kubernetes/a1policymanagement/templates/statefulset.yaml

   1 {{/*
   2 ################################################################################
   3 #   Copyright (c) 2020 Nordix Foundation.                                      #
   4 #   Copyright © 2020 Samsung Electronics, Modifications                        #
   5 #                                                                              #
   6 #   Licensed under the Apache License, Version 2.0 (the "License");            #
   7 #   you may not use this file except in compliance with the License.           #
   8 #   You may obtain a copy of the License at                                    #
   9 #                                                                              #
  10 #       http://www.apache.org/licenses/LICENSE-2.0                             #
  11 #                                                                              #
  12 #   Unless required by applicable law or agreed to in writing, software        #
  13 #   distributed under the License is distributed on an "AS IS" BASIS,          #
  14 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
  15 #   See the License for the specific language governing permissions and        #
  16 #   limitations under the License.                                             #
  17 ################################################################################
  18 */}}
  19
  20 kind: StatefulSet
  21 apiVersion: apps/v1
  22 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  23 spec:
  24   serviceName: {{ include "common.servicename" . }}
  25   replicas: {{ index .Values.replicaCount }}
  26   selector: {{- include "common.selectors" . | nindent 4 }}
  27   template:
  28     metadata:
  29       labels: {{- include "common.labels" . | nindent 8 }}
  30     spec:
  31       imagePullSecrets:
  32       - name: "{{ include "common.namespace" . }}-docker-registry-key"
  33       initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
  34       - name: {{ include "common.name" . }}-bootstrap-config
  35         image: {{ include "repositoryGenerator.image.envsubst" . }}
  36         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  37         command:
  38         - sh
  39         args:
  40         - -c
  41         - |
  42           {{- if (include "common.needTLS" .) }}
  43           export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
  44             | xargs -0)
  45           {{- end }}
  46           cd /config-input
  47           for PFILE in `ls -1`
  48           do
  49             envsubst <${PFILE} >/config/${PFILE}
  50             chmod o+w /config/${PFILE}
  51           done
  52           cat /config/application.yaml
  53         env:
  54         - name: A1CONTROLLER_USER
  55           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
  56         - name: A1CONTROLLER_PASSWORD
  57           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
  58         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
  59         - mountPath: /config-input
  60           name: {{ include "common.fullname" . }}-policy-conf-input
  61         - mountPath: /config
  62           name: config
  63       containers:
  64       - name: {{ include "common.name" . }}-update-config
  65         image: {{ include "repositoryGenerator.image.envsubst" . }}
  66         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  67         securityContext:
  68           runAsGroup: {{ .Values.groupID }}
  69           runAsUser: {{ .Values.userID }}
  70           runAsNonRoot: true
  71         command:
  72         - sh
  73         args:
  74         - /tmp/scripts/daemon.sh
  75         env:
  76         - name: A1CONTROLLER_USER
  77           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
  78         - name: A1CONTROLLER_PASSWORD
  79           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
  80         volumeMounts:
  81         - mountPath: /tmp/scripts
  82           name: {{ include "common.fullname" . }}-envsubst-scripts
  83         - mountPath: /config-input
  84           name: {{ include "common.fullname" . }}-policy-conf-input
  85         - mountPath: /config
  86           name: config
  87       - name: {{ include "common.name" . }}
  88         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
  89         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  90         ports: {{ include "common.containerPorts" . | nindent 10  }}
  91         readinessProbe:
  92           tcpSocket:
  93             port: {{ .Values.readiness.port }}
  94           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
  95           periodSeconds: {{ .Values.liveness.periodSeconds }}
  96         livenessProbe:
  97           httpGet:
  98             path: /status
  99             port: {{ .Values.liveness.port }}
 100             scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
 101           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 102           periodSeconds: {{ .Values.liveness.periodSeconds }}
 103         volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
 104         - name: config
 105           mountPath: /opt/app/policy-agent/data/application_configuration.json
 106           subPath: application_configuration.json
 107         - name: config
 108           mountPath: /opt/app/policy-agent/config/application.yaml
 109           subPath: application.yaml
 110         - name: {{ include "common.fullname" . }}
 111           mountPath: "/var/policy-management-service/database"
 112         resources: {{ include "common.resources" . | nindent 10 }}
 113       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
 114       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
 115         - name: {{ include "common.fullname" . }}-policy-conf-input
 116           configMap:
 117             name: {{ include "common.fullname" . }}-policy-conf
 118         - name: {{ include "common.fullname" . }}-envsubst-scripts
 119           configMap:
 120             name: {{ include "common.fullname" . }}-envsubst-scripts
 121             defaultMode: 0555
 122         - name: config
 123           emptyDir:
 124             medium: Memory
 125 {{- if not .Values.persistence.enabled }}
 126         - name: {{ include "common.fullname" . }}
 127           emptyDir: {}
 128 {{- else }}
 129   volumeClaimTemplates:
 130     - {{include "common.PVCTemplate" . | indent 6 | trim }}
 131 {{- end }}