Code Review / oom.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "[SO] Import various CAs in truststore"
[oom.git] / kubernetes / so / components / so-etsi-nfvo-ns-lcm / templates / deployment.yaml
1 # Copyright © 2020 Nordix Foundation
2 #
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
6 #
7 #       http://www.apache.org/licenses/LICENSE-2.0
8 #
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
14
15 apiVersion: apps/v1
16 kind: Deployment
17 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
18 spec:
19   selector: {{- include "common.selectors" . | nindent 4 }}
20   replicas: {{ index .Values.replicaCount }}
21   minReadySeconds: {{ index .Values.minReadySeconds }}
22   strategy:
23     type: {{ index .Values.updateStrategy.type }}
24     rollingUpdate:
25       maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
26       maxSurge: {{ index .Values.updateStrategy.maxSurge }}
27   template:
28     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
29     spec:
30       initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
31       containers:
32         - name: {{ include "common.name" . }}
33           command:
34             - sh
35           args:
36             - -c
37             - |
38               export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
39               {{- if .Values.global.aafEnabled }}
40               export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
41               export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
42               export TRUSTSTORE="file:/${TRUSTSTORE}"
43               {{- if .Values.global.security.aaf.enabled }}
44               export KEYSTORE_PASSWORD="${cadi_keystore_password}"
45               {{- end }}
46               {{- end }}
47               ./start-app.sh
48           image: {{ include "common.repository" . }}/{{ .Values.image }}
49           resources: {{ include "common.resources" . | nindent 12 }}
50           env:
51             - name: ETSI_NFVO_USERNAME
52               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
53             - name: ETSI_NFVO_PASSWORD_INPUT
54               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
55             - name: DB_HOST
56               valueFrom:
57                 secretKeyRef:
58                   name: {{ include "common.release" . }}-so-db-secrets
59                   key: mariadb.readwrite.host
60             - name: DB_PORT
61               valueFrom:
62                 secretKeyRef:
63                   name: {{ include "common.release" . }}-so-db-secrets
64                   key: mariadb.readwrite.port
65             - name: DB_USERNAME
66               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
67             - name: DB_PASSWORD
68               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
69             - name: DB_ADMIN_USERNAME
70               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
71             - name: DB_ADMIN_PASSWORD
72               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
73             {{ include "so.certificates.env" . | indent 12 | trim }}
74           envFrom:
75             - configMapRef:
76                 name: {{ include "common.fullname" . }}-configmap
77           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
78           volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
79             - name: logs
80               mountPath: /app/logs
81             - name: config
82               mountPath: /app/config
83               readOnly: true
84             - name: {{ include "common.fullname" . }}-truststore
85               mountPath: /app/client
86               readOnly: true
87           livenessProbe:
88             tcpSocket:
89               port: {{ index .Values.livenessProbe.port }}
90             initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
91             periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
92             successThreshold: {{ index .Values.livenessProbe.successThreshold}}
93             failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
94           ports: {{ include "common.containerPorts" . | nindent 12  }}
95       volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
96         - name: logs
97           emptyDir: {}
98         - name: config
99           configMap:
100             name: {{ include "common.fullname" . }}-app-configmap
101         - name: {{ include "common.fullname" . }}-truststore
102           secret:
103             secretName: {{ include "common.release" . }}-so-truststore-secret
104       imagePullSecrets:
105         - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).