Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Run SDC pods as non-root
[oom.git] / kubernetes / sdc / charts / sdc-dcae-fe / templates / deployment.yaml
1 # Copyright © 2018 Amdocs, AT&T, Bell Canada
2 #
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
6 #
7 #       http://www.apache.org/licenses/LICENSE-2.0
8 #
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
14
15 apiVersion: extensions/v1beta1
16 kind: Deployment
17 metadata:
18   name: {{ include "common.fullname" . }}
19   namespace: {{ include "common.namespace" . }}
20   labels:
21     app: {{ include "common.name" . }}
22     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
23     release: {{ include "common.release" . }}
24     heritage: {{ .Release.Service }}
25 spec:
26   replicas: {{ .Values.replicaCount }}
27   template:
28     metadata:
29       labels:
30         app: {{ include "common.name" . }}
31         release: {{ include "common.release" . }}
32     spec:
33       initContainers:
34       - name: {{ include "common.name" . }}-readiness
35         command:
36         - /root/ready.py
37         args:
38         - --container-name
39         - sdc-dcae-be
40         env:
41         - name: NAMESPACE
42           valueFrom:
43             fieldRef:
44               apiVersion: v1
45               fieldPath: metadata.namespace
46         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
47         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
48       - name: {{ include "common.name" . }}-job-completion
49         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
50         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
51         command:
52         - /root/job_complete.py
53         args:
54         - --job-name
55         - {{ include "common.release" . }}-sdc-dcae-be-tools
56         env:
57         - name: NAMESPACE
58           valueFrom:
59             fieldRef:
60               apiVersion: v1
61               fieldPath: metadata.namespace
62       containers:
63         - name: {{ include "common.name" . }}
64           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
65           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
66           ports:
67           - containerPort: {{ .Values.service.internalPort }}
68           - containerPort: {{ .Values.service.internalPort2 }}
69           {{ if eq .Values.liveness.enabled true }}
70           livenessProbe:
71             tcpSocket:
72               port: {{ .Values.service.internalPort2 }}
73             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
74             periodSeconds: {{ .Values.liveness.periodSeconds }}
75           {{ end }}
76           readinessProbe:
77             httpGet:
78               path: /dcaed/healthCheck
79               port: {{ .Values.service.internalPort2 }}
80               scheme: HTTPS
81             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
82             periodSeconds: {{ .Values.readiness.periodSeconds }}
83           env:
84           - name: ENVNAME
85             value: {{ .Values.global.env.name }}
86           - name: JAVA_OPTIONS
87             value: {{ .Values.config.javaOptions }}
88           - name: HOST_IP
89             valueFrom:
90               fieldRef:
91                 fieldPath: status.podIP
92           volumeMounts:
93           - name: {{ include "common.fullname" . }}-environments
94             mountPath: /var/lib/jetty/chef-solo/environments/
95           - name: {{ include "common.fullname" . }}-localtime
96             mountPath: /etc/localtime
97             readOnly: true
98           - name: {{ include "common.fullname" . }}-logs
99             mountPath: /var/lib/jetty/logs
100           - name: {{ include "common.fullname" . }}-logback
101             mountPath: /tmp/logback.xml
102             subPath: logback.xml
103           lifecycle:
104             postStart:
105               exec:
106                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
107           resources:
108 {{ include "common.resources" . | indent 12 }}
109         {{- if .Values.nodeSelector }}
110         nodeSelector:
111 {{ toYaml .Values.nodeSelector | indent 10 }}
112         {{- end -}}
113         {{- if .Values.affinity }}
114         affinity:
115 {{ toYaml .Values.affinity | indent 10 }}
116         {{- end }}
117
118         # side car containers
119         - name: {{ include "common.name" . }}-filebeat-onap
120           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
121           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
122           volumeMounts:
123           - name: {{ include "common.fullname" . }}-filebeat-conf
124             mountPath: /usr/share/filebeat/filebeat.yml
125             subPath: filebeat.yml
126           - name: {{ include "common.fullname" . }}-logs
127             mountPath: /var/log/onap
128           - name: {{ include "common.fullname" . }}-data-filebeat
129             mountPath: /usr/share/filebeat/data
130       volumes:
131         - name: {{ include "common.fullname" . }}-localtime
132           hostPath:
133             path: /etc/localtime
134         - name: {{ include "common.fullname" . }}-filebeat-conf
135           configMap:
136             name: {{ include "common.release" . }}-sdc-filebeat-configmap
137         - name: {{ include "common.fullname" . }}-data-filebeat
138           emptyDir: {}
139         - name: {{ include "common.fullname" . }}-logback
140           configMap:
141             name : {{ include "common.fullname" . }}-logging-configmap
142         - name: {{ include "common.fullname" . }}-environments
143           configMap:
144             name: {{ include "common.release" . }}-sdc-environments-configmap
145             defaultMode: 0755
146         - name:  {{ include "common.fullname" . }}-logs
147           emptyDir: {}
148       imagePullSecrets:
149       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).