| #============LICENSE_START======================================================== |
| # ================================================================================ |
| # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. |
| # Modifications Copyright © 2018 Amdocs, Bell Canada |
| # Copyright (c) 2020 J. F. Lucas. All rights reserved. |
| # ================================================================================ |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # ============LICENSE_END========================================================= |
| |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: {{ include "common.fullname" . }} |
| namespace: {{ include "common.namespace" . }} |
| labels: |
| app: {{ include "common.name" . }} |
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} |
| release: {{ include "common.release" . }} |
| heritage: {{ .Release.Service }} |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: {{ include "common.name" . }} |
| template: |
| metadata: |
| labels: |
| app: {{ include "common.name" . }} |
| release: {{ include "common.release" . }} |
| spec: |
| # host alias allows local 'cfy' command to use https and match |
| # the host name in the certificate |
| hostAliases: |
| - ip: "127.0.0.1" |
| hostnames: |
| - "dcae-cloudify-manager" |
| initContainers: |
| - name: {{ include "common.name" . }}-readiness |
| image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| command: |
| - /app/ready.py |
| args: |
| - --container-name |
| - aaf-cm |
| - "-t" |
| - "15" |
| env: |
| - name: NAMESPACE |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: metadata.namespace |
| - name: {{ include "common.name" . }}-multisite-init |
| image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| args: |
| - --namespace |
| - {{ include "common.namespace" . }} |
| - --configmap |
| - {{ .Values.multisiteConfigMapName }} |
| - name: init-tls |
| env: |
| - name: POD_IP |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: status.podIP |
| - name: aaf_locator_fqdn |
| value: dcae |
| image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| resources: {} |
| volumeMounts: |
| - mountPath: /opt/app/osaaf |
| name: tls-info |
| {{- if .Values.persistence.enabled }} |
| - name: remove-lost-found |
| image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| volumeMounts: |
| - mountPath: /cfy-persist |
| name: cm-persistent |
| command: |
| - /bin/sh |
| args: |
| - -c |
| - "rm -rf '/cfy-persist/lost+found';" |
| {{- end }} |
| containers: |
| - name: {{ include "common.name" . }} |
| image: "{{ include "common.repository" . }}/{{ .Values.image }}" |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| env: |
| - name: REQUESTS_CA_BUNDLE |
| value: "/opt/onap/certs/cacert.pem" |
| resources: |
| {{ include "common.resources" . | indent 12 }} |
| ports: |
| - containerPort: {{ .Values.service.internalPort }} |
| # disable liveness probe when breakpoints set in debugger |
| # so K8s doesn't restart unresponsive container |
| {{- if eq .Values.liveness.enabled true }} |
| livenessProbe: |
| tcpSocket: |
| port: {{ .Values.service.internalPort }} |
| initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} |
| periodSeconds: {{ .Values.liveness.periodSeconds }} |
| timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} |
| {{ end }} |
| readinessProbe: |
| exec: |
| command: |
| - /scripts/readiness-check.sh |
| initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} |
| periodSeconds: {{ .Values.readiness.periodSeconds }} |
| timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} |
| volumeMounts: |
| - mountPath: /opt/onap/config.txt |
| subPath: config.txt |
| name: {{ include "common.fullname" .}}-config |
| readOnly: true |
| - mountPath: /opt/onap/kube |
| name: {{ include "common.fullname" .}}-kubeconfig |
| readOnly: true |
| - mountPath: /secret |
| name: dcae-token |
| readOnly: true |
| - mountPath: /sys/fs/cgroup |
| name: {{ include "common.fullname" . }}-cgroup |
| readOnly: true |
| - mountPath: /etc/localtime |
| name: localtime |
| readOnly: true |
| - mountPath: /cfy-persist |
| name: cm-persistent |
| - mountPath: /opt/onap/certs |
| name: tls-info |
| - mountPath: /opt/onap/cm-secrets |
| name: cm-secrets |
| readOnly: true |
| securityContext: |
| privileged: True |
| volumes: |
| - name: {{ include "common.fullname" . }}-config |
| configMap: |
| name: {{ include "common.fullname" . }}-configmap |
| - name: {{ include "common.fullname" .}}-kubeconfig |
| configMap: |
| name: {{ .Values.multisiteConfigMapName }} |
| - name: dcae-token |
| secret: |
| secretName: dcae-token |
| - name: {{ include "common.fullname" . }}-cgroup |
| hostPath: |
| path: /sys/fs/cgroup |
| - name: localtime |
| hostPath: |
| path: /etc/localtime |
| - name: cm-persistent |
| {{- if .Values.persistence.enabled }} |
| persistentVolumeClaim: |
| claimName: {{ include "common.fullname" . }}-data |
| {{- else }} |
| emptyDir: {} |
| {{- end }} |
| - emptyDir: {} |
| name: tls-info |
| - name: cm-secrets |
| secret: |
| secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} |
| imagePullSecrets: |
| - name: "{{ include "common.namespace" . }}-docker-registry-key" |