installers/helm/osm/templates/lcm/lcm-deployment.yaml

   1 {{- if .Values.lcm.enabled -}}
   2 #######################################################################################
   3 # Copyright ETSI Contributors and Others.
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #    http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  14 # implied.
  15 # See the License for the specific language governing permissions and
  16 # limitations under the License.
  17 #######################################################################################
  18 apiVersion: apps/v1
  19 kind: Deployment
  20 metadata:
  21   name: lcm
  22   labels:
  23     {{- include "osm.labels" . | nindent 4 }}
  24 spec:
  25   replicas: {{ .Values.lcm.replicaCount | default .Values.global.replicaCount }}
  26   selector:
  27     matchLabels:
  28       app.kubernetes.io/component: lcm
  29       {{- include "osm.selectorLabels" . | nindent 6 }}
  30   template:
  31     metadata:
  32       {{- with .Values.global.podAnnotations }}
  33       annotations:
  34         {{- toYaml . | nindent 8 }}
  35       {{- end }}
  36       labels:
  37         app.kubernetes.io/component: lcm
  38         {{- include "osm.selectorLabels" . | nindent 8 }}
  39     spec:
  40       {{- with .Values.global.imagePullSecrets }}
  41       imagePullSecrets:
  42         {{- toYaml . | nindent 8 }}
  43       {{- end }}
  44       serviceAccountName: {{ include "osm.serviceAccountName" . }}
  45       securityContext:
  46         {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
  47       initContainers:
  48         - name: kafka-ro-mongo-test
  49           image: alpine:latest
  50           command: ["sh", "-c", "until (nc -zvw1 kafka 9092 && nc -zvw1 ro 9090 && nc -zvw1 mongodb-k8s 27017); do sleep 3; done; exit 0"]
  51       containers:
  52         - name: lcm
  53           securityContext:
  54             # readOnlyRootFilesystem: true
  55             allowPrivilegeEscalation: false
  56             runAsNonRoot: true
  57             {{- toYaml .Values.global.securityContext | nindent 12 }}
  58           image: {{ include "osm.lcm.image" . }}
  59           imagePullPolicy: {{ .Values.global.image.pullPolicy }}
  60           resources:
  61             limits:
  62               memory: 1024Mi
  63             requests:
  64               memory: 128Mi
  65           envFrom:
  66             - configMapRef:
  67                 name: {{ include "osm.fullname" . }}-lcm-configmap
  68           {{- if not .Values.lcm.useOsmSecret }}
  69             - secretRef:
  70                 name: {{ .Values.lcm.secretName | default "lcm-secret" }}
  71           {{- end }}
  72           env:
  73             - name: OSMLCM_VCA_HOST
  74               valueFrom:
  75                 secretKeyRef:
  76                   name: {{ include "osm.fullname" . }}-vca-secret
  77                   key: OSM_VCA_HOST
  78             - name: OSMLCM_VCA_SECRET
  79               valueFrom:
  80                 secretKeyRef:
  81                   name: {{ include "osm.fullname" . }}-vca-secret
  82                   key: OSM_VCA_SECRET
  83             - name: OSMLCM_VCA_PUBKEY
  84               valueFrom:
  85                 secretKeyRef:
  86                   name: {{ include "osm.fullname" . }}-vca-secret
  87                   key: OSM_VCA_PUBKEY
  88             - name: OSMLCM_VCA_CACERT
  89               valueFrom:
  90                 secretKeyRef:
  91                   name: {{ include "osm.fullname" . }}-vca-secret
  92                   key: OSM_VCA_CACERT
  93           {{- if .Values.lcm.useOsmSecret }}
  94             - name: OSMLCM_DATABASE_COMMONKEY
  95               valueFrom:
  96                 secretKeyRef:
  97                   name: {{ include "osm.fullname" . }}-secret
  98                   key: OSM_DATABASE_COMMONKEY
  99           {{- end }}
 100           volumeMounts:
 101             - mountPath: /etc/ssl/certs/osm-ca.crt
 102               name: osm-ca
 103               readOnly: true
 104               subPath: osm-ca.crt
 105       volumes:
 106         - name: osm-ca
 107           secret:
 108             defaultMode: 420
 109             items:
 110               - key: tls.crt
 111                 path: osm-ca.crt
 112             secretName: osm-ca
 113       {{- with .Values.global.nodeSelector }}
 114       nodeSelector:
 115         {{- toYaml . | nindent 8 }}
 116       {{- end }}
 117       {{- with .Values.global.affinity }}
 118       affinity:
 119         {{- toYaml . | nindent 8 }}
 120       {{- end }}
 121       {{- with .Values.global.tolerations }}
 122       tolerations:
 123         {{- toYaml . | nindent 8 }}
 124       {{- end }}
 125 {{- end }}