Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[SO] Remove so-secret component
[oom.git] / kubernetes / so / components / so-cnf-adapter / templates / deployment.yaml
1 {{/*
2 # Copyright © 2020 Huawei Technologies Co., Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #       http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 */}}
16
17 apiVersion: apps/v1
18 kind: Deployment
19 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
20 spec:
21   selector: {{- include "common.selectors" . | nindent 4 }}
22   replicas: {{ index .Values.replicaCount }}
23   minReadySeconds: {{ index .Values.minReadySeconds }}
24   strategy:
25     type: {{ index .Values.updateStrategy.type }}
26     rollingUpdate:
27       maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
28       maxSurge: {{ index .Values.updateStrategy.maxSurge }}
29   template:
30     metadata:
31       labels: {{- include "common.labels" . | nindent 8 }}
32     spec:
33       initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
34         - name: {{ include "common.name" . }}-encrypter
35           command:
36             - sh
37           args:
38             - -c
39             - |
40               java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
41           env:
42             - name: AAI_USERNAME
43               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
44             - name: AAI_PASSWORD
45               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
46             - name: MSO_KEY
47               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
48           image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }}
49           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
50           volumeMounts:
51             - name: encoder
52               mountPath: /output
53         - name: {{ include "common.name" . }}-readiness
54           command:
55             - /app/ready.py
56           args:
57             - --job-name
58             - {{ include "common.release" . }}-so-mariadb-config-job
59           env:
60             - name: NAMESPACE
61               valueFrom:
62                 fieldRef:
63                   apiVersion: v1
64                   fieldPath: metadata.namespace
65           image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
66           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
67       containers:
68         - name: {{ include "common.name" . }}
69           image: {{ include "common.repository" . }}/{{ .Values.image }}
70           command:
71             - sh
72           args:
73             - -c
74             - |
75               export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
76               export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
77               export AAI_AUTH=$(cat /input/.aai_creds)
78               {{- if .Values.global.aafEnabled }}
79               export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
80               export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
81               {{- if .Values.global.security.aaf.enabled }}
82               export KEYSTORE_PASSWORD="${cadi_keystore_password}"
83               {{- end }}
84               {{- end }}
85               ./start-app.sh
86           resources: {{ include "common.resources" . | nindent 12 }}
87           ports: {{- include "common.containerPorts" . | nindent 12  }}
88           env:
89             - name: AAF_USERNAME
90               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
91             - name: AAF_PASSWORD
92               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
93             - name: ACTUATOR_USERNAME
94               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
95             - name: ACTUATOR_PASSWORD
96               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
97             {{ include "so.certificates.env" . | indent 12 | trim }}
98           envFrom:
99             - configMapRef:
100                 name: {{ include "common.fullname" . }}-env
101           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
102           volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
103             - name: logs
104               mountPath: /app/logs
105             - name: config
106               mountPath: /app/config
107               readOnly: true
108             - name: encoder
109               mountPath: /input
110           livenessProbe:
111             httpGet:
112               path: {{ index .Values.livenessProbe.path}}
113               port: {{ index .Values.containerPort }}
114               scheme: {{ index .Values.livenessProbe.scheme}}
115             initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
116             periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
117             timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
118             successThreshold: {{ index .Values.livenessProbe.successThreshold}}
119             failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
120       volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
121         - name: logs
122           emptyDir: {}
123         - name: config
124           configMap:
125             name: {{ include "common.fullname" . }}
126         - name: encoder
127           emptyDir:
128             medium: Memory
129       imagePullSecrets:
130         - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).