certInitializer:
nameOverride: cert-initializer
createCertsCM: true
+ serviceAccount:
+ nameOverride: cert-initializer
\ No newline at end of file
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }}
- name: ingress-scripts
mountPath: /ingress
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- name: localtime
hostPath:
# We had to move this CM to a separate chart to reduce the total size of our charts
# as it exceeds the default helm limits.
certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: certinitializer
+ roles:
+ - read
\ No newline at end of file
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: certInitializer
- version: ~13.x-0
- repository: 'file://../certInitializer'
- name: repositoryGenerator
version: ~13.x-0
repository: 'file://../repositoryGenerator'
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
server-block.conf: |-
-{{ if .Values.global.aafEnabled }}
-{{ .Values.nginx.serverBlock.https | indent 4 }}
-{{ else }}
{{ .Values.nginx.serverBlock.http | indent 4 }}
-
-
-{{ end }}
{{- end -}}
securityContext:
privileged: true
{{- end }}
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
nodePortPrefix: 302
clusterName: cluster.local
## Provide functionality to use RBAC
##
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: elasticsearch-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "elastic"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.elastic"
- fqi: "elastic@elastic.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd {{ .Values.credsPath }};
- mkdir -p certs;
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
- openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
- cp {{ .Values.fqi_namespace }}.key certs/key.pem;
- chmod -R 755 certs;
-
#################################################################
# subcharts configuration defaults.
#################################################################
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: etcd-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 20Mi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: mariadb-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
- name: mariadb-init\r
version: ~13.x-0\r
repository: 'file://../mariadb-init'\r
- condition: global.mariadbGalera.globalCluster
\ No newline at end of file
+ condition: global.mariadbGalera.globalCluster\r
+ - name: serviceAccount\r
+ version: ~13.x-0\r
+ repository: '@local'
\ No newline at end of file
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nengdb-init
+ serviceAccount:
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
repository: 'file://../common'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: postgres-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-update-config'
\ No newline at end of file
pgDatabase: cpsdb
pgDataPath: data
pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-postgres-init
# pgPrimaryPassword: password
# pgUserPassword: password
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: dmaap-dr-mariadb-init
+ serviceAccount:
+ nameOverride: dmaap-dr-mariadb-init
# Resource Limit flavor -By Default using small
flavor: small
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
# pgPrimaryPassword: password
# pgUserPassword: password
# pgRootPassword: password
+ serviceAccount:
+ nameOverride: holmes-postgres-init
holmes-engine-mgmt:
config:
- {{ index .Values "mariadb-galera" "nameOverride" }}
{{- else }}
- --job-name
- - {{ include "common.release" . }}-{{ include "common.name" . }}-config-job
+ - {{ include "common.release" . }}-etsicatalog-db-config-job
{{- end }}
env:
- name: NAMESPACE
userCredentialsExternalSecret: *dbSecretName
mysqlDatabase: *mysqlDbName
# nameOverride should be the same with common.name
- nameOverride: modeling-etsicatalog
+ nameOverride: etsicatalog-db
+ serviceAccount:
+ nameOverride: etsicatalog-db
#################################################################
# Application configuration defaults.
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
+
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-eag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-eag
- fqi: msb-eag@msb-eag.onap.org
- fqi_namespace: org.onap.msb-eag
- public_fqdn: msb-eag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
service:
type: NodePort
name: msb-eag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-eag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '84'
service:
- baseaddr: "msb-eag-ui"
name: "msb-eag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-iag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-iag
- fqi: msb-iag@msb-iag.onap.org
- fqi_namespace: org.onap.msb-iag
- public_fqdn: msb-iag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
service:
type: NodePort
name: msb-iag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-iag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '83'
service:
- baseaddr: "msb-iag-ui"
name: "msb-iag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nbi-config
+ serviceAccount:
+ nameOverride: nbi-config
mongo:
nameOverride: nbi-mongo
keyPrefix: conductor
flavor: *etcd-flavor
resources: *etcd-resources
+ serviceAccount:
+ nameOverride: *job-name
# Python doesn't support well dollar sign in password
passwordStrengthOverride: basic
cpu: 200m
memory: 200Mi
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
cpu: 200m
memory: 200Mi
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}}
resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-cqlshrc
configMap:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
# dependency / sub-chart configuration
network-name-gen:
enabled: true
+ serviceAccount:
+ nameOverride: sdnc-name-gen
mariadb-galera: &mariadbGalera
nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap:
cpu: 2
memory: 1Gi
unlimited: {}
+
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap: