helm/appmgr/templates/deployment.yaml

   1 ################################################################################
   2 #   Copyright (c) 2019 AT&T Intellectual Property.                             #
   3 #   Copyright (c) 2019 Nokia.                                                  #
   4 #                                                                              #
   5 #   Licensed under the Apache License, Version 2.0 (the "License");            #
   6 #   you may not use this file except in compliance with the License.           #
   7 #   You may obtain a copy of the License at                                    #
   8 #                                                                              #
   9 #       http://www.apache.org/licenses/LICENSE-2.0                             #
  10 #                                                                              #
  11 #   Unless required by applicable law or agreed to in writing, software        #
  12 #   distributed under the License is distributed on an "AS IS" BASIS,          #
  13 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
  14 #   See the License for the specific language governing permissions and        #
  15 #   limitations under the License.                                             #
  16 ################################################################################
  17 {{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
  18 {{- $topCtx :=  . }}
  19 {{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
  20 {{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
  21 {{- $certName := include "common.tillerHelmClientTLSSecret" $ctx }}
  22 apiVersion: apps/v1
  23 kind: Deployment
  24 metadata:
  25   name: {{ include "common.deploymentname.appmgr" . }}
  26   namespace: {{ include "common.namespace.platform" . }}
  27   labels:
  28     app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
  29     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
  30     release: {{ .Release.Name }}
  31     heritage: {{ .Release.Service }}
  32 spec:
  33   replicas: {{ .Values.appmgr.replicaCount }}
  34   selector:
  35     matchLabels:
  36       app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
  37       release: {{ .Release.Name }}
  38   template:
  39     metadata:
  40       {{- if .Values.appmgr.annotations }}
  41       annotations:
  42         {{- .Values.appmgr.annotations | nindent 8 -}}
  43       {{ end }}
  44       labels:
  45         app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
  46         release: {{ .Release.Name }}
  47     spec:
  48       hostname: {{ include "common.name.appmgr" . }}
  49       serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }}
  50       imagePullSecrets:
  51         {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }}
  52         - name: {{ include "common.dockerregistry.credential" $newctx -}}
  53 {{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" )  (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
  54       initContainers:
  55         - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
  56           {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }}
  57           image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
  58           {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
  59           imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
  60           env:
  61             - name: SVCACCT_NAME
  62               value: {{ include "common.serviceaccountname.appmgr" . }}
  63             - name: CLUSTER_NAME
  64               value: {{ default "kubernetes" .Values.appmgr.clusterName }}
  65             - name: KUBECONFIG
  66               value: /tmp/kubeconfig
  67             - name: K8S_API_HOST
  68               value: {{ default "https://kubernetes.default.svc.cluster.local/" .Values.common.k8sAPIHost }}
  69             - name: SECRET_NAMESPACE
  70               value: {{ include "common.tillerDeployNameSpace" $ctx }}
  71             - name: SECRET_NAME
  72               value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
  73           envFrom:
  74             - configMapRef:
  75                 name: {{ include "common.configmapname.appmgr" . }}-env
  76           command: ["/appmgr-tiller-secret-copier.sh"]
  77           volumeMounts:
  78             - name: helm-secret-volume
  79               mountPath: {{ $secretPath }}
  80               readOnly: false
  81             - name: appmgr-bin-volume
  82               mountPath: /svcacct-to-kubeconfig.sh
  83               subPath: svcacct-to-kubeconfig.sh
  84             - name: appmgr-bin-volume
  85               mountPath: /appmgr-tiller-secret-copier.sh
  86               subPath: appmgr-tiller-secret-copier.sh
  87 {{- end }}
  88       containers:
  89         - name: {{ include "common.containername.appmgr.chartmuseum" . }}
  90           {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.chartmuseum.registry }}
  91           image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.chartmuseum.name }}:{{ .Values.appmgr.image.chartmuseum.tag }}
  92           {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
  93           imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
  94           securityContext:
  95             fsGroup: 0
  96             runAsUser: 0
  97           envFrom:
  98             - configMapRef:
  99                 name: {{ include "common.configmapname.appmgr" . }}-chartmuseum-env
 100           ports:
 101             - name: chartmuseum
 102               containerPort: {{ include "common.serviceport.appmgr.chartmuseum.http" . }}
 103               protocol: TCP
 104         - name: {{ include "common.containername.appmgr" . }}
 105           {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.appmgr.registry }}
 106           image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.appmgr.name }}:{{ .Values.appmgr.image.appmgr.tag }}
 107           {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
 108           imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
 109           ports:
 110             - name: http
 111               containerPort: {{ include "common.serviceport.appmgr.http" . }}
 112               protocol: TCP
 113             - name: rmrroute
 114               containerPort: {{ include "common.serviceport.appmgr.rmr.route" . }}
 115               protocol: TCP
 116             - name: rmrdata
 117               containerPort: {{ include "common.serviceport.appmgr.rmr.data" . }}
 118               protocol: TCP
 119           volumeMounts:
 120             - name: config-volume
 121               mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml
 122               subPath: appmgr.yaml
 123             - name: helm-secret-volume
 124               mountPath: {{ $secretPath }}
 125               readOnly: false
 126             - name: secret-volume
 127               mountPath: {{ $secretPath }}/helm_repo_username
 128               subPath: helm_repo_username
 129             - name: secret-volume
 130               mountPath: {{ $secretPath }}/helm_repo_password
 131               subPath: helm_repo_password
 132           envFrom:
 133             - configMapRef:
 134                 name: {{ include "common.configmapname.appmgr" . }}-env
 135           livenessProbe:
 136             #exec:
 137             #  command:
 138             #    - /bin/bash
 139             #    - -c
 140             #    - ps -ef | grep {{ .Values.livenessprocessname }}| grep -v "grep"
 141             #initialDelaySeconds: 120
 142             #periodSeconds: 30
 143           readinessProbe:
 144           #  httpGet:
 145           #    path: /
 146           #    port: http
 147           restartPolicy: Always
 148           securityContext:
 149             # ubuntu
 150             #runAsUser: 1000
 151             #allowPrivilegeEscalation: false
 152       volumes:
 153         - name: config-volume
 154           configMap:
 155             name: {{ include "common.configmapname.appmgr" . }}-appconfig
 156         - name: secret-volume
 157           secret:
 158             secretName: {{ include "common.secretname.appmgr" . }}
 159         - name: helm-secret-volume
 160           emptyDir: {}
 161         - name: appmgr-bin-volume
 162           configMap:
 163             name: {{ include "common.configmapname.appmgr" . }}-bin
 164             defaultMode: 0755