blob: a0c315426c289efd55875987356969eb73fbba29 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
{{/*
# Modifications Copyright © 2018 Amdocs,Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
{{- if .Values.PG.enabled }}
initContainers:
- command:
- sh
args:
- -c
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: PG_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PG_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: {{ include "common.name" . }}-config-input
- mountPath: /config
name: {{ include "common.name" . }}-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
{{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
# See AAF-425 for explanation of why this is needed.
# This artifact is provisioned in AAF for both pks12 and jks format and apparently
# the cadi library is not using the jks password on the jks keystore.
# So, this attempts to "fix" the credential property file until this is fixed properly.
- name: {{ include "common.name" . }}-cred-fixer
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
command: ["/bin/sh"]
args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
{{- end }}
- name: {{ include "common.name" . }}-postgres-readiness
securityContext:
runAsUser: 100
runAsGroup: 65533
command:
- /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
- --container-name
- message-router
- --container-name
- dmaap-dr-node
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
livenessProbe:
httpGet:
port: {{ .Values.liveness.port }}
path: /webapi/topics
scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
port: {{ .Values.readiness.port }}
path: /webapi/topics
scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.name" . }}-config-input
configMap:
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.name" . }}-config
emptyDir:
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
|
