[DCAEGEN2-SVCS] Support config update via configMap
Change chart to mount application configuration configMap
directly on the application container and rely on the
DCAE SDK to do environment variable substitution on the
configMap content. This allows changing configuration
by editing the configMap without restarting the application.
Remove message router authenticated topic provisioning from
DCAE.
Issue-ID: DCAEGEN2-2935
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I85139e64f8cb7e1b88f8fca8d5d84cc71f946290
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 9781e33..6c742c0 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -33,7 +33,7 @@
The template expects a single argument, pointing to the caller's global context.
Microservice-specific environment variables can be specified in two ways:
- 1. As literal string values.
+ 1. As literal string values. (The values can also be Helm template fragments.)
2. As values that are sourced from a secret, identified by the secret's
uid and the key within the secret that provides the value.
@@ -180,21 +180,6 @@
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
-The Deployment includes an initContainer that checks for the
-readiness of other components that the microservice relies on.
-This container is generated by the "common.readinessCheck.waitfor"
-template.
-
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager. The information is mounted at the
-mount point specified in .Values.certDirectory. If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats. It will also include the AAF CA cert. If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
Deployed POD may also include a Policy-sync sidecar container.
The sidecar is included if .Values.policies is set. The
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
@@ -212,6 +197,35 @@
policyRelease: "onap"
policyID: |
'["onap.vfirewall.tca","onap.vdns.tca"]'
+
+The Deployment includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template. See the documentation for this template
+(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl).
+
+If the microservice uses a DMaaP Data Router (DR) feed, the Deployment
+includes an initContainer that makes provisioning requests to the DMaaP
+bus controller (dmaap-bc) to create the feed and to set up a publisher
+and/or subscriber to the feed. The Deployment also includes a second
+initContainer that merges the information returned by the provisioning
+process into the microservice's configuration. See the documentation for
+the common DMaaP provisioning template
+(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager. The information is mounted at the
+mount point specified in .Values.certDirectory. If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats. It will also include the AAF CA cert. If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+
+If the microservice uses certificates from an external CMPv2 provider,
+the Deployment will include an initContainer that performs certificate
+post-processing.
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
@@ -236,30 +250,6 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{- if not $drFeedConfig }}
- - command:
- - sh
- args:
- - -c
- - |
- {{- range $var := .Values.customEnvVars }}
- export {{ $var.name }}="{{ $var.value }}";
- {{- end }}
- cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
- env:
- {{- range $cred := .Values.credentials }}
- - name: {{ $cred.name }}
- {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
- {{- end }}
- volumeMounts:
- - mountPath: /config-input
- name: app-config-input
- - mountPath: /config
- name: app-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
{{- if $certDir }}
@@ -331,7 +321,7 @@
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
- mountPath: /app-config
- name: app-config
+ name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
- mountPath: /app-config-input
name: app-config-input
{{- if $logDir }}