apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
- -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
name: apiconfig
- mountPath: /config
name: apiconfig-processed
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["bash","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
-{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
- args: ["/opt/app/policy/api/etc/mounted/config.json"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: {{ .Values.readiness.api }}
port: {{ .Values.service.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
+ scheme: HTTP
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: apiconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: apiconfig-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff