+{{/*
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.release" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - aai-resources
- - --container-name
- - aai-traversal
- - --container-name
- - aai-graphadmin
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
+ - command: ["/bin/sh","-c"]
+ args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: copy-haproxy-config
+ resources:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 2m
+ memory: 100Mi
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy_rw
+ name: haproxy-etc
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
+ - mountPath: /usr/local/etc/haproxy
+ name: haproxy-etc
+ - mountPath: /usr/local/etc/haproxy/resolvers.conf
+ name: haproxy-config
+ subPath: resolvers.conf
readOnly: true
- - mountPath: /dev/log
- name: aai-service-log
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
{{ if .Values.global.installSidecarSecurity }}
subPath: haproxy-pluggable-security.cfg
{{ else }}
subPath: haproxy.cfg
{{ end }}
- name: haproxy-cfg
- - mountPath: /etc/ssl/private/aai.pem
- name: aai-pem
- subPath: aai.pem
+ name: haproxy-config
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - containerPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
readinessProbe:
- httpGet:
- path: /aai/util/echo
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- httpHeaders:
- - name: X-FromAppId
- value: OOM_ReadinessCheck
- {{ if .Values.global.installSidecarSecurity }}
- - name: Authorization
- value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
- {{ end }}
- - name: X-TransactionId
- value: OOM_ReadinessCheck_TID
- - name: Accept
- value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aai-service-log
- hostPath:
- path: "/dev/log"
- - name: haproxy-cfg
- configMap:
- name: aai-deployment-configmap
- - name: aai-pem
- secret:
- secretName: aai-haproxy-secret
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: haproxy-config
+ configMap:
+ name: aai-deployment-configmap
+ - name: haproxy-etc
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.haProxySizeLimit }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff