summaryrefslogtreecommitdiffstats
path: root/docker-compose.yml
blob: 8aa72a551aadd788cc519d9148ca566188dd90ef (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

version: "2.1"

services:
  ejbca:
    image: primekey/ejbca-ce:6.15.2.5
    hostname: cahostname
    container_name: aafcert-ejbca
    ports:
      - "80:8080"
      - "443:8443"
    volumes:
      - ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
    healthcheck:
      test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
      interval: 10s
      timeout: 3s
      retries: 15
    networks:
      - certservice

  aaf-cert-service:
    image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest
    volumes:
      - ./compose-resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
      - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
      - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
      - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
      - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
    container_name: aafcert-service
    ports:
      - "8443:8443"
    depends_on:
      ejbca:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
      interval: 10s
      timeout: 3s
      retries: 15
    networks:
      - certservice


networks:
  certservice:
    driver: bridge
g.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  serviceName: {{ include "common.servicename" . }}-cluster
  replicas: {{ .Values.replicaCount }}
  podManagementPolicy: Parallel
  template:
    metadata:
      labels:
        app: {{ include "common.name" . }}
        release: {{ .Release.Name }}
    spec:
      initContainers:
      - command:
        - /root/ready.py
        args:
        - --container-name
        - {{ .Values.config.mariadbGalera.chartName }}
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: {{ include "common.name" . }}-readiness   
      - name: {{ include "common.name" . }}-chown
        image: "busybox"
        command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
        volumeMounts:
          - mountPath: {{ .Values.persistence.mdsalPath }}
            name: {{ include "common.fullname" . }}-mdsal
          - mountPath: {{ .Values.certpersistence.certPath }}
            name: {{ include "common.fullname" . }}-certs
      containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command: ["/bin/bash"]
          args: ["-c", "/opt/sdnc/bin/startODL.sh"]
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: {{ .Values.service.internalPort2 }}
          - containerPort: {{ .Values.service.internalPort3 }}
          - containerPort: {{ .Values.service.clusterPort }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "common.fullname" . }}
                  key: db-root-password
            - name: ODL_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "common.fullname" . }}-odl
                  key: odl-password
            - name: SDNC_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "common.fullname" . }}-sdnctl
                  key: db-sdnctl-password
            - name: SDNC_CONFIG_DIR
              value: "{{ .Values.config.configDir }}"
            - name: ENABLE_ODL_CLUSTER
              value: "{{ .Values.config.enableClustering }}"
            - name: MY_ODL_CLUSTER
              value: "{{ .Values.config.myODLCluster }}"
            - name: PEER_ODL_CLUSTER
              value: "{{ .Values.config.peerODLCluster }}"
            - name: IS_PRIMARY_CLUSTER
              value: "{{ .Values.config.isPrimaryCluster }}"
            - name: GEO_ENABLED
              value: "{{ .Values.config.geoEnabled}}"
            - name: SDNC_REPLICAS
              value: "{{ .Values.replicaCount }}"
            - name: MYSQL_HOST
              value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
            - name: JAVA_HOME
              value: "{{ .Values.config.javaHome}}"
          volumeMounts:
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
            name: sdnc-logging-cfg-config
            subPath: org.ops4j.pax.logging.cfg
          - mountPath: {{ .Values.config.binDir }}/startODL.sh
            name: bin
            subPath: startODL.sh
          - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
            name: bin
            subPath: installSdncDb.sh
          - mountPath: {{ .Values.config.configDir }}/aaiclient.properties
            name: properties
            subPath: aaiclient.properties
          - mountPath: {{ .Values.config.configDir }}/dblib.properties
            name: properties
            subPath: dblib.properties
          - mountPath: {{ .Values.config.configDir }}/lcm-dg.properties
            name: properties
            subPath: lcm-dg.properties
          - mountPath: {{ .Values.config.configDir }}/svclogic.properties
            name: properties
            subPath: svclogic.properties
          - mountPath: /opt/onap/sdnc/svclogic/config/svclogic.properties
            name: properties
            subPath: svclogic.properties
          - mountPath: {{ .Values.config.configDir }}/netbox.properties
            name: properties
            subPath: netbox.properties
          - mountPath: {{ .Values.config.configDir }}/blueprints-processor-adaptor.properties
            name: properties
            subPath: blueprints-processor-adaptor.properties
          - mountPath: {{ .Values.persistence.mdsalPath }}
            name: {{ include "common.fullname" . }}-mdsal
          - mountPath: /var/log/onap
            name: logs
          - mountPath: {{ .Values.certpersistence.certPath }}
            name: {{ include "common.fullname" . }}-certs
          - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
            name: properties
            subPath: akka.conf
          - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.controller.cluster.datastore.cfg
            name: properties
            subPath: org.opendaylight.controller.cluster.datastore.cfg
          - mountPath: {{ .Values.config.odl.binDir }}/setenv
            name: properties
            subPath: setenv
          resources:
{{ include "common.resources" . | indent 12 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}

        # side car containers
        - name: filebeat-onap
          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          volumeMounts:
          - mountPath: /usr/share/filebeat/filebeat.yml
            name: filebeat-conf
            subPath: filebeat.yml
          - mountPath: /var/log/onap
            name: logs
          - mountPath: /usr/share/filebeat/data
            name: data-filebeat
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"
      volumes:
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: logs
          emptyDir: {}
        - name: data-filebeat
          emptyDir: {}
        - name: filebeat-conf
          configMap:
            name: {{ include "common.fullname" . }}-filebeat-configmap
        - name: sdnc-logging-cfg-config
          configMap:
            name: {{ include "common.fullname" . }}-log-configmap
        - name: bin
          configMap:
            name: {{ include "common.fullname" . }}-bin
            defaultMode: 0755
        - name: properties
          configMap:
            name: {{ include "common.fullname" . }}-properties
            defaultMode: 0644
        - name: {{ include "common.fullname" . }}-certs
  {{ if .Values.certpersistence.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "common.fullname" . }}-pvc-certs
  {{ else }}
          emptyDir: {}
  {{ end }}
  {{ if not .Values.persistence.enabled }}
        - name: {{ include "common.fullname" . }}-mdsal
          emptyDir: {}
  {{ else }}
  volumeClaimTemplates:
  - metadata:
      name: {{ include "common.fullname" . }}-mdsal
      labels:
        name: {{ include "common.fullname" . }}
    spec:
      accessModes: [ {{ .Values.persistence.accessMode }} ]
      storageClassName: {{ include "common.fullname" . }}-mdsal
      resources:
        requests:
          storage: {{ .Values.persistence.size }}
      selector:
        matchLabels:
          name: {{ include "common.fullname" . }}
  {{ end }}