github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/weblogic-operator/templates/_operator-dep.tpl (about) 1 # Copyright (c) 2018, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 {{- define "operator.operatorDeployment" }} 5 --- 6 {{- if not .webhookOnly }} 7 apiVersion: "apps/v1" 8 kind: "Deployment" 9 metadata: 10 name: "weblogic-operator" 11 namespace: {{ .Release.Namespace | quote }} 12 labels: 13 weblogic.operatorName: {{ .Release.Namespace | quote }} 14 spec: 15 strategy: 16 type: Recreate 17 selector: 18 matchLabels: 19 weblogic.operatorName: {{ .Release.Namespace | quote }} 20 replicas: 1 21 template: 22 metadata: 23 annotations: 24 prometheus.io/port: '8083' 25 prometheus.io/scrape: 'true' 26 {{- range $key, $value := .annotations }} 27 {{ $key }}: {{ $value | quote }} 28 {{- end }} 29 labels: 30 weblogic.operatorName: {{ .Release.Namespace | quote }} 31 app: "weblogic-operator" 32 {{- range $key, $value := .labels }} 33 {{ $key }}: {{ $value | quote }} 34 {{- end }} 35 spec: 36 serviceAccountName: {{ .serviceAccount | quote }} 37 {{- if (ne ( .kubernetesPlatform | default "Generic" ) "OpenShift") }} 38 securityContext: 39 seccompProfile: 40 type: RuntimeDefault 41 {{- end }} 42 {{- with .nodeSelector }} 43 nodeSelector: 44 {{- toYaml . | nindent 8 }} 45 {{- end }} 46 {{- with .affinity }} 47 affinity: 48 {{- toYaml . | nindent 8 }} 49 {{- end }} 50 {{- with .tolerations }} 51 tolerations: 52 {{- toYaml . | nindent 8 }} 53 {{- end }} 54 containers: 55 - name: "weblogic-operator" 56 image: {{ .image | quote }} 57 imagePullPolicy: {{ .imagePullPolicy | quote }} 58 command: ["/deployment/operator.sh"] 59 lifecycle: 60 preStop: 61 exec: 62 command: ["/deployment/stop.sh"] 63 env: 64 - name: "OPERATOR_NAMESPACE" 65 valueFrom: 66 fieldRef: 67 fieldPath: "metadata.namespace" 68 - name: "OPERATOR_POD_NAME" 69 valueFrom: 70 fieldRef: 71 fieldPath: "metadata.name" 72 - name: "OPERATOR_POD_UID" 73 valueFrom: 74 fieldRef: 75 fieldPath: "metadata.uid" 76 - name: "OPERATOR_VERBOSE" 77 value: "false" 78 {{- if .kubernetesPlatform }} 79 - name: "KUBERNETES_PLATFORM" 80 value: {{ .kubernetesPlatform | quote }} 81 {{- end }} 82 {{- if and (hasKey . "enableRest") .enableRest }} 83 - name: "ENABLE_REST_ENDPOINT" 84 value: "true" 85 {{- end }} 86 - name: "JAVA_LOGGING_LEVEL" 87 value: {{ .javaLoggingLevel | quote }} 88 - name: "JAVA_LOGGING_MAXSIZE" 89 value: {{ int64 .javaLoggingFileSizeLimit | default 20000000 | quote }} 90 - name: "JAVA_LOGGING_COUNT" 91 value: {{ .javaLoggingFileCount | default 10 | quote }} 92 - name: "JVM_OPTIONS" 93 value: {{ .jvmOptions | default "-XshowSettings:vm -XX:MaxRAMPercentage=70" | quote }} 94 {{- if .remoteDebugNodePortEnabled }} 95 - name: "REMOTE_DEBUG_PORT" 96 value: {{ .internalDebugHttpPort | quote }} 97 - name: "DEBUG_SUSPEND" 98 {{- if .suspendOnDebugStartup }} 99 value: "y" 100 {{- else }} 101 value: "n" 102 {{- end }} 103 {{- end }} 104 {{- if .mockWLS }} 105 - name: "MOCK_WLS" 106 value: "true" 107 {{- end }} 108 resources: 109 requests: 110 cpu: {{ .cpuRequests | default "250m" }} 111 memory: {{ .memoryRequests | default "512Mi" }} 112 limits: 113 {{- if .cpuLimits}} 114 cpu: {{ .cpuLimits }} 115 {{- end }} 116 {{- if .memoryLimits}} 117 memory: {{ .memoryLimits }} 118 {{- end }} 119 securityContext: 120 {{- if (ne ( .kubernetesPlatform | default "Generic" ) "OpenShift") }} 121 runAsUser: {{ .runAsUser | default 1000 }} 122 {{- end }} 123 runAsNonRoot: true 124 privileged: false 125 allowPrivilegeEscalation: false 126 capabilities: 127 drop: ["ALL"] 128 volumeMounts: 129 - name: "weblogic-operator-cm-volume" 130 mountPath: "/deployment/config" 131 - name: "weblogic-operator-debug-cm-volume" 132 mountPath: "/deployment/debug-config" 133 - name: "weblogic-operator-secrets-volume" 134 mountPath: "/deployment/secrets" 135 readOnly: true 136 {{- if .elkIntegrationEnabled }} 137 - mountPath: "/logs" 138 name: "log-dir" 139 readOnly: false 140 {{- end }} 141 {{- if not .remoteDebugNodePortEnabled }} 142 livenessProbe: 143 exec: 144 command: ["/probes/livenessProbe.sh"] 145 initialDelaySeconds: 40 146 periodSeconds: 10 147 failureThreshold: 5 148 readinessProbe: 149 exec: 150 command: ["/probes/readinessProbe.sh"] 151 initialDelaySeconds: 2 152 periodSeconds: 10 153 {{- end }} 154 {{- if .elkIntegrationEnabled }} 155 - name: "logstash" 156 image: {{ .logStashImage | quote }} 157 volumeMounts: 158 - name: "log-dir" 159 mountPath: "/logs" 160 - name: "logstash-pipeline-volume" 161 mountPath: "/usr/share/logstash/pipeline" 162 - name: "logstash-config-volume" 163 mountPath: "/usr/share/logstash/config/logstash.yml" 164 subPath: "logstash.yml" 165 - name: "logstash-certs-secret-volume" 166 mountPath: "/usr/share/logstash/config/certs" 167 env: 168 - name: "ELASTICSEARCH_HOST" 169 value: {{ .elasticSearchHost | quote }} 170 - name: "ELASTICSEARCH_PORT" 171 value: {{ .elasticSearchPort | quote }} 172 - name: "ELASTICSEARCH_PROTOCOL" 173 value: {{ .elasticSearchProtocol | quote }} 174 {{- end }} 175 {{- if .imagePullSecrets }} 176 imagePullSecrets: 177 {{ .imagePullSecrets | toYaml }} 178 {{- end }} 179 volumes: 180 - name: "weblogic-operator-cm-volume" 181 configMap: 182 name: "weblogic-operator-cm" 183 - name: "weblogic-operator-debug-cm-volume" 184 configMap: 185 name: "weblogic-operator-debug-cm" 186 optional: true 187 - name: "weblogic-operator-secrets-volume" 188 secret: 189 secretName: "weblogic-operator-secrets" 190 {{- if .elkIntegrationEnabled }} 191 - name: "log-dir" 192 emptyDir: 193 medium: "Memory" 194 - name: "logstash-pipeline-volume" 195 configMap: 196 name: "weblogic-operator-logstash-cm" 197 items: 198 - key: logstash.conf 199 path: logstash.conf 200 - name: "logstash-config-volume" 201 configMap: 202 name: "weblogic-operator-logstash-cm" 203 items: 204 - key: logstash.yml 205 path: logstash.yml 206 - name: "logstash-certs-secret-volume" 207 secret: 208 secretName: "logstash-certs-secret" 209 optional: true 210 {{- end }} 211 {{- end }} 212 --- 213 {{ $chartVersion := .Chart.Version }} 214 {{ $releaseNamespace := .Release.Namespace }} 215 {{ $webhookExists := include "utils.verifyExistingWebhookDeployment" (list $chartVersion $releaseNamespace) | trim }} 216 {{- if and (ne $webhookExists "true") (not .operatorOnly) }} 217 # webhook does not exist or chart version is newer, create a new webhook 218 apiVersion: "v1" 219 kind: "ConfigMap" 220 metadata: 221 labels: 222 weblogic.webhookName: {{ .Release.Namespace | quote }} 223 name: "weblogic-webhook-cm" 224 namespace: {{ .Release.Namespace | quote }} 225 data: 226 serviceaccount: {{ .serviceAccount | quote }} 227 {{- if .featureGates }} 228 featureGates: {{ .featureGates | quote }} 229 {{- end }} 230 {{- if .domainNamespaceSelectionStrategy }} 231 domainNamespaceSelectionStrategy: {{ .domainNamespaceSelectionStrategy | quote }} 232 {{- end }} 233 --- 234 # webhook does not exist or chart version is newer, create a new webhook 235 apiVersion: "apps/v1" 236 kind: "Deployment" 237 metadata: 238 name: "weblogic-operator-webhook" 239 namespace: {{ .Release.Namespace | quote }} 240 labels: 241 weblogic.webhookName: {{ .Release.Namespace | quote }} 242 weblogic.webhookVersion: {{ .Chart.Version }} 243 {{- if and (.preserveWebhook) (not .webhookOnly) }} 244 annotations: 245 "helm.sh/hook": pre-install 246 "helm.sh/resource-policy": keep 247 "helm.sh/hook-delete-policy": "before-hook-creation" 248 {{- end }} 249 spec: 250 strategy: 251 type: Recreate 252 selector: 253 matchLabels: 254 weblogic.webhookName: {{ .Release.Namespace | quote }} 255 replicas: 1 256 template: 257 metadata: 258 annotations: 259 prometheus.io/port: '8083' 260 prometheus.io/scrape: 'true' 261 sidecar.istio.io/inject: 'false' 262 {{- range $key, $value := .annotations }} 263 {{- if ne $key "sidecar.istio.io/inject" }} 264 {{ $key }}: {{ $value | quote }} 265 {{- end }} 266 {{- end }} 267 labels: 268 weblogic.webhookName: {{ .Release.Namespace | quote }} 269 app: "weblogic-operator-webhook" 270 {{- range $key, $value := .labels }} 271 {{ $key }}: {{ $value | quote }} 272 {{- end }} 273 spec: 274 serviceAccountName: {{ .serviceAccount | quote }} 275 {{- if (ne ( .kubernetesPlatform | default "Generic" ) "OpenShift") }} 276 securityContext: 277 seccompProfile: 278 type: RuntimeDefault 279 {{- end }} 280 {{- with .nodeSelector }} 281 nodeSelector: 282 {{- toYaml . | nindent 12 }} 283 {{- end }} 284 {{- with .affinity }} 285 affinity: 286 {{- toYaml . | nindent 12 }} 287 {{- end }} 288 containers: 289 - name: "weblogic-operator-webhook" 290 image: {{ .image | quote }} 291 imagePullPolicy: {{ .imagePullPolicy | quote }} 292 command: ["/deployment/webhook.sh"] 293 lifecycle: 294 preStop: 295 exec: 296 command: ["/deployment/stop.sh"] 297 env: 298 - name: "WEBHOOK_NAMESPACE" 299 valueFrom: 300 fieldRef: 301 fieldPath: "metadata.namespace" 302 - name: "WEBHOOK_POD_NAME" 303 valueFrom: 304 fieldRef: 305 fieldPath: "metadata.name" 306 - name: "WEBHOOK_POD_UID" 307 valueFrom: 308 fieldRef: 309 fieldPath: "metadata.uid" 310 - name: "JAVA_LOGGING_LEVEL" 311 value: {{ .javaLoggingLevel | quote }} 312 - name: "JAVA_LOGGING_MAXSIZE" 313 value: {{ int64 .javaLoggingFileSizeLimit | default 20000000 | quote }} 314 - name: "JAVA_LOGGING_COUNT" 315 value: {{ .javaLoggingFileCount | default 10 | quote }} 316 {{- if .remoteDebugNodePortEnabled }} 317 - name: "REMOTE_DEBUG_PORT" 318 value: {{ .webhookDebugHttpPort | quote }} 319 - name: "DEBUG_SUSPEND" 320 {{- if .suspendOnDebugStartup }} 321 value: "y" 322 {{- else }} 323 value: "n" 324 {{- end }} 325 {{- end }} 326 resources: 327 requests: 328 cpu: {{ .cpuRequests | default "100m" }} 329 memory: {{ .memoryRequests | default "100Mi" }} 330 limits: 331 {{- if .cpuLimits}} 332 cpu: {{ .cpuLimits }} 333 {{- end }} 334 {{- if .memoryLimits}} 335 memory: {{ .memoryLimits }} 336 {{- end }} 337 securityContext: 338 {{- if (ne ( .kubernetesPlatform | default "Generic" ) "OpenShift") }} 339 runAsUser: {{ .runAsUser | default 1000 }} 340 {{- end }} 341 runAsNonRoot: true 342 privileged: false 343 allowPrivilegeEscalation: false 344 capabilities: 345 drop: ["ALL"] 346 volumeMounts: 347 - name: "weblogic-webhook-cm-volume" 348 mountPath: "/deployment/config" 349 - name: "weblogic-webhook-secrets-volume" 350 mountPath: "/deployment/secrets" 351 readOnly: true 352 {{- if .elkIntegrationEnabled }} 353 - mountPath: "/logs" 354 name: "log-dir" 355 readOnly: false 356 {{- end }} 357 {{- if not .remoteDebugNodePortEnabled }} 358 livenessProbe: 359 exec: 360 command: ["/probes/livenessProbe.sh"] 361 initialDelaySeconds: 40 362 periodSeconds: 5 363 readinessProbe: 364 exec: 365 command: ["/probes/readinessProbe.sh"] 366 initialDelaySeconds: 2 367 periodSeconds: 10 368 {{- end }} 369 {{- if .elkIntegrationEnabled }} 370 - name: "logstash" 371 image: {{ .logStashImage | quote }} 372 volumeMounts: 373 - name: "log-dir" 374 mountPath: "/logs" 375 - name: "logstash-pipeline-volume" 376 mountPath: "/usr/share/logstash/pipeline" 377 - name: "logstash-config-volume" 378 mountPath: "/usr/share/logstash/config/logstash.yml" 379 subPath: "logstash.yml" 380 - name: "logstash-certs-secret-volume" 381 mountPath: "/usr/share/logstash/config/certs" 382 env: 383 - name: "ELASTICSEARCH_HOST" 384 value: {{ .elasticSearchHost | quote }} 385 - name: "ELASTICSEARCH_PORT" 386 value: {{ .elasticSearchPort | quote }} 387 - name: "ELASTICSEARCH_PROTOCOL" 388 value: {{ .elasticSearchProtocol | quote }} 389 {{- end }} 390 {{- if .imagePullSecrets }} 391 imagePullSecrets: 392 {{ .imagePullSecrets | toYaml }} 393 {{- end }} 394 volumes: 395 - name: "weblogic-webhook-cm-volume" 396 configMap: 397 name: "weblogic-webhook-cm" 398 - name: "weblogic-webhook-secrets-volume" 399 secret: 400 secretName: "weblogic-webhook-secrets" 401 {{- if .elkIntegrationEnabled }} 402 - name: "log-dir" 403 emptyDir: 404 medium: "Memory" 405 - name: "logstash-pipeline-volume" 406 configMap: 407 name: "weblogic-operator-logstash-cm" 408 items: 409 - key: logstash.conf 410 path: logstash.conf 411 - name: "logstash-config-volume" 412 configMap: 413 name: "weblogic-operator-logstash-cm" 414 items: 415 - key: logstash.yml 416 path: logstash.yml 417 - name: "logstash-certs-secret-volume" 418 secret: 419 secretName: "logstash-certs-secret" 420 optional: true 421 {{- end }} 422 {{- end }} 423 {{- end }}