# Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: {{ if .Values.global.installSidecarSecurity }} hostAliases: - ip: {{ .Values.global.aaf.serverIp }} hostnames: - {{ .Values.global.aaf.serverHostname }} {{ end }} initContainers: - command: - /root/ready.py args: - --container-name - aai-cassandra env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{ if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: privileged: true {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CONFIG_HOME value: "/opt/app/champ-service/appconfig" - name: GRAPHIMPL value: "janus-deps" - name: KEY_STORE_PASSWORD valueFrom: secretKeyRef: name: {{ template "common.fullname" . }}-pass key: KEY_STORE_PASSWORD - name: KEY_MANAGER_PASSWORD valueFrom: secretKeyRef: name: {{ template "common.fullname" . }}-pass key: KEY_MANAGER_PASSWORD - name: SERVICE_BEANS value: "/opt/app/champ-service/dynamic/conf" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/champ-service/appconfig/champ-api.properties name: {{ include "common.fullname" . }}-config subPath: champ-api.properties - mountPath: /opt/app/champ-service/appconfig/auth name: {{ include "common.fullname" . }}-secrets - mountPath: /opt/app/champ-service/dynamic/conf/champ-beans.xml name: {{ include "common.fullname" . }}-dynamic-config subPath: champ-beans.xml - mountPath: /opt/app/champ-service/bundleconfig/etc/logback.xml name: {{ include "common.fullname" . }}-logback-config subPath: logback.xml - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} # side car containers - name: filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-filebeat {{ if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.rproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/rproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: spring_profiles_active value: {{ .Values.global.rproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/forward-proxy.properties subPath: forward-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/primary-service.properties subPath: primary-service.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/reverse-proxy.properties subPath: reverse-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/cadi.properties subPath: cadi.properties - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json #- name: {{ include "common.fullname" . }}-rproxy-auth-config # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks # subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile ports: - containerPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.global.fproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-fproxy-config mountPath: /opt/app/fproxy/config/fproxy.properties subPath: fproxy.properties - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-fproxy-auth-config mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-fproxy-auth-config mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: - containerPort: {{ .Values.global.fproxy.port }} {{ end }} volumes: - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} items: - key: champ-api.properties path: champ-api.properties - name: {{ include "common.fullname" . }}-secrets secret: secretName: {{ include "common.fullname" . }}-champ - name: {{ include "common.fullname" . }}-dynamic-config configMap: name: {{ include "common.fullname" . }}-dynamic items: - key: champ-beans.xml path: champ-beans.xml - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-logback-config configMap: name: {{ include "common.fullname" . }}-log-configmap items: - key: logback.xml path: logback.xml - name: filebeat-conf configMap: name: aai-filebeat - name: aai-filebeat emptyDir: {} {{ if .Values.global.installSidecarSecurity }} - name: {{ include "common.fullname" . }}-rproxy-config configMap: name: {{ include "common.fullname" . }}-rproxy-config - name: {{ include "common.fullname" . }}-rproxy-log-config configMap: name: {{ include "common.fullname" . }}-rproxy-log-config - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config - name: {{ include "common.fullname" . }}-rproxy-security-config secret: secretName: {{ include "common.fullname" . }}-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - name: {{ include "common.fullname" . }}-fproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-fproxy-auth-config {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"