selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+ {{- end }}
+ {{- end }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ command:
+ - sh
+ - -c
+ - |
+ sleep 60; /opt/primekey/scripts/ejbca-config.sh
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
env:
- name: INITIAL_ADMIN
value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: NO_CREATE_CA
+ value: "true"
- name: DATABASE_JDBC_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
- name: DATABASE_USER
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"