kubernetes/policy/components/policy-api/templates/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
  selector: {{- include "common.selectors" . | nindent 4 }}
  replicas: {{ .Values.replicaCount }}
  template:
    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
    spec:
      initContainers:
        - command:
          - /app/ready.py
          args:
          - --job-name
{{ if not .Values.global.postgres.localCluster }}
          - {{ include "common.release" . }}-policy-galera-config
{{ else }}
          - {{ include "common.release" . }}-policy-pg-config
{{ end }}
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: {{ include "repositoryGenerator.image.readiness" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
          resources:
            limits:
              cpu: "100m"
              memory: "500Mi"
            requests:
              cpu: "3m"
              memory: "20Mi"
        - command:
          - sh
          args:
          - -c
          - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
          env:
          - name: SQL_USER
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
          - name: SQL_PASSWORD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
          - name: RESTSERVER_USER
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
          - name: RESTSERVER_PASSWORD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
          volumeMounts:
          - mountPath: /config-input
            name: apiconfig
          - mountPath: /config
            name: apiconfig-processed
          image: {{ include "repositoryGenerator.image.envsubst" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-update-config
      containers:
        - name: {{ include "common.name" . }}
          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command: ["/opt/app/policy/api/bin/policy-api.sh"]
          args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
          ports: {{ include "common.containerPorts" . | nindent 12  }}
          # disable liveness probe when breakpoints set in debugger
          # so K8s doesn't restart unresponsive container
          {{- if eq .Values.liveness.enabled true }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.liveness.periodSeconds }}
          {{ end -}}
          readinessProbe:
            httpGet:
              path: {{ .Values.readiness.api }}
              port: {{ .Values.service.internalPort }}
              httpHeaders:
                - name: Authorization
                  value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
              scheme: HTTP
            successThreshold: {{ .Values.readiness.successThreshold }}
            failureThreshold: {{ .Values.readiness.failureThreshold }}
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
            timeoutSeconds: {{ .Values.readiness.timeout }}
          volumeMounts:
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /opt/app/policy/api/etc/mounted
            name: apiconfig-processed
          resources: {{ include "common.resources" . | nindent 12 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}
      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
      volumes:
        - name: localtime
          hostPath:
             path: /etc/localtime
        - name: apiconfig
          configMap:
            name: {{ include "common.fullname" . }}-configmap
            defaultMode: 0755
        - name: apiconfig-processed
          emptyDir:
            medium: Memory
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"