--- /dev/null
+{{- if .Values.lcm.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lcm
+ labels:
+ {{- include "osm.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.lcm.replicaCount | default .Values.global.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: lcm
+ {{- include "osm.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.global.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ app.kubernetes.io/component: lcm
+ {{- include "osm.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "osm.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: kafka-ro-mongo-test
+ image: alpine:latest
+ command: ["sh", "-c", "until (nc -zvw1 kafka 9092 && nc -zvw1 ro 9090 && nc -zvw1 mongodb-k8s 27017); do sleep 3; done; exit 0"]
+ containers:
+ - name: lcm
+ securityContext:
+ # readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ {{- toYaml .Values.global.securityContext | nindent 12 }}
+ image: {{ include "osm.lcm.image" . }}
+ imagePullPolicy: {{ .Values.global.image.pullPolicy }}
+ resources:
+ limits:
+ memory: 1024Mi
+ requests:
+ memory: 128Mi
+ envFrom:
+ - configMapRef:
+ name: {{ include "osm.fullname" . }}-lcm-configmap
+ {{- if not .Values.lcm.useOsmSecret }}
+ - secretRef:
+ name: {{ .Values.lcm.secretName | default "lcm-secret" }}
+ {{- end }}
+ env:
+ - name: OSMLCM_VCA_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "osm.fullname" . }}-vca-secret
+ key: OSM_VCA_HOST
+ - name: OSMLCM_VCA_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "osm.fullname" . }}-vca-secret
+ key: OSM_VCA_SECRET
+ - name: OSMLCM_VCA_PUBKEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "osm.fullname" . }}-vca-secret
+ key: OSM_VCA_PUBKEY
+ - name: OSMLCM_VCA_CACERT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "osm.fullname" . }}-vca-secret
+ key: OSM_VCA_CACERT
+ {{- if .Values.lcm.useOsmSecret }}
+ - name: OSMLCM_DATABASE_COMMONKEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "osm.fullname" . }}-secret
+ key: OSM_DATABASE_COMMONKEY
+ {{- end }}
+ volumeMounts:
+ - mountPath: /etc/ssl/certs/osm-ca.crt
+ name: osm-ca
+ readOnly: true
+ subPath: osm-ca.crt
+ volumes:
+ - name: osm-ca
+ secret:
+ defaultMode: 420
+ items:
+ - key: tls.crt
+ path: osm-ca.crt
+ secretName: osm-ca
+ {{- with .Values.global.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.global.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.global.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
\ No newline at end of file