{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: KEY_STORE_PASSWORD
+ value: NotUsed
- name: CONFIG_HOME
value: /opt/app/babel/config
- - name: KEY_STORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: KEY_STORE_PASSWORD
- - name: KEY_MANAGER_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: KEY_MANAGER_PASSWORD
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ - mountPath: /opt/app/babel/config/application.properties
+ name: config
+ subPath: application.properties
- mountPath: /opt/app/babel/config/artifact-generator.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: artifact-generator.properties
- mountPath: /opt/app/babel/config/tosca-mappings.json
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: tosca-mappings.json
- mountPath: /opt/app/babel/config/babel-auth.properties
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: babel-auth.properties
- mountPath: /opt/app/babel/config/auth
- name: {{ include "common.fullname" . }}-secrets
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ name: secrets
+ - mountPath: {{ .Values.log.path }}
+ name: logs
- mountPath: /opt/app/babel/config/logback.xml
- name: {{ include "common.fullname" . }}-config
+ name: config
subPath: logback.xml
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: aai-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
+ {{ include "common.log.sidecar" . | nindent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
+ - name: config
configMap:
name: {{ include "common.fullname" . }}-configmap
- items:
- - key: artifact-generator.properties
- path: artifact-generator.properties
- - key: tosca-mappings.json
- path: tosca-mappings.json
- - key: babel-auth.properties
- path: babel-auth.properties
- - key: logback.xml
- path: logback.xml
- - name: {{ include "common.fullname" . }}-secrets
+ - name: secrets
secret:
secretName: {{ include "common.fullname" . }}-babel-secrets
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- - name: aai-filebeat
- emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff