{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- sh
args:
args:
- --container-name
- cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
env:
- name: NAMESPACE
valueFrom:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
- - name: USE_SCRIPT_COMPILE_CACHE
- value: {{ .Values.config.useScriptCompileCache | quote }}
- # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
- name: CLUSTER_ENABLED
- value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
+ - name: AAF_CREDSPATH
+ value: {{ .Values.certInitializer.credsPath }}
- name: CLUSTER_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CLUSTER_CONFIG_FILE
value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ - name: CPS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }}
+ {{ if .Values.useStrimziKafka }}
+ - name: JAAS_PASS
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
+ {{ end }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
- containerPort: {{ .Values.service.cluster.internalPort }}
+ startupProbe:
+ httpGet:
+ path: /api/v1/execution-service/health-check
+ port: {{ .Values.service.http.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime