: {{ include "common.name" . }}-job-completion
39         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
40         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
41         command:
42         - /app/ready.py
43         args:
44         - --job-name
45         - {{ include "common.release" . }}-portal-db-config
46         env:
47         - name: NAMESPACE
48           valueFrom:
49             fieldRef:
50               apiVersion: v1
51               fieldPath: metadata.namespace
52       - name: {{ include "common.name" . }}-portal-config
53         image: "{{ .Values.global.envsubstImage }}"
54         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
55         command: ["/bin/sh"]
56         args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
57         env:
58           - name: CASSA_USER
59             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
60           - name: CASSA_PASSWORD
61             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
62           - name: CIPHER_ENC_KEY
63             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
64           - name: PORTAL_DB_USER
65             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
66           - name: PORTAL_DB_PASSWORD
67             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
68         volumeMounts:
69         - mountPath: /config-input
70           name: properties-onapportal-scrubbed
71         - mountPath: /config
72           name: properties-onapportal
73 {{ include "common.certInitializer.initContainer" . | indent 6 }}
74       containers:
75       - name: {{ include "common.name" . }}
76         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
77         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
78         command: ["bash","-c"]
79         {{- if .Values.global.aafEnabled }}
80         args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\
81                export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
82               -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
83               /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
84         env:
85           - name: CATALINA_OPTS
86             value: >
87               -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}"
88               -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}"
89         {{- else }}
90         args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
91         {{- end }}
92         ports:
93         - containerPort: {{ .Values.service.internalPort }}
94         - containerPort: {{ .Values.service.internalPort2 }}
95         - containerPort: {{ .Values.service.internalPort3 }}
96         - containerPort: {{ .Values.service.internalPort4 }}
97         {{- if eq .Values.liveness.enabled true }}
98         livenessProbe:
99           tcpSocket:
100             port: {{ .Values.service.internalPort }}
101           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
102           periodSeconds: {{ .Values.liveness.periodSeconds }}
103         {{ end -}}
104         readinessProbe:
105           tcpSocket:
106             port: {{ .Values.service.internalPort }}
107           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
108           periodSeconds: {{ .Values.readiness.periodSeconds }}
109         volumeMounts:
110 {{ include "common.certInitializer.volumeMount" . | indent 8 }}
111         - mountPath: /etc/localtime
112           name: localtime
113           readOnly: true
114         - name: properties-onapportal
115           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/fusion/conf/fusion.properties"
116           subPath: fusion.properties
117         - name: properties-onapportal
118           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/openid-connect.properties"
119           subPath: openid-connect.properties
120         - name: properties-onapportal
121           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/conf/system.properties"
122           subPath: system.properties
123         - name: properties-onapportal
124           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
125           subPath: portal.properties
126         - name: properties-onapportal
127           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
128           subPath: key.properties
129         - name: properties-onapportal
130           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
131           subPath: music.properties
132         - name: properties-onapportal
133           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/logback.xml"
134           subPath: logback.xml
135         - name: properties-onapportal
136           mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
137           subPath: server.xml
138         - name: properties-onapportal
139           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
140           subPath: web.xml
141         - name: properties-onapportal
142           mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
143         - name: var-log-onap
144           mountPath: /var/log/onap
145         resources:
146 {{ include "common.resources" . }}
147       {{- if .Values.nodeSelector }}
148       nodeSelector:
149 {{ toYaml .Values.nodeSelector | indent 10 }}
150       {{- end -}}
151 {{- if .Values.affinity }}
152       affinity:
153 {{ toYaml .Values.affinity | indent 10 }}
154       {{- end }}
155       - name: filebeat-onap
156         image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
157         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
158         volumeMounts:
159         - mountPath: /usr/share/filebeat/filebeat.yml
160           name: filebeat-conf
161           subPath: filebeat.yml
162         - name: portal-data-filebeat
163           mountPath: /usr/share/filebeat/data
164         - name: var-log-onap
165           mountPath: /var/log/onap
166       volumes:
167 {{ include "common.certInitializer.volumes" . | indent 8 }}
168         - name: localtime
169           hostPath:
170             path: /etc/localtime
171         - name: properties-onapportal
172           emptyDir:
173             medium: Memory
174         - name: properties-onapportal-scrubbed
175           configMap:
176             name: {{ include "common.fullname" . }}-onapportal
177             defaultMode: 0755
178         - name: filebeat-conf
179           configMap:
180             name: portal-filebeat
181         - name: var-log-onap
182           emptyDir: {}
183         - name: portal-data-filebeat
184           emptyDir: {}
185         - name: portal-tomcat-logs
186           emptyDir: {}
187       imagePullSecrets:
188       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).