[DCAE] Updates to defaults for configmap

[oom.git] / kubernetes / dcaegen2-services / common / dcaegen2-services-common / templates / _deployment.tpl

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 5de5262..ffff46f 100644 (file)
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -79,7 +79,7 @@ to give the microservice access to data in volumes created else.
 This initial implementation supports ConfigMaps only, as this is the only
 external volume mounting required by current microservices.
 
-.Values.externalValues is a list of objects.  Each object has 3 required fields and 1 optional field:
+.Values.externalVolumes is a list of objects.  Each object has 3 required fields and 2 optional fields:
    - name: the name of the resource (in the current implementation, it must be a ConfigMap)
      that is to be set up as a volume.  The value is a case sensitive string.  Because the
      names of resources are sometimes set at deployment time (for instance, to prefix the Helm
@@ -91,6 +91,11 @@ external volume mounting required by current microservices.
      value is a case-sensitive string.
    - readOnly: (Optional) Boolean flag.  Set to true to mount the volume as read-only.
      Defaults to false.
+   - optional: (Optional) Boolean flag.  Set to true to make the configMap optional (i.e., to allow the
+     microservice's pod to start even if the configMap doesn't exist).  If set to false, the configMap must
+     be present in order for the microservice's pod to start. Defaults to true.  (Note that this
+     default is the opposite of the Kubernetes default.  We've done this to be consistent with the behavior
+     of the DCAE Cloudify plugin for Kubernetes [k8splugin], which always set "optional" to true.)
 
 Here is an example fragment from a values.yaml file for a microservice:
 
@@ -101,16 +106,19 @@ externalVolumes:
   - name: '{{ include "common.release" . }}-another-example'
     type: configmap
     mountPath: /opt/app/otherconfig
+    optional: false
 */}}
 {{- define "dcaegen2-services-common._externalVolumes" -}}
   {{- $global := . -}}
   {{- if .Values.externalVolumes }}
     {{- range $vol := .Values.externalVolumes }}
       {{- if eq (lower $vol.type) "configmap" }}
-        {{- $vname := (tpl $vol.name $global) }}
+        {{- $vname := (tpl $vol.name $global) -}}
+        {{- $opt := hasKey $vol "optional" | ternary $vol.optional true }}
 - configMap:
     defaultMode: 420
     name: {{ $vname }}
+    optional: {{ $opt }}
   name: {{ $vname }}
       {{- end }}
     {{- end }}
@@ -274,6 +282,10 @@ spec:
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
         env:
+        {{- range $cred := .Values.credentials }}
+        - name: {{ $cred.name }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
+        {{- end }}
         {{- if $certDir }}
         - name: DCAE_CA_CERTPATH
           value: {{ $certDir }}/cacert.pem
@@ -317,6 +329,8 @@ spec:
         volumeMounts:
         - mountPath: /app-config
           name: app-config
+        - mountPath: /app-config-input
+          name: app-config-input
         {{- if $logDir }}
         - mountPath: {{ $logDir}}
           name: component-log
@@ -324,7 +338,7 @@ spec:
         {{- if $certDir }}
         - mountPath: {{ $certDir }}
           name: tls-info
-          {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+          {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
           {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}}
           {{- end -}}
         {{- end }}
@@ -422,7 +436,7 @@ spec:
       {{- if $certDir }}
       - emptyDir: {}
         name: tls-info
-        {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+        {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
         {{ include "common.certManager.volumesReadOnly" . | nindent 6 }}
         {{- end }}
       {{- end }}
@@ -443,7 +457,7 @@ spec:
 */}}
 {{- define "dcaegen2-services-common._certPostProcessor" -}}
   {{- $certDir := default "" .Values.certDirectory . -}}
-  {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+  {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
     {{- $cmpv2Certificate := (index .Values.certificates 0) -}}
     {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}}
     {{- $certType := "pem" -}}
@@ -480,3 +494,16 @@ spec:
       value: {{ $keystoreDestinationPaths | quote }}
   {{- end }}
 {{- end -}}
+
+{{/*
+  Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements)
+  when they shouldn't. Example use:
+    {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
+
+*/}}
+{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
+  {{- $certDir := default "" .Values.certDirectory . -}}
+  {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
+  true
+  {{- end -}}
+{{- end -}}