| ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 1 | {{/* |
| 2 | # ============LICENSE_START======================================================= |
| danielhanrahan | 8832664 | 2022-02-28 14:08:08 +0000 | [diff] [blame^] | 3 | # Copyright (C) 2021-2022 Nordix Foundation. |
| ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 4 | # ================================================================================ |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | # |
| 17 | # SPDX-License-Identifier: Apache-2.0 |
| 18 | # ============LICENSE_END========================================================= |
| 19 | */}} |
| 20 | |
| 21 | apiVersion: apps/v1 |
| 22 | kind: Deployment |
| 23 | metadata: |
| 24 | name: {{ include "common.fullname" . }} |
| 25 | namespace: {{ include "common.namespace" . }} |
| 26 | labels: |
| 27 | app: {{ include "common.name" . }} |
| 28 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} |
| 29 | release: {{ include "common.release" . }} |
| 30 | heritage: {{ .Release.Service }} |
| 31 | spec: |
| 32 | replicas: {{ .Values.replicaCount }} |
| 33 | selector: |
| 34 | matchLabels: |
| 35 | app: {{ include "common.name" . }} |
| 36 | template: |
| 37 | metadata: |
| 38 | labels: |
| 39 | app: {{ include "common.name" . }} |
| 40 | release: {{ include "common.release" . }} |
| 41 | spec: |
| 42 | initContainers: |
| 43 | - command: |
| 44 | - /app/ready.py |
| 45 | args: |
| 46 | - --container-name |
| 47 | - policy-clamp-be |
| 48 | env: |
| 49 | - name: NAMESPACE |
| 50 | valueFrom: |
| 51 | fieldRef: |
| 52 | apiVersion: v1 |
| 53 | fieldPath: metadata.namespace |
| 54 | image: {{ include "repositoryGenerator.image.readiness" . }} |
| 55 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 56 | name: {{ include "common.name" . }}-readiness |
| 57 | {{ include "common.certInitializer.initContainer" . | nindent 6 }} |
| 58 | containers: |
| 59 | # side car containers |
| 60 | {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} |
| 61 | # main container |
| 62 | - name: {{ include "common.name" . }} |
| 63 | image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} |
| 64 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| danielhanrahan | 8832664 | 2022-02-28 14:08:08 +0000 | [diff] [blame^] | 65 | {{- if .Values.global.aafEnabled }} |
| 66 | command: ["sh","-c"] |
| 67 | args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] |
| 68 | env: |
| 69 | {{- else }} |
| 70 | command: ["/opt/app/policy/gui/bin/policy-gui.sh"] |
| 71 | env: |
| 72 | - name: KEYSTORE_PASSWD |
| 73 | {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} |
| 74 | - name: TRUSTSTORE_PASSWD |
| 75 | {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} |
| 76 | {{- end }} |
| 77 | - name: CLAMP_URL |
| 78 | value: https://policy-clamp-be:8443 |
| ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 79 | ports: |
| 80 | - containerPort: {{ .Values.service.internalPort }} |
| 81 | # disable liveness probe when breakpoints set in debugger |
| 82 | # so K8s doesn't restart unresponsive container |
| 83 | {{- if eq .Values.liveness.enabled true }} |
| 84 | livenessProbe: |
| 85 | tcpSocket: |
| 86 | port: {{ .Values.service.internalPort }} |
| 87 | initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} |
| 88 | periodSeconds: {{ .Values.liveness.periodSeconds }} |
| 89 | {{ end -}} |
| 90 | readinessProbe: |
| 91 | tcpSocket: |
| 92 | port: {{ .Values.service.internalPort }} |
| 93 | initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} |
| 94 | periodSeconds: {{ .Values.readiness.periodSeconds }} |
| 95 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} |
| 96 | - name: logs |
| 97 | mountPath: {{ .Values.log.path }} |
| ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 98 | resources: |
| 99 | {{ include "common.resources" . | indent 12 }} |
| 100 | {{- if .Values.nodeSelector }} |
| 101 | nodeSelector: |
| 102 | {{ toYaml .Values.nodeSelector | indent 10 }} |
| 103 | {{- end -}} |
| 104 | {{- if .Values.affinity }} |
| 105 | affinity: |
| 106 | {{ toYaml .Values.affinity | indent 10 }} |
| 107 | {{- end }} |
| 108 | serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} |
| 109 | volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} |
| 110 | - name: {{ include "common.fullname" . }}-config |
| 111 | configMap: |
| 112 | name: {{ include "common.fullname" . }} |
| ktimoney | b3aef7b | 2021-09-13 08:27:58 +0100 | [diff] [blame] | 113 | - name: logs |
| 114 | emptyDir: {} |
| 115 | {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} |
| 116 | imagePullSecrets: |
| 117 | - name: "{{ include "common.namespace" . }}-docker-registry-key" |