blob: 5774344fd3d67bb9be407cf4e1d3ceca7020a72a [file] [log] [blame]
Grzegorz-Lis4fad3022020-07-31 10:18:21 +02001apiVersion: apps/v1
Chenfei Gao9292e882019-02-27 22:14:45 -05002kind: Deployment
3metadata:
4 name: {{ include "common.fullname" . }}
5 namespace: {{ include "common.namespace" . }}
6 labels:
7 app: {{ include "common.name" . }}
8 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +01009 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050010 heritage: {{ .Release.Service }}
11spec:
Grzegorz-Lis4fad3022020-07-31 10:18:21 +020012 selector:
13 matchLabels:
14 app: {{ include "common.name" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050015 replicas: {{ .Values.replicaCount }}
16 template:
17 metadata:
18 labels:
19 app: {{ include "common.name" . }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +010020 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050021 spec:
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040022 initContainers:
23 - command:
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +020024 - /app/ready.py
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040025 args:
jhhd4258672020-08-09 12:08:08 -050026 - --job-name
27 - {{ include "common.release" . }}-policy-galera-config
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040028 env:
29 - name: NAMESPACE
30 valueFrom:
31 fieldRef:
32 apiVersion: v1
33 fieldPath: metadata.namespace
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +020034 image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040035 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
36 name: {{ include "common.name" . }}-readiness
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020037 - command:
38 - sh
39 args:
40 - -c
41 - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
42 env:
43 - name: SQL_USER
Dominik Mizyn11038102020-04-14 17:14:42 +020044 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020045 - name: SQL_PASSWORD
Dominik Mizyn11038102020-04-14 17:14:42 +020046 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
47 - name: RESTSERVER_USER
48 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
49 - name: RESTSERVER_PASSWORD
50 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020051 volumeMounts:
52 - mountPath: /config-input
53 name: apiconfig
54 - mountPath: /config
55 name: apiconfig-processed
56 image: "{{ .Values.global.envsubstImage }}"
57 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
58 name: {{ include "common.name" . }}-update-config
jhhd4258672020-08-09 12:08:08 -050059{{ include "common.certInitializer.initContainer" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -050060 containers:
61 - name: {{ include "common.name" . }}
62 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
63 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
jhhd4258672020-08-09 12:08:08 -050064{{- if .Values.global.aafEnabled }}
65 command: ["bash","-c"]
66 args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
jhhd4258672020-08-09 12:08:08 -050067 /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
68{{- else }}
Chenfei Gao9292e882019-02-27 22:14:45 -050069 command: ["/opt/app/policy/api/bin/policy-api.sh"]
70 args: ["/opt/app/policy/api/etc/mounted/config.json"]
jhhd4258672020-08-09 12:08:08 -050071 env:
72 - name: KEYSTORE_PASSWD
73 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
74 - name: TRUSTSTORE_PASSWD
75 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
76{{- end }}
Chenfei Gao9292e882019-02-27 22:14:45 -050077 ports:
78 - containerPort: {{ .Values.service.internalPort }}
79 # disable liveness probe when breakpoints set in debugger
80 # so K8s doesn't restart unresponsive container
81 {{- if eq .Values.liveness.enabled true }}
82 livenessProbe:
83 tcpSocket:
84 port: {{ .Values.service.internalPort }}
85 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
86 periodSeconds: {{ .Values.liveness.periodSeconds }}
87 {{ end -}}
88 readinessProbe:
89 tcpSocket:
90 port: {{ .Values.service.internalPort }}
91 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
92 periodSeconds: {{ .Values.readiness.periodSeconds }}
93 volumeMounts:
jhhd4258672020-08-09 12:08:08 -050094{{ include "common.certInitializer.volumeMount" . | indent 10 }}
Chenfei Gao9292e882019-02-27 22:14:45 -050095 - mountPath: /etc/localtime
96 name: localtime
97 readOnly: true
98 - mountPath: /opt/app/policy/api/etc/mounted
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020099 name: apiconfig-processed
Chenfei Gao9292e882019-02-27 22:14:45 -0500100 resources:
jhhd4258672020-08-09 12:08:08 -0500101{{ include "common.resources" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500102 {{- if .Values.nodeSelector }}
103 nodeSelector:
104{{ toYaml .Values.nodeSelector | indent 10 }}
105 {{- end -}}
106 {{- if .Values.affinity }}
107 affinity:
108{{ toYaml .Values.affinity | indent 10 }}
109 {{- end }}
110 volumes:
jhhd4258672020-08-09 12:08:08 -0500111{{ include "common.certInitializer.volumes" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500112 - name: localtime
113 hostPath:
114 path: /etc/localtime
115 - name: apiconfig
116 configMap:
117 name: {{ include "common.fullname" . }}-configmap
118 defaultMode: 0755
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +0200119 - name: apiconfig-processed
120 emptyDir:
121 medium: Memory
Chenfei Gao9292e882019-02-27 22:14:45 -0500122 imagePullSecrets:
123 - name: "{{ include "common.namespace" . }}-docker-registry-key"