+{{/*
# Copyright (c) 2017-2018 AT&T
# Modifications Copyright (c) 2018 Amdocs, Bell Canada
-# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ if .Values.global.jobs.updateQueryData.enabled }}
metadata:
name: {{ include "common.fullname" . }}-update-query-data
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
{{ if .Values.global.jobs.migration.enabled }}
- annotations:
- "helm.sh/hook": post-upgrade,post-rollback,post-install
- "helm.sh/hook-weight": "2"
- "helm.sh/hook-delete-policy": before-hook-creation
+ {{- if .Values.jobAnnotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }}
+ {{- end }}
{{ end }}
spec:
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - aai
- {{ if eq .Values.global.aafEnabled true }}
- - --container-name
- - aaf-locate
- {{ end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }}
+ - name: {{ include "common.name" . }}-wait-for-aai-haproxy
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ command:
+ - sh
+ - "-c"
+ - |
+ set -x;
+
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do
+ echo "Retrying to reach aai on port 80";
+ sleep 1;
+ done;
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - bash
+ - sh
- "-c"
- |
- set -x
- if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
- env:
- - name: LOCAL_USER_ID
- value: {{ .Values.global.config.userId | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.global.config.groupId | quote }}
- resources:
-{{ include "common.resources" . }}
+ set -x;
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ];
+ then mkdir -p /opt/aai/logroot/AAI-GQ/misc;
+ fi
+
+ sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ;
+
+ {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
name: {{ include "common.fullname" . }}-config
subPath: janusgraph-realtime.properties
- - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
- name: {{ include "common.fullname" . }}-config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/app/aai-traversal/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
- - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
- name: {{ include "common.fullname" . }}-config
- subPath: localhost-access-logback.xml
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
- {{ $global := . }}
- {{ range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{ end }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
- name: {{ include "common.fullname" . }}-logs-misc
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logmiscSizeLimit }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{ range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{ end }}
+ name: {{ include "common.fullname" . }}
restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
Code Review / oom.git / blobdiff