{{/* # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics # Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} strategy: type: RollingUpdate rollingUpdate: # This allow a new pod to be ready before terminating the old one # causing no downtime when replicas is set to 1 maxUnavailable: 0 # maxSurge to 1 is very important for the hazelcast integration # we only want one pod at a time to restart not multiple # and break the hazelcast cluster. We should not use % maxSurge value # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/ maxSurge: 1 template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - sh args: - -c - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${SDNC_DB_USERNAME},${SDNC_DB_PASSWORD}' <${PFILE} >/config/${PFILE}; done" env: - name: CDS_DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}} - name: CDS_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}} - name: SDNC_DB_USERNAME value: root - name: SDNC_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-db-root-pass" "key" "password") | indent 10}} volumeMounts: - mountPath: /config-input/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - mountPath: /config name: processed-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - command: - /app/ready.py args: - --container-name - cds-db env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: fix-permission command: - chown - -R - 1000:1000 - /opt/app/onap/blueprints/deploy image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: {{ .Values.persistence.deployedBlueprint }} name: {{ include "common.fullname" . }}-blueprints containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: APP_CONFIG_HOME value: {{ .Values.config.appConfigDir }} - name: CLUSTER_ENABLED value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} - name: CLUSTER_ID value: {{ .Values.cluster.clusterName }} - name: AAF_CREDSPATH value: {{ .Values.certInitializer.credsPath }} - name: CLUSTER_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name - name: CLUSTER_CONFIG_FILE value: {{ .Values.config.appConfigDir }}/hazelcast.yaml - name: CPS_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }} - name: CPS_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }} {{ if .Values.useStrimziKafka }} - name: JAAS_PASS value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }} {{ end }} ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} - containerPort: {{ .Values.service.cluster.internalPort }} startupProbe: httpGet: path: /api/v1/execution-service/health-check port: {{ .Values.service.http.internalPort }} httpHeaders: - name: Authorization value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} failureThreshold: {{ .Values.startup.failureThreshold }} periodSeconds: {{ .Values.startup.periodSeconds }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: httpGet: path: /api/v1/execution-service/health-check port: {{ .Values.service.http.internalPort }} httpHeaders: - name: Authorization value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: httpGet: path: /api/v1/execution-service/health-check port: {{ .Values.service.http.internalPort }} httpHeaders: - name: Authorization value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: {{ .Values.config.appConfigDir }}/application.properties name: processed-config subPath: application.properties - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties name: {{ include "common.fullname" . }}-config subPath: error-messages_en.properties - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml name: {{ include "common.fullname" . }}-config subPath: hazelcast.yaml - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer name: {{ include "common.fullname" . }}-config subPath: ONAP_RootCA.cer - mountPath: {{ .Values.persistence.deployedBlueprint }} name: {{ include "common.fullname" . }}-blueprints resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap items: - key: application.properties path: application.properties - key: error-messages_en.properties path: error-messages_en.properties - key: logback.xml path: logback.xml - key: hazelcast.yaml path: hazelcast.yaml - key: ONAP_RootCA.cer path: ONAP_RootCA.cer - name: {{ include "common.fullname" . }}-blueprints persistentVolumeClaim: claimName: {{ include "common.release" . }}-cds-blueprints - name: processed-config emptyDir: medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"