# limitations under the License.
*/}}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- serviceName: {{ .Values.service.name }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
-#{{ if not .Values.disableNfsProvisioner }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.nfsprovisionerPrefix }}-nfs-provisioner
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-#{{ end }}
-
+ # we shouldn't need this but for unknown reason, it's fsGroup is not
+ # applied
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /data
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /var/lib/mongo
- name: {{ include "common.fullname" . }}-data
- resources:
-{{ include "common.resources" . | indent 12 }}
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /data/db
+ resources: {{ include "common.resources" . | nindent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- name: localtime
hostPath:
path: /etc/localtime
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- else }}
+ volumes:
- name: {{ include "common.fullname" . }}-data
-#{{ if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data
-#{{ else }}
emptyDir: {}
-#{{ end }}
+ {{- end }}