{{/* # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia # Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if .Values.global.msbEnabled }} {{ $values := .Values }} msb.onap.org/service-info: '[ {{- range $api_endpoint := $values.aai_enpoints -}} {{- range $api_version := $values.api_list }} { "serviceName": "_{{ $api_endpoint.name }}", "version": "v{{ $api_version }}", "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { "serviceName": "{{ $api_endpoint.name }}", "version": "v{{ $api_version }}", "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" }, {{- end }} {{- end }} ]' {{- end }} spec: hostname: aai-resources initContainers: - command: {{- if .Values.global.jobs.migration.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration {{- else }} {{- if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema {{- else }} - /app/ready.py args: - --container-name {{- if .Values.global.cassandra.localCluster }} - aai-cassandra {{- else }} - cassandra {{- end }} - --container-name - aai-schema-service {{- end }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: POST_JAVA_OPTS value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit' volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.onap.aai.props - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.osaaf.location.props - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: permissions.properties - mountPath: /opt/app/aai-resources/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.p12 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks name: aai-common-aai-auth-mount subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties {{- $global := . }} {{- range $job := .Values.global.config.auth.files }} - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} name: {{ include "common.fullname" $global }}-auth-truststore-sec subPath: {{ . }} {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} # side car containers - name: filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime - name: filebeat-conf configMap: name: aai-filebeat - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: secretName: {{ include "common.fullname" . }}-aaf-keys - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore items: {{- range $job := .Values.global.config.auth.files }} - key: {{ . }} path: {{ . }} {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"