# Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: {{ if .Values.global.installSidecarSecurity }} initContainers: - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: privileged: true {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: /opt/app/search-data-service/config/ - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: KEY_MANAGER_PASSWORD value: {{ .Values.config.keyManagerPassword }} volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/search-data-service/config/filter-config.json subPath: filter-config.json name: {{ include "common.fullname" . }}-service-config - mountPath: /opt/app/search-data-service/config/elastic-search.properties subPath: elastic-search.properties name: {{ include "common.fullname" . }}-service-config - mountPath: /opt/app/search-data-service/config/analysis-config.json subPath: analysis-config.json name: {{ include "common.fullname" . }}-service-config - mountPath: /opt/app/search-data-service/config/es-payload-translation.json subPath: es-payload-translation.json name: {{ include "common.fullname" . }}-service-config - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json subPath: dynamic-custom-template.json name: {{ include "common.fullname" . }}-service-config - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore subPath: tomcat_keystore name: {{ include "common.fullname" . }}-service-auth-config - mountPath: /opt/app/search-data-service/config/auth/search_policy.json subPath: search_policy.json name: {{ include "common.fullname" . }}-search-policy-config - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-service-logs - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml name: {{ include "common.fullname" . }}-service-log-conf subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} # side car containers - name: filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-service-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat {{ if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.rproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/rproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: spring_profiles_active value: {{ .Values.global.rproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/forward-proxy.properties subPath: forward-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/primary-service.properties subPath: primary-service.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/reverse-proxy.properties subPath: reverse-proxy.properties - name: {{ include "common.fullname" . }}-rproxy-config mountPath: /opt/app/rproxy/config/cadi.properties subPath: cadi.properties - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile ports: - containerPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.global.fproxy.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: TRUST_STORE_PASSWORD value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: - name: {{ include "common.fullname" . }}-fproxy-config mountPath: /opt/app/fproxy/config/fproxy.properties subPath: fproxy.properties - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/fproxy_truststore subPath: fproxy_truststore - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: - containerPort: {{ .Values.global.fproxy.port }} {{ end }} volumes: - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.fullname" . }}-service-config configMap: name: {{ include "common.fullname" . }} - name: {{ include "common.fullname" . }}-service-auth-config secret: secretName: {{ include "common.fullname" . }}-keystone - name: {{ include "common.fullname" . }}-search-policy-config secret: secretName: {{ include "common.fullname" . }}-policy - name: filebeat-conf configMap: name: aai-filebeat - name: {{ include "common.fullname" . }}-service-logs emptyDir: {} - name: {{ include "common.fullname" . }}-service-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log {{ if .Values.global.installSidecarSecurity }} - name: {{ include "common.fullname" . }}-rproxy-config configMap: name: {{ include "common.fullname" . }}-rproxy-config - name: {{ include "common.fullname" . }}-rproxy-log-config configMap: name: {{ include "common.fullname" . }}-rproxy-log-config - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config configMap: name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config - name: {{ include "common.fullname" . }}-rproxy-auth-certs secret: secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: secretName: aai-fproxy-auth-certs {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"