{{- if .Values.lcm.enabled -}} ####################################################################################### # Copyright ETSI Contributors and Others. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. ####################################################################################### apiVersion: apps/v1 kind: Deployment metadata: name: lcm labels: {{- include "osm.labels" . | nindent 4 }} spec: replicas: {{ .Values.lcm.replicaCount | default .Values.global.replicaCount }} selector: matchLabels: app.kubernetes.io/component: lcm {{- include "osm.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.global.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: app.kubernetes.io/component: lcm {{- include "osm.selectorLabels" . | nindent 8 }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "osm.serviceAccountName" . }} securityContext: {{- toYaml .Values.global.podSecurityContext | nindent 8 }} initContainers: - name: kafka-ro-mongo-test image: alpine:latest command: ["sh", "-c", "until (nc -zvw1 kafka 9092 && nc -zvw1 ro 9090 && nc -zvw1 mongodb-k8s 27017); do sleep 3; done; exit 0"] containers: - name: lcm securityContext: # readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsNonRoot: true {{- toYaml .Values.global.securityContext | nindent 12 }} image: {{ include "osm.lcm.image" . }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} resources: limits: memory: 1024Mi requests: memory: 128Mi envFrom: - configMapRef: name: {{ include "osm.fullname" . }}-lcm-configmap {{- if not .Values.lcm.useOsmSecret }} - secretRef: name: {{ .Values.lcm.secretName | default "lcm-secret" }} {{- end }} {{- if or .Values.vca.enabled .Values.lcm.useOsmSecret }} env: {{- if .Values.vca.enabled }} - name: OSMLCM_VCA_HOST valueFrom: secretKeyRef: name: {{ include "osm.fullname" . }}-vca-secret key: OSM_VCA_HOST - name: OSMLCM_VCA_SECRET valueFrom: secretKeyRef: name: {{ include "osm.fullname" . }}-vca-secret key: OSM_VCA_SECRET - name: OSMLCM_VCA_PUBKEY valueFrom: secretKeyRef: name: {{ include "osm.fullname" . }}-vca-secret key: OSM_VCA_PUBKEY - name: OSMLCM_VCA_CACERT valueFrom: secretKeyRef: name: {{ include "osm.fullname" . }}-vca-secret key: OSM_VCA_CACERT {{- end }} {{- if .Values.lcm.useOsmSecret }} - name: OSMLCM_DATABASE_COMMONKEY valueFrom: secretKeyRef: name: {{ include "osm.fullname" . }}-secret key: OSM_DATABASE_COMMONKEY {{- end }} {{- end }} volumeMounts: - mountPath: /etc/ssl/certs/osm-ca.crt name: osm-ca readOnly: true subPath: osm-ca.crt - mountPath: /etc/ssl/lcm-client/ name: lcm-client-cert readOnly: true volumes: - name: osm-ca secret: defaultMode: 420 items: - key: tls.crt path: osm-ca.crt secretName: osm-ca - name: lcm-client-cert secret: defaultMode: 420 secretName: lcm-client-cert {{- with .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}