# Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: {{ if .Values.global.installSidecarSecurity }} hostAliases: - ip: {{ .Values.global.aaf.serverIp }} hostnames: - {{ .Values.global.aaf.serverHostname }} initContainers: - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: privileged: true {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CONFIG_HOME value: /opt/app/babel/config - name: KEY_STORE_PASSWORD valueFrom: secretKeyRef: name: {{ template "common.fullname" . }}-pass key: KEY_STORE_PASSWORD - name: KEY_MANAGER_PASSWORD valueFrom: secretKeyRef: name: {{ template "common.fullname" . }}-pass key: KEY_MANAGER_PASSWORD volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/babel/config/artifact-generator.properties name: {{ include "common.fullname" . }}-config subPath: artifact-generator.properties - mountPath: /opt/app/babel/config/tosca-mappings.json name: {{ include "common.fullname" . }}-config subPath: tosca-mappings.json - mountPath: /opt/app/babel/config/babel-auth.properties name: {{ include "common.fullname" . }}-config subPath: babel-auth.properties - mountPath: /opt/app/babel/config/auth name: {{ include "common.fullname" . }}-secrets - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/babel/config/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} # side car containers - name: filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-filebeat {{ if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.rproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/rproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: spring_profiles_active value: {{ .Values.global.rproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/forward-proxy.properties subPath: forward-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/primary-service.properties subPath: primary-service.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/reverse-proxy.properties subPath: reverse-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/cadi.properties subPath: cadi.properties - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile ports: - containerPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.global.fproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-fproxy-config mountPath: /opt/app/fproxy/config/fproxy.properties subPath: fproxy.properties - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-fproxy-auth-config mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-fproxy-auth-config mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: - containerPort: {{ .Values.global.fproxy.port }} {{ end }} volumes: - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap items: - key: artifact-generator.properties path: artifact-generator.properties - key: tosca-mappings.json path: tosca-mappings.json - key: babel-auth.properties path: babel-auth.properties - key: logback.xml path: logback.xml - name: {{ include "common.fullname" . }}-secrets secret: secretName: {{ include "common.fullname" . }}-babel-secrets - name: filebeat-conf configMap: name: aai-filebeat - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: aai-filebeat emptyDir: {} {{ if .Values.global.installSidecarSecurity }} - name: {{ include "common.fullname" . }}-rproxy-config configMap: name: {{ include "common.fullname" . }}-rproxy-config - name: {{ include "common.fullname" . }}-rproxy-log-config configMap: name: {{ include "common.fullname" . }}-rproxy-log-config - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config configMap: name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config - name: {{ include "common.fullname" . }}-rproxy-security-config secret: secretName: {{ include "common.fullname" . }}-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - name: {{ include "common.fullname" . }}-fproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-fproxy-auth-config {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"