[GENERAL] Use readiness container v3.0.1

[oom.git] / kubernetes / contrib / components / ejbca / templates / deployment.yaml

# Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector: {{- include "common.selectors" . | nindent 4 }}
  template:
    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
    spec:
      initContainers:
      - name: {{ include "common.name" . }}-db-readiness
        command:
        - /app/ready.py
        args:
        - --container-name
        {{- if .Values.global.mariadbGalera.localCluster }}
        - ejbca-galera
        {{- else }}
        - ejbca-config
        {{- end }}
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
      containers:
      - name: {{ include "common.name" . }}-ejbca
        image: {{ .Values.ejbca.image }}
        imagePullPolicy: {{ .Values.pullPolicy }}
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
        volumeMounts:
          - name: "{{ include "common.fullname" . }}-volume"
            mountPath: /opt/primekey/scripts/
        ports: {{ include "common.containerPorts" . | nindent 10 }}
        env:
        - name: INITIAL_ADMIN
          value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
        - name: DATABASE_JDBC_URL
          value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
        - name: DATABASE_USER
          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }}
        - name: DATABASE_PASSWORD
          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }}
        - name: RA_IAK
          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }}
        - name: CLIENT_IAK
          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }}
        livenessProbe:
          httpGet:
            port: {{ .Values.liveness.port }}
            path: {{ .Values.liveness.path }}
            scheme: HTTPS
          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
          periodSeconds: {{ .Values.liveness.periodSeconds }}
        readinessProbe:
          httpGet:
            port: {{ .Values.readiness.port }}
            path: {{ .Values.readiness.path }}
            scheme: HTTPS
          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
          periodSeconds: {{ .Values.readiness.periodSeconds }}
          {{- if .Values.nodeSelector }}
        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity: {{ toYaml .Values.affinity | nindent 10 }}
        {{- end }}
      volumes:
      - configMap:
          name: "{{ include "common.fullname" . }}-config-script"
          defaultMode: 0755
        name: "{{ include "common.fullname" . }}-volume"