Merge "[DMAAP] DMaaP ServiceMesh compatibility"

[oom.git] / kubernetes / vid / templates / deployment.yaml

diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 5423feb..116a7cd 100644 (file)
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,25 +37,36 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - command:
         - /app/ready.py
         args:
         - --job-name
-        - {{ include "common.fullname" . }}-galera-config
+        - {{ include "common.fullname" . }}-mariadb-init-config-job
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+            export VID_TRUSTSTORE_PLAIN_PASSWORD=${VID_TRUSTSTORE_PASSWORD}
+            export VID_TRUSTSTORE_PASSWORD=`java -cp /usr/local/tomcat/webapps/vid/WEB-INF/lib/jetty-util-9.4.20.v20190813.jar org.eclipse.jetty.util.security.Password ${VID_TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+            /tmp/vid/localize.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -100,33 +112,37 @@ spec:
               value: "{{ .Values.config.roleaccesscentralized }}"
             - name: VID_CONTACT_US_LINK
               value: "{{ .Values.config.vidcontactuslink }}"
-            - name: VID_KEYSTORE_PASSWORD
-              value: {{ .Values.config.vidkeystorepassword | quote }}
             - name: VID_UEB_URL_LIST
               value: message-router.{{ include "common.namespace" . }}
             - name: VID_MYSQL_HOST
-              value: {{ index .Values "mariadb-galera" "service" "name" }}
+              value: {{  include "common.mariadbService" . }}
             - name: VID_MYSQL_PORT
-              value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+              value: "{{ include "common.mariadbPort" . }}"
             - name: VID_MYSQL_DBNAME
-              value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
+              value: {{ index .Values "mariadb-galera" "db" "name" }}
             - name: VID_MYSQL_USER
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
             - name: VID_MYSQL_PASS
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
             - name: VID_MYSQL_MAXCONNECTIONS
               value: "{{ .Values.config.vidmysqlmaxconnections }}"
-          volumeMounts:
-          - mountPath: /opt/app/vid/etc
-            name: vid-certs
+            {{- if .Values.global.aafEnabled }}
+            - name: VID_KEYSTORE_FILENAME
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks"
+            - name: VID_TRUSTSTORE_FILENAME
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks"
+            {{- end }}
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /var/log/onap
+          - mountPath: "{{ .Values.log.path }}"
             name: vid-logs
           - mountPath: /tmp/logback.xml
             name: vid-logback
             subPath: logback.xml
+          - mountPath: /opt/app/vid
+            name: vid-cache
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -138,30 +154,15 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       # side car containers
-        - name: filebeat-onap
-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          volumeMounts:
-          - mountPath: /usr/share/filebeat/filebeat.yml
-            name: filebeat-conf
-            subPath: filebeat.yml
-          - mountPath: /var/log/onap
-            name: vid-logs
-          - mountPath: /usr/share/filebeat/data
-            name: vid-data-filebeat
-      volumes:
-        - name: vid-certs
-          secret:
-            secretName: {{ include "common.fullname" . }}-certs
+        {{ include "common.log.sidecar" . | nindent 8 }}
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
-        - name: filebeat-conf
-          configMap:
-            name: {{ include "common.fullname" . }}-filebeat-configmap
-        - name: vid-logs
+        {{ include "common.log.volumes" . | nindent 8 }}
+        - name: vid-cache
           emptyDir: {}
-        - name: vid-data-filebeat
+        - name: vid-logs
           emptyDir: {}
         - name: vid-logback
           configMap: