4 name: {{ include "common.fullname" . }}
5 namespace: {{ include "common.namespace" . }}
7 app: {{ include "common.name" . }}
8 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
9 release: {{ include "common.release" . }}
10 heritage: {{ .Release.Service }}
14 app: {{ include "common.name" . }}
15 replicas: {{ .Values.replicaCount }}
19 app: {{ include "common.name" . }}
20 release: {{ include "common.release" . }}
27 - {{ include "common.release" . }}-policy-galera-config
33 fieldPath: metadata.namespace
34 image: {{ include "repositoryGenerator.image.readiness" . }}
35 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
36 name: {{ include "common.name" . }}-readiness
41 - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
44 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
46 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
47 - name: RESTSERVER_USER
48 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
49 - name: RESTSERVER_PASSWORD
50 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
52 - mountPath: /config-input
55 name: apiconfig-processed
56 image: {{ include "repositoryGenerator.image.envsubst" . }}
57 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
58 name: {{ include "common.name" . }}-update-config
59 {{ include "common.certInitializer.initContainer" . | indent 8 }}
61 - name: {{ include "common.name" . }}
62 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
63 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
64 {{- if .Values.global.aafEnabled }}
66 args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
67 /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
69 command: ["/opt/app/policy/api/bin/policy-api.sh"]
70 args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
72 - name: KEYSTORE_PASSWD
73 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
74 - name: TRUSTSTORE_PASSWD
75 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
78 - containerPort: {{ .Values.service.internalPort }}
79 # disable liveness probe when breakpoints set in debugger
80 # so K8s doesn't restart unresponsive container
81 {{- if eq .Values.liveness.enabled true }}
84 port: {{ .Values.service.internalPort }}
85 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
86 periodSeconds: {{ .Values.liveness.periodSeconds }}
90 path: {{ .Values.readiness.api }}
91 port: {{ .Values.service.internalPort }}
94 value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
95 scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
96 successThreshold: {{ .Values.readiness.successThreshold }}
97 failureThreshold: {{ .Values.readiness.failureThreshold }}
98 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
99 periodSeconds: {{ .Values.readiness.periodSeconds }}
100 timeoutSeconds: {{ .Values.readiness.timeout }}
102 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
103 - mountPath: /etc/localtime
106 - mountPath: /opt/app/policy/api/etc/mounted
107 name: apiconfig-processed
109 {{ include "common.resources" . }}
110 {{- if .Values.nodeSelector }}
112 {{ toYaml .Values.nodeSelector | indent 10 }}
114 {{- if .Values.affinity }}
116 {{ toYaml .Values.affinity | indent 10 }}
118 serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
120 {{ include "common.certInitializer.volumes" . | indent 8 }}
126 name: {{ include "common.fullname" . }}-configmap
128 - name: apiconfig-processed
132 - name: "{{ include "common.namespace" . }}-docker-registry-key"