# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
{{ if .Values.global.installSidecarSecurity }}
hostAliases:
- ip: {{ .Values.global.aaf.serverIp }}
hostnames:
- {{ .Values.global.aaf.serverHostname }}
initContainers:
- name: {{ .Values.global.tproxyConfig.name }}
image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
privileged: true
{{ end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CONFIG_HOME
value: /opt/app/crud-service/config/
- name: KEY_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "common.fullname" . }}-pass
key: KEY_STORE_PASSWORD
- name: KEY_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "common.fullname" . }}-pass
key: KEY_MANAGER_PASSWORD
- name: SERVICE_BEANS
value: /opt/app/crud-service/dynamic/conf
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/crud-service/config/crud-api.properties
subPath: crud-api.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/crud-service/config/schemaIngest.properties
subPath: schemaIngest.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/crud-service/config/model/
name: {{ include "common.fullname" . }}-model-config
- mountPath: /opt/app/crud-service/config/auth
name: {{ include "common.fullname" . }}-auth-secret
- mountPath: /opt/app/crud-service/dynamic/conf/crud-beans.xml
name: {{ include "common.fullname" . }}-config
subPath: crud-beans.xml
- mountPath: /var/log/onap
name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/crud-api/bundleconfig/etc/logback.xml
name: {{ include "common.fullname" . }}-logback-config
subPath: logback.xml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- name: filebeat-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
- mountPath: /var/log/onap
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-data-filebeat
{{ if .Values.global.installSidecarSecurity }}
- name: {{ .Values.global.rproxy.name }}
image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: CONFIG_HOME
value: "/opt/app/rproxy/config"
- name: KEY_STORE_PASSWORD
value: {{ .Values.config.keyStorePassword }}
- name: spring_profiles_active
value: {{ .Values.global.rproxy.activeSpringProfiles }}
volumeMounts:
- name: {{ include "common.fullname" . }}-rproxy-config
mountPath: /opt/app/rproxy/config/forward-proxy.properties
subPath: forward-proxy.properties
- name: {{ include "common.fullname" . }}-rproxy-config
mountPath: /opt/app/rproxy/config/primary-service.properties
subPath: primary-service.properties
- name: {{ include "common.fullname" . }}-rproxy-config
mountPath: /opt/app/rproxy/config/reverse-proxy.properties
subPath: reverse-proxy.properties
- name: {{ include "common.fullname" . }}-rproxy-config
mountPath: /opt/app/rproxy/config/cadi.properties
subPath: cadi.properties
- name: {{ include "common.fullname" . }}-rproxy-log-config
mountPath: /opt/app/rproxy/config/logback-spring.xml
subPath: logback-spring.xml
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/client-cert.p12
subPath: client-cert.p12
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
subPath: uri-authorization.json
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
subPath: aaf_truststore.jks
- name: {{ include "common.fullname" . }}-rproxy-security-config
mountPath: /opt/app/rproxy/config/security/keyfile
subPath: keyfile
ports:
- containerPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.global.fproxy.name }}
image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: CONFIG_HOME
value: "/opt/app/fproxy/config"
- name: KEY_STORE_PASSWORD
value: {{ .Values.config.keyStorePassword }}
- name: spring_profiles_active
value: {{ .Values.global.fproxy.activeSpringProfiles }}
volumeMounts:
- name: {{ include "common.fullname" . }}-fproxy-config
mountPath: /opt/app/fproxy/config/fproxy.properties
subPath: fproxy.properties
- name: {{ include "common.fullname" . }}-fproxy-log-config
mountPath: /opt/app/fproxy/config/logback-spring.xml
subPath: logback-spring.xml
- name: {{ include "common.fullname" . }}-fproxy-auth-config
mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- name: {{ include "common.fullname" . }}-fproxy-auth-config
mountPath: /opt/app/fproxy/config/auth/client-cert.p12
subPath: client-cert.p12
ports:
- containerPort: {{ .Values.global.fproxy.port }}
{{ end }}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: filebeat-conf
configMap:
name: {{ include "common.fullname" . }}-filebeat-configmap
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-auth-secret
secret:
secretName: {{ include "common.fullname" . }}-auth
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
items:
- key: crud-api.properties
path: crud-api.properties
- key: schemaIngest.properties
path: schemaIngest.properties
- key: crud-beans.xml
path: crud-beans.xml
- name: {{ include "common.fullname" . }}-logback-config
configMap:
name: {{ include "common.fullname" . }}-log-configmap
items:
- key: logback.xml
path: logback.xml
- name: {{ include "common.fullname" . }}-model-config
configMap:
name: {{ include "common.fullname" . }}-model-configmap
{{ if .Values.global.installSidecarSecurity }}
- name: {{ include "common.fullname" . }}-rproxy-config
configMap:
name: {{ include "common.fullname" . }}-rproxy-config
- name: {{ include "common.fullname" . }}-rproxy-log-config
configMap:
name: {{ include "common.fullname" . }}-rproxy-log-config
- name: {{ include "common.fullname" . }}-rproxy-auth-config
secret:
secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- name: {{ include "common.fullname" . }}-rproxy-security-config
secret:
secretName: {{ include "common.fullname" . }}-rproxy-security-config
- name: {{ include "common.fullname" . }}-fproxy-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-config
- name: {{ include "common.fullname" . }}-fproxy-log-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-log-config
- name: {{ include "common.fullname" . }}-fproxy-auth-config
secret:
secretName: {{ include "common.fullname" . }}-fproxy-auth-config
{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
