Sylvain Desbureaux | 47eb4d2 | 2020-12-10 12:15:27 +0100 | [diff] [blame] | 1 | {{/* |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 2 | # Copyright © 2018 Amdocs, AT&T |
| 3 | # Modifications Copyright © 2018 Bell Canada |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 4 | # Modifications Copyright © 2020-2021 Orange |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 5 | # |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
Sylvain Desbureaux | 47eb4d2 | 2020-12-10 12:15:27 +0100 | [diff] [blame] | 17 | */}} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 18 | |
| 19 | apiVersion: apps/v1 |
| 20 | kind: Deployment |
| 21 | metadata: |
| 22 | name: {{ include "common.fullname" . }} |
| 23 | namespace: {{ include "common.namespace" . }} |
| 24 | labels: |
| 25 | app: {{ include "common.name" . }} |
| 26 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} |
| 27 | release: {{ include "common.release" . }} |
| 28 | heritage: {{ .Release.Service }} |
| 29 | spec: |
| 30 | replicas: {{ .Values.replicaCount }} |
Rommel Pawar | 63db716 | 2022-11-16 10:11:24 -0800 | [diff] [blame] | 31 | strategy: |
| 32 | type: {{ .Values.updateStrategy.type }} |
| 33 | {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} |
| 34 | rollingUpdate: |
| 35 | maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} |
| 36 | maxSurge: {{ .Values.updateStrategy.maxSurge }} |
| 37 | {{- end }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 38 | selector: |
| 39 | matchLabels: |
| 40 | app: {{ include "common.name" . }} |
| 41 | template: |
| 42 | metadata: |
| 43 | labels: |
| 44 | app: {{ include "common.name" . }} |
| 45 | release: {{ include "common.release" . }} |
| 46 | name: {{ include "common.name" . }} |
| 47 | spec: |
| 48 | {{- if .Values.nodeSelector }} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 49 | nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 50 | {{- end -}} |
| 51 | {{- if .Values.affinity }} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 52 | affinity: {{ toYaml .Values.affinity | nindent 8 }} |
| 53 | {{- end }} |
| 54 | {{- if .Values.global.aafEnabled }} |
| 55 | initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} |
| 56 | - command: |
| 57 | - sh |
| 58 | args: |
| 59 | - -c |
| 60 | - | |
| 61 | echo "*** retrieve Truststore and Keystore password" |
| 62 | export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) |
| 63 | echo "*** obfuscate them " |
| 64 | export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} |
| 65 | export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} |
Radoslaw Chmiel | 88534f1 | 2022-02-28 21:33:01 +0100 | [diff] [blame] | 66 | export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") |
| 67 | export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` |
| 68 | export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 69 | echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop |
| 70 | echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop |
| 71 | image: {{ include "repositoryGenerator.image.jetty" . }} |
| 72 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 73 | name: {{ include "common.name" . }}-obfuscate |
| 74 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} |
| 75 | securityContext: |
| 76 | runAsUser: {{ .Values.securityContext.user_id }} |
| 77 | - command: |
| 78 | - sh |
| 79 | args: |
| 80 | - -c |
| 81 | - | |
| 82 | echo "*** Set obfuscated Truststore and Keystore password into configuration file" |
| 83 | export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) |
| 84 | cd /config-input |
| 85 | for PFILE in `ls -1` |
| 86 | do |
| 87 | envsubst <${PFILE} >/config/${PFILE} |
| 88 | done |
| 89 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} |
| 90 | - mountPath: /config-input |
| 91 | name: prop-config-input |
| 92 | - mountPath: /config |
| 93 | name: prop-config |
| 94 | image: {{ include "repositoryGenerator.image.envsubst" . }} |
| 95 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 96 | name: {{ include "common.name" . }}-update-config |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 97 | {{- end }} |
| 98 | containers: |
| 99 | - name: {{ include "common.name" . }} |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 100 | image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 101 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 102 | env: |
| 103 | - name: CONFIG_HOME |
| 104 | value: /opt/app/model-loader/config/ |
david.mcweeney | c87dbc3 | 2022-11-23 12:59:04 +0000 | [diff] [blame] | 105 | - name: SECURITY_PROTOCOL |
| 106 | value: {{ .Values.config.kafka.securityProtocol }} |
| 107 | - name: SASL_MECHANISM |
| 108 | value: {{ .Values.config.kafka.saslMechanism }} |
| 109 | - name: SASL_JAAS_CONFIG |
| 110 | value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 111 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 112 | - mountPath: /etc/localtime |
| 113 | name: localtime |
| 114 | readOnly: true |
| 115 | - mountPath: /opt/app/model-loader/config/model-loader.properties |
| 116 | subPath: model-loader.properties |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 117 | name: prop-config |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 118 | - mountPath: /opt/app/model-loader/config/auth/ |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 119 | name: auth-config |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 120 | - mountPath: {{ .Values.log.path }} |
| 121 | name: logs |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 122 | - mountPath: /opt/app/model-loader/logback.xml |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 123 | name: log-config |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 124 | subPath: logback.xml |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 125 | resources: {{ include "common.resources" . | nindent 10 }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 126 | # side car containers |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 127 | {{ include "common.log.sidecar" . | nindent 6 }} |
farida azmy | d893733 | 2021-03-09 12:20:42 +0200 | [diff] [blame] | 128 | serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 129 | volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 130 | - name: localtime |
| 131 | hostPath: |
| 132 | path: /etc/localtime |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 133 | - name: prop-config |
othman touijer | 5117667 | 2021-12-01 16:21:18 +0100 | [diff] [blame] | 134 | {{- if .Values.global.aafEnabled }} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 135 | emptyDir: |
| 136 | medium: Memory |
othman touijer | 5117667 | 2021-12-01 16:21:18 +0100 | [diff] [blame] | 137 | - name: prop-config-input |
| 138 | {{- end }} |
| 139 | configMap: |
| 140 | name: {{ include "common.fullname" . }}-prop |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 141 | - name: auth-config |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 142 | secret: |
| 143 | secretName: {{ include "common.fullname" . }} |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 144 | - name: logs |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 145 | emptyDir: {} |
Maciej Wereski | d523d12 | 2021-09-21 11:22:13 +0200 | [diff] [blame] | 146 | {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} |
Sylvain Desbureaux | 1e99719 | 2021-02-28 14:59:22 +0100 | [diff] [blame] | 147 | - name: log-config |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 148 | configMap: |
Sylvain Desbureaux | 5b65132 | 2020-12-07 15:34:15 +0100 | [diff] [blame] | 149 | name: {{ include "common.fullname" . }}-log |
Sylvain Desbureaux | 7007041 | 2020-11-09 21:58:48 +0100 | [diff] [blame] | 150 | restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} |
| 151 | imagePullSecrets: |
| 152 | - name: "{{ include "common.namespace" . }}-docker-registry-key" |