installers/helm/osm/templates/lcm/lcm-deployment.yaml

   1 {{- if .Values.lcm.enabled -}}
   2 #######################################################################################
   3 # Copyright ETSI Contributors and Others.
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #    http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  14 # implied.
  15 # See the License for the specific language governing permissions and
  16 # limitations under the License.
  17 #######################################################################################
  18 apiVersion: apps/v1
  19 kind: Deployment
  20 metadata:
  21   name: lcm
  22   labels:
  23     {{- include "osm.labels" . | nindent 4 }}
  24 spec:
  25   replicas: {{ .Values.lcm.replicaCount | default .Values.global.replicaCount }}
  26   selector:
  27     matchLabels:
  28       app.kubernetes.io/component: lcm
  29       {{- include "osm.selectorLabels" . | nindent 6 }}
  30   template:
  31     metadata:
  32       {{- with .Values.global.podAnnotations }}
  33       annotations:
  34         {{- toYaml . | nindent 8 }}
  35       {{- end }}
  36       labels:
  37         app.kubernetes.io/component: lcm
  38         {{- include "osm.selectorLabels" . | nindent 8 }}
  39     spec:
  40       {{- with .Values.global.imagePullSecrets }}
  41       imagePullSecrets:
  42         {{- toYaml . | nindent 8 }}
  43       {{- end }}
  44       serviceAccountName: {{ include "osm.serviceAccountName" . }}
  45       securityContext:
  46         {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
  47       initContainers:
  48         - name: kafka-ro-mongo-test
  49           image: alpine:latest
  50           command: ["sh", "-c", "until (nc -zvw1 kafka 9092 && nc -zvw1 ro 9090 && nc -zvw1 mongodb-k8s 27017); do sleep 3; done; exit 0"]
  51       containers:
  52         - name: lcm
  53           securityContext:
  54             # readOnlyRootFilesystem: true
  55             allowPrivilegeEscalation: false
  56             runAsNonRoot: true
  57             {{- toYaml .Values.global.securityContext | nindent 12 }}
  58           image: {{ include "osm.lcm.image" . }}
  59           imagePullPolicy: {{ .Values.global.image.pullPolicy }}
  60           resources:
  61             limits:
  62               memory: 1024Mi
  63             requests:
  64               memory: 128Mi
  65           envFrom:
  66             - configMapRef:
  67                 name: {{ include "osm.fullname" . }}-lcm-configmap
  68             {{- if not .Values.lcm.useOsmSecret }}
  69             - secretRef:
  70                 name: {{ .Values.lcm.secretName | default "lcm-secret" }}
  71             {{- end }}
  72           {{- if or .Values.vca.enabled .Values.lcm.useOsmSecret }}
  73           env:
  74             {{- if .Values.vca.enabled }}
  75             - name: OSMLCM_VCA_HOST
  76               valueFrom:
  77                 secretKeyRef:
  78                   name: {{ include "osm.fullname" . }}-vca-secret
  79                   key: OSM_VCA_HOST
  80             - name: OSMLCM_VCA_SECRET
  81               valueFrom:
  82                 secretKeyRef:
  83                   name: {{ include "osm.fullname" . }}-vca-secret
  84                   key: OSM_VCA_SECRET
  85             - name: OSMLCM_VCA_PUBKEY
  86               valueFrom:
  87                 secretKeyRef:
  88                   name: {{ include "osm.fullname" . }}-vca-secret
  89                   key: OSM_VCA_PUBKEY
  90             - name: OSMLCM_VCA_CACERT
  91               valueFrom:
  92                 secretKeyRef:
  93                   name: {{ include "osm.fullname" . }}-vca-secret
  94                   key: OSM_VCA_CACERT
  95             {{- end }}
  96             {{- if .Values.lcm.useOsmSecret }}
  97             - name: OSMLCM_DATABASE_COMMONKEY
  98               valueFrom:
  99                 secretKeyRef:
 100                   name: {{ include "osm.fullname" . }}-secret
 101                   key: OSM_DATABASE_COMMONKEY
 102             {{- end }}
 103           {{- end }}
 104           volumeMounts:
 105             - mountPath: /etc/ssl/certs/osm-ca.crt
 106               name: osm-ca
 107               readOnly: true
 108               subPath: osm-ca.crt
 109             - mountPath: /etc/ssl/lcm-client/
 110               name: lcm-client-cert
 111               readOnly: true
 112       volumes:
 113         - name: osm-ca
 114           secret:
 115             defaultMode: 420
 116             items:
 117               - key: tls.crt
 118                 path: osm-ca.crt
 119             secretName: osm-ca
 120         - name: lcm-client-cert
 121           secret:
 122             defaultMode: 420
 123             secretName: lcm-client-cert
 124       {{- with .Values.global.nodeSelector }}
 125       nodeSelector:
 126         {{- toYaml . | nindent 8 }}
 127       {{- end }}
 128       {{- with .Values.global.affinity }}
 129       affinity:
 130         {{- toYaml . | nindent 8 }}
 131       {{- end }}
 132       {{- with .Values.global.tolerations }}
 133       tolerations:
 134         {{- toYaml . | nindent 8 }}
 135       {{- end }}
 136 {{- end }}