Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run SDC pods as non-root
[oom.git] / kubernetes / sdc / charts / sdc-fe / templates / deployment.yaml
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 6d94c92..8e19489 100644 (file)
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -21,7 +21,7 @@ metadata:
   labels:
     app: {{ include "common.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
+    release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.replicaCount }}
@@ -29,23 +29,9 @@ spec:
     metadata:
       labels:
         app: {{ include "common.name" . }}
-        release: {{ .Release.Name }}
+        release: {{ include "common.release" . }}
     spec:
       initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /root/ready.py
-        args:
-        - --container-name
-        - "sdc-kb"
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-job-completion
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -53,7 +39,7 @@ spec:
         - /root/job_complete.py
         args:
         - --job-name
-        - {{ .Release.Name }}-sdc-be-config-backend
+        - {{ include "common.release" . }}-sdc-be-config-backend
         env:
         - name: NAMESPACE
           valueFrom:
@@ -70,15 +56,19 @@ spec:
           {{ if eq .Values.liveness.enabled true }}
           livenessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ .Values.service.internalPort2 }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ .Values.service.internalPort2 }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+          resources:
+{{ include "common.resources" . | indent 12 }}
           env:
           - name: ENVNAME
             value: {{ .Values.global.env.name }}
@@ -90,12 +80,15 @@ spec:
             value: {{ .Values.config.javaOptions }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-environments
-            mountPath: /root/chef-solo/environments/
+            mountPath: /var/lib/jetty/chef-solo/environments/
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
           - name: {{ include "common.fullname" . }}-logs
             mountPath: /var/log/onap
+          - name: {{ include "common.fullname" . }}-configs
+            mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml
+            subPath: plugins-configuration.yaml
           - name: {{ include "common.fullname" . }}-logback
             mountPath: /tmp/logback.xml
             subPath: logback.xml
@@ -103,17 +96,6 @@ spec:
             postStart:
               exec:
                 command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
-
         # side car containers
         - name: {{ include "common.name" . }}-filebeat-onap
           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
@@ -132,15 +114,19 @@ spec:
             path: /etc/localtime
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
-            name: {{ .Release.Name }}-sdc-filebeat-configmap
+            name: {{ include "common.release" . }}-sdc-filebeat-configmap
         - name: {{ include "common.fullname" . }}-data-filebeat
           emptyDir: {}
+        - name: {{ include "common.fullname" . }}-configs
+          configMap:
+            name : {{ include "common.fullname" . }}-plugins-configmap
+            defaultMode: 0777
         - name: {{ include "common.fullname" . }}-logback
           configMap:
             name : {{ include "common.fullname" . }}-logging-configmap
         - name: {{ include "common.fullname" . }}-environments
           configMap:
-            name: {{ .Release.Name }}-sdc-environments-configmap
+            name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
         - name:  {{ include "common.fullname" . }}-logs
           emptyDir: {}
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).