Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Run SDC pods as non-root
[oom.git] / kubernetes / sdc / charts / sdc-be / templates / deployment.yaml
1 # Copyright © 2017 Amdocs, AT&T, Bell Canada
2 # Modifications Copyright © 2018 ZTE
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 apiVersion: extensions/v1beta1
17 kind: Deployment
18 metadata:
19   name: {{ include "common.fullname" . }}
20   namespace: {{ include "common.namespace" . }}
21   labels:
22     app: {{ include "common.name" . }}
23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24     release: {{ include "common.release" . }}
25     heritage: {{ .Release.Service }}
26 spec:
27   replicas: {{ .Values.replicaCount }}
28   template:
29     metadata:
30       labels:
31         app: {{ include "common.name" . }}
32         release: {{ include "common.release" . }}
33     spec:
34       initContainers:
35       - name: {{ include "common.name" . }}-readiness
36         command:
37         - /root/ready.py
38         args:
39         - --container-name
40         - "sdc-onboarding-be"
41         env:
42         - name: NAMESPACE
43           valueFrom:
44             fieldRef:
45               apiVersion: v1
46               fieldPath: metadata.namespace
47         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
48         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
49       - name: {{ include "common.name" . }}-job-completion
50         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
51         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
52         command:
53         - /root/job_complete.py
54         args:
55         - --job-name
56         - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
57         env:
58         - name: NAMESPACE
59           valueFrom:
60             fieldRef:
61               apiVersion: v1
62               fieldPath: metadata.namespace
63       containers:
64         - name: {{ include "common.name" . }}
65           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
66           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
67           ports:
68           - containerPort: {{ .Values.service.internalPort }}
69           - containerPort: {{ .Values.service.internalPort2 }}
70           {{ if eq .Values.liveness.enabled true }}
71           livenessProbe:
72             httpGet:
73               path: /sdc2/rest/healthCheck
74               port: {{ .Values.service.internalPort }}
75               scheme: HTTPS
76             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
77             periodSeconds: {{ .Values.liveness.periodSeconds }}
78             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
79           {{ end }}
80           readinessProbe:
81             exec:
82               command:
83               - "/var/lib/jetty/ready-probe.sh"
84             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
85             periodSeconds: {{ .Values.readiness.periodSeconds }}
86             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
87           resources:
88 {{ include "common.resources" . | indent 12 }}
89           env:
90           - name: ENVNAME
91             value: {{ .Values.global.env.name }}
92           - name: JAVA_OPTIONS
93             value: {{ .Values.config.javaOptions }}
94           - name: cassandra_ssl_enabled
95             value: {{ .Values.config.cassandraSslEnabled | quote }}
96           - name: HOST_IP
97             valueFrom:
98               fieldRef:
99                 fieldPath: status.podIP
100           volumeMounts:
101           - name: {{ include "common.fullname" . }}-environments
102             mountPath: /var/lib/jetty/chef-solo/environments/
103           - name: {{ include "common.fullname" . }}-localtime
104             mountPath: /etc/localtime
105             readOnly: true
106           - name: {{ include "common.fullname" . }}-logs
107             mountPath: /var/log/onap
108           - name: {{ include "common.fullname" . }}-logback
109             mountPath: /tmp/logback.xml
110             subPath: logback.xml
111           lifecycle:
112             postStart:
113               exec:
114                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
115         # side car containers
116         - name: {{ include "common.name" . }}-filebeat-onap
117           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
118           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
119           volumeMounts:
120           - name: {{ include "common.fullname" . }}-filebeat-conf
121             mountPath: /usr/share/filebeat/filebeat.yml
122             subPath: filebeat.yml
123           - name: {{ include "common.fullname" . }}-logs
124             mountPath: /var/log/onap
125           - name: {{ include "common.fullname" . }}-data-filebeat
126             mountPath: /usr/share/filebeat/data
127       volumes:
128       - name: {{ include "common.fullname" . }}-localtime
129         hostPath:
130           path: /etc/localtime
131       - name: {{ include "common.fullname" . }}-filebeat-conf
132         configMap:
133           name: {{ include "common.release" . }}-sdc-filebeat-configmap
134       - name: {{ include "common.fullname" . }}-data-filebeat
135         emptyDir: {}
136       - name: {{ include "common.fullname" . }}-logback
137         configMap:
138           name : {{ include "common.fullname" . }}-logging-configmap
139       - name: {{ include "common.fullname" . }}-environments
140         configMap:
141           name: {{ include "common.release" . }}-sdc-environments-configmap
142           defaultMode: 0755
143       - name:  {{ include "common.fullname" . }}-logs
144         emptyDir: {}
145       imagePullSecrets:
146       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).