kubernetes/platform/components/oom-cert-service/templates/deployment.yaml

   1 {{/*# Copyright © 2020, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.*/}}
  15
  16 {{- if .Values.global.cmpv2Enabled }}
  17 apiVersion: apps/v1
  18 kind: Deployment
  19 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  20 spec:
  21   replicas: {{ .Values.replicaCount }}
  22   selector: {{- include "common.selectors" . | nindent 4 }}
  23   template:
  24     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
  25       {{- if (include "common.onServiceMesh" . ) }}
  26       annotations:
  27       {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
  28         linkerd.io/inject: disabled
  29       {{- end }}
  30       {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
  31           traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
  32           traffic.sidecar.istio.io/includeInboundPorts: '*'
  33       {{- end }}
  34       {{- end }}
  35     spec:
  36       imagePullSecrets:
  37       - name: "{{ include "common.namespace" . }}-docker-registry-key"
  38       volumes:
  39 {{- if .Values.global.addTestingComponents }}
  40         - name: cmp-servers-template-volume
  41           secret:
  42             secretName: {{ .Values.cmpServers.secret.name }}
  43         - name: {{ .Values.cmpServers.volume.name }}
  44           emptyDir:
  45             medium: Memory
  46 {{- else }}
  47         - name: {{ .Values.cmpServers.volume.name }}
  48           secret:
  49             secretName: {{ .Values.cmpServers.secret.name }}
  50 {{- end }}
  51         - name: {{ .Values.tls.server.volume.name }}
  52           secret:
  53             secretName: {{ .Values.tls.server.secret.name }}
  54 {{- if .Values.global.addTestingComponents }}
  55       initContainers:
  56         - name: wait-for-ejbca
  57           command:
  58           - /app/ready.py
  59           args:
  60           - --container-name
  61           - ejbca-ejbca
  62           env:
  63           - name: NAMESPACE
  64             valueFrom:
  65               fieldRef:
  66                 apiVersion: v1
  67                 fieldPath: metadata.namespace
  68           image: {{ include "repositoryGenerator.image.readiness" . }}
  69           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  70           resources:
  71             limits:
  72               cpu: "100m"
  73               memory: "0.5Gi"
  74             requests:
  75               cpu: "3m"
  76               memory: "0.02Gi"
  77         - name: subsitute-envs
  78           image: {{ include "repositoryGenerator.image.envsubst" . }}
  79           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  80           command: ['sh', '-c', "cd /config-input &&  envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
  81           volumeMounts:
  82             - name: cmp-servers-template-volume
  83               mountPath: /config-input
  84               readOnly: true
  85             - name: {{ .Values.cmpServers.volume.name }}
  86               mountPath: {{ .Values.cmpServers.volume.mountPath }}
  87               readOnly: false
  88           env:
  89             - name: CLIENT_IAK
  90               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }}
  91             - name: CLIENT_RV
  92               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }}
  93             - name: RA_IAK
  94               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }}
  95             - name: RA_RV
  96               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }}
  97 {{- end }}
  98       containers:
  99         - name: {{ include "common.name" . }}
 100           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
 101           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 102           ports: {{ include "common.containerPorts" . | nindent 10 }}
 103           env:
 104             - name: HTTPS_PORT
 105               value: "{{ .Values.envs.httpsPort }}"
 106             - name: KEYSTORE_PATH
 107               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
 108             - name: KEYSTORE_P12_PATH
 109               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
 110             - name: TRUSTSTORE_PATH
 111               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
 112             - name: ROOT_CERT
 113               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
 114             - name: KEYSTORE_PASSWORD
 115               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
 116             - name: TRUSTSTORE_PASSWORD
 117               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
 118           livenessProbe:
 119             exec:
 120               command:
 121                 - /bin/bash
 122                 - -c
 123                 - {{ .Values.liveness.command }}
 124             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 125             periodSeconds: {{ .Values.liveness.periodSeconds }}
 126           readinessProbe:
 127             exec:
 128               command:
 129                 - /bin/bash
 130                 - -c
 131                 - {{ .Values.readiness.command }}
 132             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 133             periodSeconds: {{ .Values.readiness.periodSeconds }}
 134           volumeMounts:
 135             - name: {{ .Values.cmpServers.volume.name }}
 136               mountPath: {{ .Values.cmpServers.volume.mountPath }}
 137               readOnly: false
 138             - name: {{ .Values.tls.server.volume.name }}
 139               mountPath: {{ .Values.tls.server.volume.mountPath }}
 140               readOnly: true
 141           resources: {{ include "common.resources" . | nindent 12 }}
 142 {{ end -}}