blob: de0558e4cdc89228201a272f5c029041689e09a2 [file] [log] [blame]
Grzegorz-Lis4fad3022020-07-31 10:18:21 +02001apiVersion: apps/v1
Chenfei Gao9292e882019-02-27 22:14:45 -05002kind: Deployment
3metadata:
4 name: {{ include "common.fullname" . }}
5 namespace: {{ include "common.namespace" . }}
6 labels:
7 app: {{ include "common.name" . }}
8 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +01009 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050010 heritage: {{ .Release.Service }}
11spec:
Grzegorz-Lis4fad3022020-07-31 10:18:21 +020012 selector:
13 matchLabels:
14 app: {{ include "common.name" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050015 replicas: {{ .Values.replicaCount }}
16 template:
17 metadata:
18 labels:
19 app: {{ include "common.name" . }}
Krzysztof Opasiak137d7cc2020-01-24 23:49:11 +010020 release: {{ include "common.release" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -050021 spec:
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040022 initContainers:
23 - command:
Sylvain Desbureaux1694e1d2020-08-21 09:58:25 +020024 - /app/ready.py
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040025 args:
jhhd4258672020-08-09 12:08:08 -050026 - --job-name
27 - {{ include "common.release" . }}-policy-galera-config
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040028 env:
29 - name: NAMESPACE
30 valueFrom:
31 fieldRef:
32 apiVersion: v1
33 fieldPath: metadata.namespace
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010034 image: {{ include "repositoryGenerator.image.readiness" . }}
Chenfei Gao8fdac3a2019-04-12 14:39:40 -040035 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
36 name: {{ include "common.name" . }}-readiness
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020037 - command:
38 - sh
39 args:
40 - -c
Taka Choebd62952020-10-08 13:50:09 -040041 - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020042 env:
43 - name: SQL_USER
Dominik Mizyn11038102020-04-14 17:14:42 +020044 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020045 - name: SQL_PASSWORD
Dominik Mizyn11038102020-04-14 17:14:42 +020046 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
47 - name: RESTSERVER_USER
48 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
49 - name: RESTSERVER_PASSWORD
50 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020051 volumeMounts:
52 - mountPath: /config-input
53 name: apiconfig
54 - mountPath: /config
55 name: apiconfig-processed
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010056 image: {{ include "repositoryGenerator.image.envsubst" . }}
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020057 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
58 name: {{ include "common.name" . }}-update-config
jhhd4258672020-08-09 12:08:08 -050059{{ include "common.certInitializer.initContainer" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -050060 containers:
61 - name: {{ include "common.name" . }}
Sylvain Desbureaux7c8c6862020-11-19 18:02:37 +010062 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
Chenfei Gao9292e882019-02-27 22:14:45 -050063 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
jhhd4258672020-08-09 12:08:08 -050064{{- if .Values.global.aafEnabled }}
Taka Cho9658ce82020-12-10 14:34:18 -050065 command: ["sh","-c"]
jhhd4258672020-08-09 12:08:08 -050066 args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
jhhd4258672020-08-09 12:08:08 -050067 /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
68{{- else }}
Chenfei Gao9292e882019-02-27 22:14:45 -050069 command: ["/opt/app/policy/api/bin/policy-api.sh"]
70 args: ["/opt/app/policy/api/etc/mounted/config.json"]
jhhd4258672020-08-09 12:08:08 -050071 env:
72 - name: KEYSTORE_PASSWD
73 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
74 - name: TRUSTSTORE_PASSWD
75 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
76{{- end }}
Chenfei Gao9292e882019-02-27 22:14:45 -050077 ports:
78 - containerPort: {{ .Values.service.internalPort }}
79 # disable liveness probe when breakpoints set in debugger
80 # so K8s doesn't restart unresponsive container
81 {{- if eq .Values.liveness.enabled true }}
82 livenessProbe:
83 tcpSocket:
84 port: {{ .Values.service.internalPort }}
85 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
86 periodSeconds: {{ .Values.liveness.periodSeconds }}
87 {{ end -}}
88 readinessProbe:
89 tcpSocket:
90 port: {{ .Values.service.internalPort }}
91 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
92 periodSeconds: {{ .Values.readiness.periodSeconds }}
93 volumeMounts:
jhhd4258672020-08-09 12:08:08 -050094{{ include "common.certInitializer.volumeMount" . | indent 10 }}
Chenfei Gao9292e882019-02-27 22:14:45 -050095 - mountPath: /etc/localtime
96 name: localtime
97 readOnly: true
98 - mountPath: /opt/app/policy/api/etc/mounted
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +020099 name: apiconfig-processed
Chenfei Gao9292e882019-02-27 22:14:45 -0500100 resources:
jhhd4258672020-08-09 12:08:08 -0500101{{ include "common.resources" . }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500102 {{- if .Values.nodeSelector }}
103 nodeSelector:
104{{ toYaml .Values.nodeSelector | indent 10 }}
105 {{- end -}}
106 {{- if .Values.affinity }}
107 affinity:
108{{ toYaml .Values.affinity | indent 10 }}
109 {{- end }}
farida azmyc1178372021-04-11 12:55:33 +0200110 serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
Chenfei Gao9292e882019-02-27 22:14:45 -0500111 volumes:
jhhd4258672020-08-09 12:08:08 -0500112{{ include "common.certInitializer.volumes" . | indent 8 }}
Chenfei Gao9292e882019-02-27 22:14:45 -0500113 - name: localtime
114 hostPath:
115 path: /etc/localtime
116 - name: apiconfig
117 configMap:
118 name: {{ include "common.fullname" . }}-configmap
119 defaultMode: 0755
Krzysztof Opasiak09d1b312020-03-31 23:44:22 +0200120 - name: apiconfig-processed
121 emptyDir:
122 medium: Memory
Chenfei Gao9292e882019-02-27 22:14:45 -0500123 imagePullSecrets:
124 - name: "{{ include "common.namespace" . }}-docker-registry-key"