| {{/* |
| # Copyright © 2018 Orange |
| # Modifications Copyright © 2018 Amdocs, Bell Canada |
| # Modifications Copyright © 2020 Nokia |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| */}} |
| |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: {{ include "common.fullname" . }} |
| namespace: {{ include "common.namespace" . }} |
| labels: |
| app: {{ include "common.name" . }} |
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} |
| release: {{ include "common.release" . }} |
| heritage: {{ .Release.Service }} |
| spec: |
| selector: |
| matchLabels: |
| app: {{ include "common.name" . }} |
| replicas: {{ .Values.replicaCount }} |
| template: |
| metadata: |
| labels: |
| app: {{ include "common.name" . }} |
| release: {{ include "common.release" . }} |
| name: {{ include "common.fullname" . }} |
| spec: |
| {{- if .Values.global.aafEnabled }} |
| initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} |
| {{- end }} |
| containers: |
| - name: {{ include "common.name" . }} |
| image: "{{ include "common.repository" . }}/{{ .Values.image }}" |
| imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| ports: |
| - containerPort: {{ .Values.service.internalPort }} |
| # disable liveness probe when breakpoints set in debugger |
| # so K8s doesn't restart unresponsive container |
| {{- if .Values.global.aafEnabled }} |
| command: |
| - bash |
| args: |
| - -c |
| - | |
| export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) |
| export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ |
| -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ |
| -Dserver.ssl.key-store-type=PKCS12 \ |
| -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ |
| -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ |
| -Djavax.net.ssl.trustStoreType=jks\ |
| -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" |
| exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar |
| {{- end }} |
| {{ if .Values.liveness.enabled }} |
| livenessProbe: |
| httpGet: |
| port: {{ .Values.liveness.port }} |
| path: {{ .Values.liveness.path }} |
| scheme: HTTPS |
| initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} |
| periodSeconds: {{ .Values.liveness.periodSeconds }} |
| {{ end }} |
| readinessProbe: |
| httpGet: |
| port: {{ .Values.readiness.port }} |
| path: {{ .Values.readiness.path }} |
| scheme: HTTPS |
| initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} |
| periodSeconds: {{ .Values.readiness.periodSeconds }} |
| env: |
| - name: SPRING_DATASOURCE_URL |
| value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} |
| - name: SPRING_DATASOURCE_USERNAME |
| {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} |
| - name: SPRING_DATASOURCE_PASSWORD |
| {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} |
| - name: SPRING_DATA_MONGODB_HOST |
| value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }} |
| - name: SPRING_DATA_MONGODB_PORT |
| value: "{{ .Values.mongo.service.internalPort }}" |
| - name: SPRING_DATA_MONGODB_DATABASE |
| value: {{ .Values.mongo.config.dbName }} |
| - name: ONAP_LCPCLOUDREGIONID |
| value: {{ .Values.config.openStackRegion }} |
| - name: ONAP_TENANTID |
| value: {{ .Values.config.openStackVNFTenantId | quote }} |
| - name: ONAP_CLOUDOWNER |
| value: {{ .Values.config.cloudOwner }} |
| - name: NBI_URL |
| value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4" |
| - name: SDC_HOST |
| value: "https://sdc-be.{{ include "common.namespace" . }}:8443" |
| - name: SDC_HEADER_ECOMPINSTANCEID |
| value: {{ .Values.config.ecompInstanceId }} |
| - name: SDC_HEADER_AUTHORIZATION |
| value: {{ .Values.sdc_authorization }} |
| - name: AAI_HOST |
| value: "https://aai.{{ include "common.namespace" . }}:8443" |
| - name: AAI_HEADER_AUTHORIZATION |
| value: {{ .Values.aai_authorization }} |
| - name: SO_HOST |
| value: http://so.{{ include "common.namespace" . }}:8080 |
| {{- if .Values.so_authorization }} |
| - name: SO_HEADER_AUTHORIZATION |
| value: {{ .Values.so_authorization }} |
| {{- end }} |
| - name: DMAAP_HOST |
| value: "https://message-router.{{ include "common.namespace" . }}:3905" |
| - name: LOGGING_LEVEL_ORG_ONAP_NBI |
| value: {{ .Values.config.loglevel }} |
| - name: MSB_ENABLED |
| value: "true" |
| - name: MSB_DISCOVERY_HOST |
| value: "msb-discovery.{{ include "common.namespace" . }}" |
| - name: MSB_DISCOVERY_PORT |
| value: "10081" |
| volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} |
| - mountPath: /etc/localtime |
| name: localtime |
| readOnly: true |
| resources: |
| {{ include "common.resources" . | indent 12 }} |
| {{- if .Values.nodeSelector }} |
| nodeSelector: |
| {{ toYaml .Values.nodeSelector | indent 10 }} |
| {{- end -}} |
| {{- if .Values.affinity }} |
| affinity: |
| {{ toYaml .Values.affinity | indent 10 }} |
| {{- end }} |
| # side car containers |
| # - name: filebeat-onap |
| # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" |
| # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| # volumeMounts: |
| # - mountPath: /usr/share/filebeat/filebeat.yml |
| # name: filebeat-conf |
| # subPath: filebeat.yml |
| # - mountPath: /home/esr/works/logs |
| # name: esr-server-logs |
| # - mountPath: /usr/share/filebeat/data |
| # name: esr-server-filebeat |
| volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} |
| - name: localtime |
| hostPath: |
| path: /etc/localtime |
| # - name: filebeat-conf |
| # configMap: |
| # name: {{ include "common.fullname" . }}-esr-filebeat |
| # - name: esr-server-logs |
| # emptyDir: {} |
| # - name: esr-server-filebeat |
| # emptyDir: {} |
| # - name: esrserver-log |
| # configMap: |
| # name: {{ include "common.fullname" . }}-esr-esrserver-log |
| imagePullSecrets: |
| - name: "{{ include "common.namespace" . }}-docker-registry-key" |