summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai/templates')
-rw-r--r--kubernetes/aai/templates/configmap.yaml103
-rw-r--r--kubernetes/aai/templates/deployment.yaml134
-rw-r--r--kubernetes/aai/templates/ingress.yaml1
-rw-r--r--kubernetes/aai/templates/secret.yaml36
-rw-r--r--kubernetes/aai/templates/service.yaml40
5 files changed, 314 insertions, 0 deletions
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
new file mode 100644
index 0000000000..c9cfbefbbe
--- /dev/null
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -0,0 +1,103 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# this is a shared resource for subcharts
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: aai-filebeat
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: aai-deployment-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-haproxy-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }}
+# This is a shared key for both resources and traversal
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-auth-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-fproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
new file mode 100644
index 0000000000..a28d83332a
--- /dev/null
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -0,0 +1,134 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.release" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - aai-resources
+ - --container-name
+ - aai-traversal
+ - --container-name
+ - aai-graphadmin
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /dev/log
+ name: aai-service-log
+ - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ {{ if .Values.global.installSidecarSecurity }}
+ subPath: haproxy-pluggable-security.cfg
+ {{ else }}
+ subPath: haproxy.cfg
+ {{ end }}
+ name: haproxy-cfg
+ - mountPath: /etc/ssl/private/aai.pem
+ name: aai-pem
+ subPath: aai.pem
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ path: /aai/util/echo
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
+ httpHeaders:
+ - name: X-FromAppId
+ value: OOM_ReadinessCheck
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: Authorization
+ value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ {{ end }}
+ - name: X-TransactionId
+ value: OOM_ReadinessCheck_TID
+ - name: Accept
+ value: application/json
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aai-service-log
+ hostPath:
+ path: "/dev/log"
+ - name: haproxy-cfg
+ configMap:
+ name: aai-deployment-configmap
+ - name: aai-pem
+ secret:
+ secretName: aai-haproxy-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/ingress.yaml b/kubernetes/aai/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/aai/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
new file mode 100644
index 0000000000..dd8be62aad
--- /dev/null
+++ b/kubernetes/aai/templates/secret.yaml
@@ -0,0 +1,36 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-aai-auth
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-truststore
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
new file mode 100644
index 0000000000..5ee966811c
--- /dev/null
+++ b/kubernetes/aai/templates/service.yaml
@@ -0,0 +1,40 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ type: {{ .Values.service.type }}
+ selector:
+ app: {{ include "common.name" . }}
+ clusterIP: {{ .Values.service.aaiServiceClusterIp }}