Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Set sdc onboarding volume mount permissions
[oom.git] / kubernetes / sdc / charts / sdc-onboarding-be / templates / deployment.yaml
1 # Copyright © 2017 Amdocs, AT&T, Bell Canada
2 # Modifications Copyright © 2018  ZTE
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 apiVersion: extensions/v1beta1
17 kind: Deployment
18 metadata:
19   name: {{ include "common.fullname" . }}
20   namespace: {{ include "common.namespace" . }}
21   labels:
22     app: {{ include "common.name" . }}
23     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24     release: {{ include "common.release" . }}
25     heritage: {{ .Release.Service }}
26 spec:
27   replicas: {{ .Values.replicaCount }}
28   template:
29     metadata:
30       labels:
31         app: {{ include "common.name" . }}
32         release: {{ include "common.release" . }}
33     spec:
34       initContainers:
35       - name: {{ include "common.name" . }}-job-completion
36         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
37         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
38         command:
39         - /root/job_complete.py
40         args:
41         - --job-name
42         - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
43         env:
44         - name: NAMESPACE
45           valueFrom:
46             fieldRef:
47               apiVersion: v1
48               fieldPath: metadata.namespace
49       - name: {{ include "common.name" . }}-update-config
50         image: "{{ .Values.global.envsubstImage }}"
51         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
52         command:
53           - sh
54         args:
55           - -c
56           - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
57         env:
58           - name: KEYSTORE_PASS
59             valueFrom:
60               secretKeyRef:
61                 name: {{ include "common.release" . }}-sdc-cs-secrets
62                 key: keystore_password
63           - name: TRUSTSTORE_PASS
64             valueFrom:
65               secretKeyRef:
66                 name: {{ include "common.release" . }}-sdc-cs-secrets
67                 key: truststore_password
68         volumeMounts:
69           - name: {{ include "common.fullname" . }}-environments
70             mountPath: /config-input/
71           - name: sdc-environments-output
72             mountPath: /config-output/
73       - name: volume-permissions
74         image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
75         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
76         command:
77           - /bin/sh
78           - -c
79           - |
80             chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
81         securityContext:
82           runAsUser: 0
83         volumeMounts:
84           - name: {{ include "common.fullname" . }}-cert-storage
85             mountPath: "/onboard/cert"
86       containers:
87         - name: {{ include "common.name" . }}
88           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
89           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
90           ports:
91           - containerPort: {{ .Values.service.internalPort }}
92           - containerPort: {{ .Values.service.internalPort2 }}
93           {{ if eq .Values.liveness.enabled true }}
94           livenessProbe:
95             exec:
96               command:
97               - "/var/lib/jetty/ready-probe.sh"
98             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
99             periodSeconds: {{ .Values.liveness.periodSeconds }}
100             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
101           {{ end }}
102           readinessProbe:
103             exec:
104               command:
105               - "/var/lib/jetty/ready-probe.sh"
106             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
107             periodSeconds: {{ .Values.readiness.periodSeconds }}
108             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
109           resources:
110 {{ include "common.resources" . | indent 12 }}
111           env:
112           - name: ENVNAME
113             value: {{ .Values.global.env.name }}
114           - name: JAVA_OPTIONS
115             value: {{ .Values.config.javaOptions }}
116           - name: SDC_CLUSTER_NAME
117             value: "SDC-CS-{{ .Values.global.env.name }}"
118           - name: cassandra_ssl_enabled
119             value: {{ .Values.config.cassandraSslEnabled | quote }}
120           - name: HOST_IP
121             valueFrom:
122               fieldRef:
123                 fieldPath: status.podIP
124           - name: SDC_USER
125             valueFrom:
126               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
127           - name: SDC_PASSWORD
128             valueFrom:
129               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
130           - name: SDC_CERT_DIR
131             value: {{ .Values.cert.certDir }}
132           volumeMounts:
133           - name: sdc-environments-output
134             mountPath: /var/lib/jetty/chef-solo/environments/
135           - name: sdc-cert
136             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
137             subPath: org.onap.sdc.p12
138           - name: sdc-cert
139             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
140             subPath: org.onap.sdc.trust.jks
141           - name: {{ include "common.fullname" . }}-localtime
142             mountPath: /etc/localtime
143             readOnly: true
144           - name: {{ include "common.fullname" . }}-logs
145             mountPath: /var/log/onap
146           - name: {{ include "common.fullname" . }}-logback
147             mountPath: /tmp/logback.xml
148             subPath: logback.xml
149           - name: {{ include "common.fullname" . }}-cert-storage
150             mountPath: "{{ .Values.cert.certDir }}"
151           lifecycle:
152             postStart:
153               exec:
154                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
155         # side car containers
156         - name: {{ include "common.name" . }}-filebeat-onap
157           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
158           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
159           volumeMounts:
160           - name: {{ include "common.fullname" . }}-filebeat-conf
161             mountPath: /usr/share/filebeat/filebeat.yml
162             subPath: filebeat.yml
163           - name: {{ include "common.fullname" . }}-logs
164             mountPath: /var/log/onap
165           - name: {{ include "common.fullname" . }}-data-filebeat
166             mountPath: /usr/share/filebeat/data
167       volumes:
168       - name: {{ include "common.fullname" . }}-localtime
169         hostPath:
170           path: /etc/localtime
171       - name: sdc-cert
172         secret:
173           secretName: sdc-cert
174       - name: {{ include "common.fullname" . }}-filebeat-conf
175         configMap:
176           name: {{ include "common.release" . }}-sdc-filebeat-configmap
177       - name: {{ include "common.fullname" . }}-data-filebeat
178         emptyDir: {}
179       - name: {{ include "common.fullname" . }}-logback
180         configMap:
181           name : {{ include "common.fullname" . }}-logging-configmap
182       - name: {{ include "common.fullname" . }}-environments
183         configMap:
184           name: {{ include "common.release" . }}-sdc-environments-configmap
185           defaultMode: 0755
186       - name: sdc-environments-output
187         emptyDir: { medium: "Memory" }
188       - name:  {{ include "common.fullname" . }}-logs
189         emptyDir: {}
190       - name:  {{ include "common.fullname" . }}-cert-storage
191         persistentVolumeClaim:
192           claimName: {{ include "common.fullname" . }}-cert
193       imagePullSecrets:
194       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).