index : oom	2.0.0-ONAP amsterdam beijing casablanca casdev code-transfer dublin elalto frankfurt guilin honolulu istanbul jakarta kohn london master montreal newdelhi oslo release-1.0.0 staging
	Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).	Grokmirror user

aboutsummaryrefslogtreecommitdiffstats

log msg author committer range

path: root/kubernetes/aai/charts/aai-champ/templates/deployment.yaml

blob: 537763a6db446e4c8a9c9657b3b6de62bcb5a00f (plain)

13< # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. dependencies: - name: common version: ~3.0.0 repository: '@local'

© 2017 ONAP a Linux Foundation Collaborative Project. All Rights Reserved.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our privacy policy and terms of use

# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ include "common.name" . }}
        release: {{ .Release.Name }}
    spec:
      initContainers:
        - command:
          - /root/ready.py
          args:
          - --container-name
          - aai-cassandra
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
    {{ if .Values.global.installSidecarSecurity }}
        - name: {{ .Values.global.tproxyConfig.name }}
          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          securityContext:
            privileged: true
    {{ end }}
      containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          # disable liveness probe when breakpoints set in debugger
          # so K8s doesn't restart unresponsive container
          {{ if .Values.liveness.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.liveness.periodSeconds }}
          {{ end }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          env:
            - name: CONFIG_HOME
              value: "/opt/app/champ-service/appconfig"
            - name: GRAPHIMPL
              value: "janus-deps"
            - name: KEY_STORE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "common.fullname" . }}-pass
                  key: KEY_STORE_PASSWORD
            - name: KEY_MANAGER_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ template "common.fullname" . }}-pass
                  key: KEY_MANAGER_PASSWORD
            - name: SERVICE_BEANS
              value: "/opt/app/champ-service/dynamic/conf"
          volumeMounts:
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /opt/app/champ-service/appconfig/champ-api.properties
            name: {{ include "common.fullname" . }}-config
            subPath: champ-api.properties
          - mountPath: /opt/app/champ-service/appconfig/auth
            name: {{ include "common.fullname" . }}-secrets
          - mountPath: /opt/app/champ-service/dynamic/conf/champ-beans.xml
            name: {{ include "common.fullname" . }}-dynamic-config
            subPath: champ-beans.xml
          - mountPath: /opt/app/champ-service/bundleconfig/etc/logback.xml
            name: {{ include "common.fullname" . }}-logback-config
            subPath: logback.xml
          - mountPath: /var/log/onap
            name: {{ include "common.fullname" . }}-logs
          resources:
{{ include "common.resources" . | indent 12 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}

        # side car containers
        - name: filebeat-onap
          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          volumeMounts:
          - mountPath: /usr/share/filebeat/filebeat.yml
            subPath: filebeat.yml
            name: filebeat-conf
          - mountPath: /var/log/onap
            name: {{ include "common.fullname" . }}-logs
          - mountPath: /usr/share/filebeat/data
            name: aai-filebeat
    {{ if .Values.global.installSidecarSecurity }}
        - name: {{ .Values.global.rproxy.name }}
          image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          env:
          - name: CONFIG_HOME
            value: "/opt/app/rproxy/config"
          - name: KEY_STORE_PASSWORD
            value: {{ .Values.config.keyStorePassword }} 
          - name: spring_profiles_active
            value: {{ .Values.global.rproxy.activeSpringProfiles }}
          volumeMounts:
          - name: {{ include "common.fullname" . }}-rproxy-config
            mountPath: /opt/app/rproxy/config/forward-proxy.properties
            subPath: forward-proxy.properties
          - name: {{ include "common.fullname" . }}-rproxy-config
            mountPath: /opt/app/rproxy/config/primary-service.properties
            subPath: primary-service.properties
          - name: {{ include "common.fullname" . }}-rproxy-config
            mountPath: /opt/app/rproxy/config/reverse-proxy.properties
            subPath: reverse-proxy.properties
          - name: {{ include "common.fullname" . }}-rproxy-config
            mountPath: /opt/app/rproxy/config/cadi.properties
            subPath: cadi.properties
          - name: {{ include "common.fullname" . }}-rproxy-log-config
            mountPath: /opt/app/rproxy/config/logback-spring.xml
            subPath: logback-spring.xml
          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
            mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
            subPath: tomcat_keystore
          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
            mountPath: /opt/app/rproxy/config/auth/client-cert.p12
            subPath: client-cert.p12
          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
            mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
            subPath: org.onap.aai.p12
          - name: {{ include "common.fullname" . }}-rproxy-auth-config
            mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
            subPath: uri-authorization.json
          - name: {{ include "common.fullname" . }}-rproxy-security-config
            mountPath: /opt/app/rproxy/config/security/keyfile
            subPath: keyfile

          ports:
          - containerPort: {{ .Values.global.rproxy.port }}

        - name: {{ .Values.global.fproxy.name }}
          image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          env:
          - name: CONFIG_HOME
            value: "/opt/app/fproxy/config"
          - name: KEY_STORE_PASSWORD
            value: {{ .Values.config.keyStorePassword }}
          - name: TRUST_STORE_PASSWORD
            value: {{ .Values.config.trustStorePassword }}
          - name: spring_profiles_active
            value: {{ .Values.global.fproxy.activeSpringProfiles }}
          volumeMounts:
          - name: {{ include "common.fullname" . }}-fproxy-config
            mountPath: /opt/app/fproxy/config/fproxy.properties
            subPath: fproxy.properties
          - name: {{ include "common.fullname" . }}-fproxy-log-config
            mountPath: /opt/app/fproxy/config/logback-spring.xml
            subPath: logback-spring.xml
          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
            mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
            subPath: tomcat_keystore
          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
            mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
            subPath: fproxy_truststore
          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
            mountPath: /opt/app/fproxy/config/auth/client-cert.p12
            subPath: client-cert.p12
          ports:
          - containerPort: {{ .Values.global.fproxy.port }}
    {{ end }}      

      volumes:
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: {{ include "common.fullname" . }}-config
          configMap:
            name: {{ include "common.fullname" . }}
            items:
            - key: champ-api.properties
              path: champ-api.properties
        - name: {{ include "common.fullname" . }}-secrets
          secret:
            secretName: {{ include "common.fullname" . }}-champ
        - name: {{ include "common.fullname" . }}-dynamic-config
          configMap:
            name: {{ include "common.fullname" . }}-dynamic
            items:
            - key: champ-beans.xml
              path: champ-beans.xml
        - name: {{ include "common.fullname" . }}-logs
          emptyDir: {}
        - name: {{ include "common.fullname" . }}-logback-config
          configMap:
            name: {{ include "common.fullname" . }}-log-configmap
            items:
            - key: logback.xml
              path: logback.xml
        - name: filebeat-conf
          configMap:
            name: aai-filebeat
        - name: aai-filebeat
          emptyDir: {}
    {{ if .Values.global.installSidecarSecurity }}
        - name: {{ include "common.fullname" . }}-rproxy-config
          configMap:
            name: {{ include "common.fullname" . }}-rproxy-config
        - name: {{ include "common.fullname" . }}-rproxy-log-config
          configMap:
            name: {{ include "common.fullname" . }}-rproxy-log-config
        - name: {{ include "common.fullname" . }}-rproxy-auth-config
          secret:
            secretName: {{ include "common.fullname" . }}-rproxy-auth-config
        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
          secret:
            secretName: aai-rproxy-auth-certs
        - name: {{ include "common.fullname" . }}-rproxy-security-config
          secret:
            secretName: aai-rproxy-security-config
        - name: {{ include "common.fullname" . }}-fproxy-config
          configMap:
            name: {{ include "common.fullname" . }}-fproxy-config
        - name: {{ include "common.fullname" . }}-fproxy-log-config
          configMap:
            name: {{ include "common.fullname" . }}-fproxy-log-config
        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
          secret:
            secretName: aai-fproxy-auth-certs
    {{ end }}
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"