+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
-{{- $topCtx := . }}
-{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
-{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.deploymentname.appmgr" . }}
- namespace: {{ include "common.namespace.platform" . }}
- labels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.appmgr.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
- release: {{ .Release.Name }}
- template:
- metadata:
- {{- if .Values.appmgr.annotations }}
- annotations:
- {{- .Values.appmgr.annotations | nindent 8 -}}
- {{ end }}
- labels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
- release: {{ .Release.Name }}
- spec:
- hostname: {{ include "common.name.appmgr" . }}
- serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }}
- imagePullSecrets:
- - name: {{ include "common.repositoryCred" . }}
-{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" ) (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
- initContainers:
- - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
- image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
- imagePullPolicy: {{ default "IfNotPresent" .pullPolicy }}
- env:
- - name: SVCACCT_NAME
- value: {{ include "common.serviceaccountname.appmgr" . }}
- - name: CLUSTER_NAME
- value: {{ default "kubernetes" .Values.global.clusterName }}
- - name: KUBECONFIG
- value: /tmp/kubeconfig
- - name: K8S_API_HOST
- value: {{ default "kubernetes.default.svc.cluster.local" .Values.global.k8sAPIHost }}
- - name: SECRET_NAMESPACE
- value: {{ include "common.tillerDeployNameSpace" $ctx }}
- - name: SECRET_NAME
- value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
- envFrom:
- - configMapRef:
- name: {{ include "common.configmapname.appmgr" . }}-env
- command: ["/appmgr-tiller-secret-copier.sh"]
- volumeMounts:
- - name: helm-secret-volume
- mountPath: {{ $secretPath }}
- readOnly: false
- - name: appmgr-bin-volume
- mountPath: /svcacct-to-kubeconfig.sh
- subPath: svcacct-to-kubeconfig.sh
- - name: appmgr-bin-volume
- mountPath: /appmgr-tiller-secret-copier.sh
- subPath: appmgr-tiller-secret-copier.sh
-{{- end }}
- containers:
- - name: {{ include "common.containername.appmgr" . }}
- image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.name }}:{{ .Values.appmgr.image.tag }}
- imagePullPolicy: {{ include "common.pullPolicy" . }}
- ports:
- - name: http
- containerPort: {{ include "common.serviceport.appmgr.http" . }}
- protocol: TCP
- - name: rmrroute
- containerPort: {{ include "common.serviceport.appmgr.rmr.route" . }}
- protocol: TCP
- - name: rmrdata
- containerPort: {{ include "common.serviceport.appmgr.rmr.data" . }}
- protocol: TCP
- volumeMounts:
- - name: config-volume
- mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml
- subPath: appmgr.yaml
- - name: cert-volume
- mountPath: {{ .Values.appmgr.appcertpath }}
- - name: helm-secret-volume
- mountPath: {{ $secretPath }}
- readOnly: false
- - name: secret-volume
- mountPath: {{ $secretPath }}/helm_repo_username
- subPath: helm_repo_username
- - name: secret-volume
- mountPath: {{ $secretPath }}/helm_repo_password
- subPath: helm_repo_password
- envFrom:
- - configMapRef:
- name: {{ include "common.configmapname.appmgr" . }}-env
- livenessProbe:
- #exec:
- # command:
- # - /bin/bash
- # - -c
- # - ps -ef | grep {{ .Values.livenessprocessname }}| grep -v "grep"
- #initialDelaySeconds: 120
- #periodSeconds: 30
- readinessProbe:
- # httpGet:
- # path: /
- # port: http
- restartPolicy: Always
- securityContext:
- # ubuntu
- #runAsUser: 1000
- #allowPrivilegeEscalation: false
- volumes:
- - name: config-volume
- configMap:
- name: {{ include "common.configmapname.appmgr" . }}-appconfig
- - name: cert-volume
- configMap:
- name: {{ include "common.helmrepositorycert" . }}
- - name: secret-volume
- secret:
- secretName: {{ include "common.helmrepositorycred" . }}
- - name: helm-secret-volume
- emptyDir: {}
- - name: appmgr-bin-volume
- configMap:
- name: {{ include "common.configmapname.appmgr" . }}-bin
- defaultMode: 0755