blob: c4946a8263379d84d32d9340a06ffe705f9f3aad [file] [log] [blame]
Grzegorz-Lis4fad3022020-07-31 10:18:21 +02001apiVersion: apps/v1
Chenfei Gao9292e882019-02-27 22:14:45 -05002kind: Deployment
3metadata:
4 name: {{ include "common.fullname" . }}
5 namespace: {{ include "common.namespace" . }}
6 labels:
7 app: {{ include "common.name" . }}
8 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +01009 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050010 heritage: {{ .Release.Service }}
11spec:
Grzegorz-Lis4fad3022020-07-31 10:18:21 +020012 selector:
13 matchLabels:
14 app: {{ include "common.name" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050015 replicas: {{ .Values.replicaCount }}
16 template:
17 metadata:
18 labels:
19 app: {{ include "common.name" . }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +010020 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050021 spec:
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040022 initContainers:
23 - command:
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +020024 - /app/ready.py
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040025 args:
jhhd4258672020-08-09 12:08:08 -050026 - --job-name
27 - {{ include "common.release" . }}-policy-galera-config
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040028 env:
29 - name: NAMESPACE
30 valueFrom:
31 fieldRef:
32 apiVersion: v1
33 fieldPath: metadata.namespace
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010034 image: {{ include "repositoryGenerator.image.readiness" . }}
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040035 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
36 name: {{ include "common.name" . }}-readiness
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020037 - command:
38 - sh
39 args:
40 - -c
Taka Choebd62952020-10-08 13:50:09 -040041 - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020042 env:
43 - name: SQL_USER
Dominik Mizyn11038102020-04-14 17:14:42 +020044 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020045 - name: SQL_PASSWORD
Dominik Mizyn11038102020-04-14 17:14:42 +020046 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
47 - name: RESTSERVER_USER
48 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
49 - name: RESTSERVER_PASSWORD
50 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020051 volumeMounts:
52 - mountPath: /config-input
53 name: apiconfig
54 - mountPath: /config
55 name: apiconfig-processed
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010056 image: {{ include "repositoryGenerator.image.envsubst" . }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020057 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
58 name: {{ include "common.name" . }}-update-config
jhhd4258672020-08-09 12:08:08 -050059{{ include "common.certInitializer.initContainer" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -050060 containers:
61 - name: {{ include "common.name" . }}
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010062 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
Chenfei Gao9292e882019-02-27 22:14:45 -050063 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
jhhd4258672020-08-09 12:08:08 -050064{{- if .Values.global.aafEnabled }}
Taka Cho9658ce82020-12-10 14:34:18 -050065 command: ["sh","-c"]
jhhd4258672020-08-09 12:08:08 -050066 args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
a.sreekumar2f377362022-02-09 12:40:57 +000067 /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
jhhd4258672020-08-09 12:08:08 -050068{{- else }}
Chenfei Gao9292e882019-02-27 22:14:45 -050069 command: ["/opt/app/policy/api/bin/policy-api.sh"]
a.sreekumar2f377362022-02-09 12:40:57 +000070 args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
jhhd4258672020-08-09 12:08:08 -050071 env:
72 - name: KEYSTORE_PASSWD
73 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
74 - name: TRUSTSTORE_PASSWD
75 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
76{{- end }}
Chenfei Gao9292e882019-02-27 22:14:45 -050077 ports:
78 - containerPort: {{ .Values.service.internalPort }}
79 # disable liveness probe when breakpoints set in debugger
80 # so K8s doesn't restart unresponsive container
81 {{- if eq .Values.liveness.enabled true }}
82 livenessProbe:
83 tcpSocket:
84 port: {{ .Values.service.internalPort }}
85 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
86 periodSeconds: {{ .Values.liveness.periodSeconds }}
87 {{ end -}}
88 readinessProbe:
a.sreekumar2f377362022-02-09 12:40:57 +000089 httpGet:
90 path: {{ .Values.readiness.api }}
Chenfei Gao9292e882019-02-27 22:14:45 -050091 port: {{ .Values.service.internalPort }}
a.sreekumar2f377362022-02-09 12:40:57 +000092 httpHeaders:
93 - name: Authorization
94 value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
amatthews736bf372021-12-14 16:04:15 +000095 scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
a.sreekumar2f377362022-02-09 12:40:57 +000096 successThreshold: {{ .Values.readiness.successThreshold }}
97 failureThreshold: {{ .Values.readiness.failureThreshold }}
Chenfei Gao9292e882019-02-27 22:14:45 -050098 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
99 periodSeconds: {{ .Values.readiness.periodSeconds }}
a.sreekumar2f377362022-02-09 12:40:57 +0000100 timeoutSeconds: {{ .Values.readiness.timeout }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500101 volumeMounts:
jhhd4258672020-08-09 12:08:08 -0500102{{ include "common.certInitializer.volumeMount" . | indent 10 }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500103 - mountPath: /etc/localtime
104 name: localtime
105 readOnly: true
106 - mountPath: /opt/app/policy/api/etc/mounted
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +0200107 name: apiconfig-processed
Chenfei Gao9292e882019-02-27 22:14:45 -0500108 resources:
jhhd4258672020-08-09 12:08:08 -0500109{{ include "common.resources" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500110 {{- if .Values.nodeSelector }}
111 nodeSelector:
112{{ toYaml .Values.nodeSelector | indent 10 }}
113 {{- end -}}
114 {{- if .Values.affinity }}
115 affinity:
116{{ toYaml .Values.affinity | indent 10 }}
117 {{- end }}
farida azmyc1178372021-04-11 12:55:33 +0200118 serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
Chenfei Gao9292e882019-02-27 22:14:45 -0500119 volumes:
jhhd4258672020-08-09 12:08:08 -0500120{{ include "common.certInitializer.volumes" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500121 - name: localtime
122 hostPath:
123 path: /etc/localtime
124 - name: apiconfig
125 configMap:
126 name: {{ include "common.fullname" . }}-configmap
127 defaultMode: 0755
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +0200128 - name: apiconfig-processed
129 emptyDir:
130 medium: Memory
Chenfei Gao9292e882019-02-27 22:14:45 -0500131 imagePullSecrets:
a.sreekumar2f377362022-02-09 12:40:57 +0000132 - name: "{{ include "common.namespace" . }}-docker-registry-key"