kubernetes/aai/components/aai-search-data/templates/deployment.yaml

# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ include "common.release" . }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ include "common.name" . }}
  template:
    metadata:
      labels:
        app: {{ include "common.name" . }}
        release: {{ include "common.release" . }}
      name: {{ include "common.name" . }}
    spec:
    {{ if .Values.global.installSidecarSecurity }}
      initContainers:
        - name: {{ .Values.global.tproxyConfig.name }}
          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          securityContext:
            privileged: true
    {{ end }}
      containers:
      - name: {{ include "common.name" . }}
        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        env:
        - name: CONFIG_HOME
          value: /opt/app/search-data-service/config/
        - name: KEY_STORE_PASSWORD
          value: {{ .Values.config.keyStorePassword }}
        - name: KEY_MANAGER_PASSWORD
          value: {{ .Values.config.keyManagerPassword }}
        volumeMounts:
        - mountPath: /etc/localtime
          name: localtime
          readOnly: true
        - mountPath: /opt/app/search-data-service/config/filter-config.json
          subPath: filter-config.json
          name: {{ include "common.fullname" . }}-service-config
        - mountPath: /opt/app/search-data-service/config/elastic-search.properties
          subPath: elastic-search.properties
          name: {{ include "common.fullname" . }}-service-config
        - mountPath: /opt/app/search-data-service/config/analysis-config.json
          subPath: analysis-config.json
          name: {{ include "common.fullname" . }}-service-config
        - mountPath: /opt/app/search-data-service/config/es-payload-translation.json
          subPath: es-payload-translation.json
          name: {{ include "common.fullname" . }}-service-config
        - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json
          subPath: dynamic-custom-template.json
          name: {{ include "common.fullname" . }}-service-config
        - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
          subPath: tomcat_keystore
          name: {{ include "common.fullname" . }}-service-auth-config
        - mountPath: /opt/app/search-data-service/config/auth/search_policy.json
          subPath: search_policy.json
          name: {{ include "common.fullname" . }}-search-policy-config
        - mountPath: /var/log/onap
          name: {{ include "common.fullname" . }}-service-logs
        - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml
          name: {{ include "common.fullname" . }}-service-log-conf
          subPath: logback.xml
        ports:
        - containerPort: {{ .Values.service.internalPort }}
        # disable liveness probe when breakpoints set in debugger
        # so K8s doesn't restart unresponsive container
        {{- if eq .Values.liveness.enabled true }}
        livenessProbe:
          tcpSocket:
            port: {{ .Values.service.internalPort }}
          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
          periodSeconds: {{ .Values.liveness.periodSeconds }}
        {{ end -}}
        readinessProbe:
          tcpSocket:
            port: {{ .Values.service.internalPort }}
          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
          periodSeconds: {{ .Values.readiness.periodSeconds }}
        resources:
{{ include "common.resources" . }}
      {{- if .Values.nodeSelector }}
      nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
      {{- end -}}
      {{- if .Values.affinity }}
      affinity:
{{ toYaml .Values.affinity | indent 8 }}
      {{- end }}

      # side car containers
      - name: filebeat-onap
        image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        volumeMounts:
        - mountPath: /usr/share/filebeat/filebeat.yml
          subPath: filebeat.yml
          name: filebeat-conf
        - mountPath: /var/log/onap
          name: {{ include "common.fullname" . }}-service-logs
        - mountPath: /usr/share/filebeat/data
          name: {{ include "common.fullname" . }}-service-filebeat

    {{ if .Values.global.installSidecarSecurity }}
      - name: {{ .Values.global.rproxy.name }}
        image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        env:
        - name: CONFIG_HOME
          value: "/opt/app/rproxy/config"
        - name: KEY_STORE_PASSWORD
          value: {{ .Values.config.keyStorePassword }}
        - name: spring_profiles_active
          value: {{ .Values.global.rproxy.activeSpringProfiles }}
        volumeMounts:
        - name: {{ include "common.fullname" . }}-rproxy-config
          mountPath: /opt/app/rproxy/config/forward-proxy.properties
          subPath: forward-proxy.properties
        - name: {{ include "common.fullname" . }}-rproxy-config
          mountPath: /opt/app/rproxy/config/primary-service.properties
          subPath: primary-service.properties
        - name: {{ include "common.fullname" . }}-rproxy-config
          mountPath: /opt/app/rproxy/config/reverse-proxy.properties
          subPath: reverse-proxy.properties
        - name: {{ include "common.fullname" . }}-rproxy-config
          mountPath: /opt/app/rproxy/config/cadi.properties
          subPath: cadi.properties
        - name: {{ include "common.fullname" . }}-rproxy-log-config
          mountPath: /opt/app/rproxy/config/logback-spring.xml
          subPath: logback-spring.xml
        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
          mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
          subPath: tomcat_keystore
        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
          mountPath: /opt/app/rproxy/config/auth/client-cert.p12
          subPath: client-cert.p12
        - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
          mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
          subPath: uri-authorization.json
        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
          mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
          subPath: org.onap.aai.p12
        - name: {{ include "common.fullname" . }}-rproxy-security-config
          mountPath: /opt/app/rproxy/config/security/keyfile
          subPath: keyfile

        ports:
        - containerPort: {{ .Values.global.rproxy.port }}

      - name: {{ .Values.global.fproxy.name }}
        image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        env:
        - name: CONFIG_HOME
          value: "/opt/app/fproxy/config"
        - name: KEY_STORE_PASSWORD
          value: {{ .Values.config.keyStorePassword }}
        - name: TRUST_STORE_PASSWORD
          value: {{ .Values.config.trustStorePassword }}
        - name: spring_profiles_active
          value: {{ .Values.global.fproxy.activeSpringProfiles }}
        volumeMounts:
        - name: {{ include "common.fullname" . }}-fproxy-config
          mountPath: /opt/app/fproxy/config/fproxy.properties
          subPath: fproxy.properties
        - name: {{ include "common.fullname" . }}-fproxy-log-config
          mountPath: /opt/app/fproxy/config/logback-spring.xml
          subPath: logback-spring.xml
        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
          mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
          subPath: fproxy_truststore
        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
          mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
          subPath: tomcat_keystore
        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
          mountPath: /opt/app/fproxy/config/auth/client-cert.p12
          subPath: client-cert.p12
        ports:
        - containerPort: {{ .Values.global.fproxy.port }}
    {{ end }}

      volumes:
      - name: localtime
        hostPath:
          path: /etc/localtime
      - name: {{ include "common.fullname" . }}-service-config
        configMap:
          name: {{ include "common.fullname" . }}
      - name: {{ include "common.fullname" . }}-service-auth-config
        secret:
          secretName: {{ include "common.fullname" . }}-keystone
      - name: {{ include "common.fullname" . }}-search-policy-config
        secret:
          secretName: {{ include "common.fullname" . }}-policy
      - name: filebeat-conf
        configMap:
          name: aai-filebeat
      - name: {{ include "common.fullname" . }}-service-logs
        emptyDir: {}
      - name: {{ include "common.fullname" . }}-service-filebeat
        emptyDir: {}
      - name: {{ include "common.fullname" . }}-service-log-conf
        configMap:
         name: {{ include "common.fullname" . }}-service-log
    {{ if .Values.global.installSidecarSecurity }}
      - name: {{ include "common.fullname" . }}-rproxy-config
        configMap:
          name: {{ include "common.fullname" . }}-rproxy-config
      - name: {{ include "common.fullname" . }}-rproxy-log-config
        configMap:
          name: {{ include "common.fullname" . }}-rproxy-log-config
      - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
        configMap:
          name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
      - name: {{ include "common.fullname" . }}-rproxy-auth-config
        secret:
          secretName: {{ include "common.fullname" . }}-rproxy-auth-config
      - name: {{ include "common.fullname" . }}-rproxy-auth-certs
        secret:
          secretName: aai-rproxy-auth-certs
      - name: {{ include "common.fullname" . }}-rproxy-security-config
        secret:
          secretName: aai-rproxy-security-config
      - name: {{ include "common.fullname" . }}-fproxy-config
        configMap:
          name: {{ include "common.fullname" . }}-fproxy-config
      - name: {{ include "common.fullname" . }}-fproxy-log-config
        configMap:
          name: {{ include "common.fullname" . }}-fproxy-log-config
      - name: {{ include "common.fullname" . }}-fproxy-auth-certs
        secret:
          secretName: aai-fproxy-auth-certs
    {{ end }}
      restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"