{{/* # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange # Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} rollingUpdate: maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if .Values.global.msbEnabled }} {{ $values := .Values }} msb.onap.org/service-info: '[ {{- range $api_endpoint := $values.aai_enpoints -}} {{- range $api_version := $values.api_list }} { "serviceName": "_{{ $api_endpoint.name }}", "version": "v{{ $api_version }}", "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { "serviceName": "{{ $api_endpoint.name }}", "version": "v{{ $api_version }}", "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" }, {{- end }} {{- end }} { "serviceName": "_aai-named-query", "url": "/aai/search", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/search" }, { "serviceName": "aai-named-query", "url": "/aai/search", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" } ]' {{- end }} spec: hostname: aai-traversal terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: {{- if .Values.global.jobs.migration.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration {{- else }} {{- if .Values.global.jobs.createSchema.enabled }} - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema {{- else }} - --container-name {{- if .Values.global.cassandra.localCluster }} - aai-cassandra {{- else }} - cassandra {{- end }} - --container-name - aai-schema-service {{- end }} {{- end }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - -c - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) echo "*** actual launch of AAI Resources" /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh env: - name: TRUSTORE_ALL_PASSWORD value: {{ .Values.certInitializer.truststorePassword }} - name: DISABLE_UPDATE_QUERY value: {{ .Values.config.disableUpdateQuery | quote }} - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: INTERNAL_PORT_1 value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} - name: INTERNAL_PORT_3 value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ name: logs - mountPath: /opt/aai/logroot/AAI-GQ/misc name: {{ include "common.fullname" . }}-logs-misc - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv name: {{ include "common.fullname" . }}-aaf-certs subPath: bath_config.csv - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.onap.aai.props - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.osaaf.location.props - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: permissions.properties - mountPath: /opt/app/aai-traversal/resources/cadi.properties name: {{ include "common.fullname" . }}-aaf-properties subPath: cadi.properties - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. preStop: exec: command: - sh - -c - | while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) do sleep 10 done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: httpGet: path: /aai/util/echo?action=checkDB port: {{ .Values.service.internalPort }} scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }} httpHeaders: - name: X-FromAppId value: LivenessCheck - name: X-TransactionId value: LiveCheck_TID - name: Accept value: application/json initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: httpGet: path: /aai/util/echo?action=checkDB port: {{ .Values.service.internalPort }} scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }} httpHeaders: - name: X-FromAppId value: ReadinessCheck - name: X-TransactionId value: ReadinessCheck_TID - name: Accept value: application/json initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} # side car containers {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - name: logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: secretName: {{ include "common.fullname" . }}-aaf - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"