{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
strategy:
type: RollingUpdate
rollingUpdate:
- # This allow a new pod to be ready before terminating the old one
+ # This allows a new pod to be ready before terminating the old one
# causing no downtime when replicas is set to 1
maxUnavailable: 0
-
# maxSurge to 1 is very important for the hazelcast integration
# we only want one pod at a time to restart not multiple
# and break the hazelcast cluster. We should not use % maxSurge value
# ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
maxSurge: 1
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
name: {{ include "common.name" . }}-update-config
- command:
- - /app/ready.py
- args:
- - --container-name
- - cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: fix-permission
- command:
- chown
- -R
- 1000:1000
volumeMounts:
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
+ name: fix-permission
+
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
fieldPath: metadata.name
- name: CLUSTER_CONFIG_FILE
value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ - name: CPS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }}
+ - name: SASL_JAAS_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: password
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
startupProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.startup.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
livenessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.liveness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
readinessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.readiness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
name: processed-config
subPath: application.properties
- mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
name: {{ include "common.fullname" . }}-config
subPath: hazelcast.yaml
-
- - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-config
- subPath: ONAP_RootCA.cer
-
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
path: logback.xml
- key: hazelcast.yaml
path: hazelcast.yaml
- - key: ONAP_RootCA.cer
- path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
- name: processed-config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff