blob: 50d74e9d1e1ad29f3c21792dfc8074f1db19409a [file] [log] [blame]
# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
#
# SPDX-License-Identifier: Apache-2.0
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "aether-roc-api.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "aether-roc-api.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
name: {{ template "aether-roc-api.fullname" . }}
app: aether
type: api
resource: {{ template "aether-roc-api.fullname" . }}
{{- include "aether-roc-api.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
name: {{ template "aether-roc-api.fullname" . }}
app: aether
type: api
resource: {{ template "aether-roc-api.fullname" . }}
{{- include "aether-roc-api.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: aether-roc-api
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OIDC_SERVER_URL
value: {{ .Values.openidc.issuer }}
args:
- "-gnmiEndpoint={{ .Values.gnmiEndpoint }}"
# TODO add support for certificates
- "-gnmiTimeout={{ .Values.gnmiTimeout }}"
- "-port={{ .Values.port }}"
- "-logLevel={{ .Values.logging.loggers.root.level }}"
- "-analyticsEndpoint={{ .Values.analyticsEndpoint }}"
{{- range $key, $corsorigin := .Values.corsOrigins }}
- {{ printf "-allowCorsOrigin=%s" $corsorigin }}
{{end}}
ports:
- name: http
containerPort: 8181
startupProbe:
tcpSocket:
port: 8181
periodSeconds: 5
failureThreshold: 60
readinessProbe:
tcpSocket:
port: 8181
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 8181
initialDelaySeconds: 10
periodSeconds: 10
volumeMounts:
- name: secret
mountPath: /etc/aether-roc-api/certs
readOnly: true
- name: config
mountPath: /etc/onos/config
readOnly: true
resources:
{{- toYaml .Values.resources | nindent 12 }}
# Enable ptrace for debugging
securityContext:
{{- if .Values.debug }}
capabilities:
add:
- SYS_PTRACE
{{- end }}
volumes:
- name: secret
secret:
secretName: {{ template "aether-roc-api.fullname" . }}-secret
- name: config
configMap:
name: {{ template "aether-roc-api.fullname" . }}-config
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}