kubernetes/platform/components/oom-cert-service/templates/deployment.yaml

   1 {{/*# Copyright © 2020, Nokia
   2 # Modifications Copyright  © 2020, Nordix Foundation
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.*/}}
  15
  16 {{- if .Values.global.cmpv2Enabled }}
  17 apiVersion: apps/v1
  18 kind: Deployment
  19 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  20 spec:
  21   replicas: {{ .Values.replicaCount }}
  22   selector: {{- include "common.selectors" . | nindent 4 }}
  23   template:
  24     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
  25       {{- if (include "common.onServiceMesh" . ) }}
  26       annotations:
  27       {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
  28         linkerd.io/inject: disabled
  29       {{- end }}
  30       {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
  31           traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
  32           traffic.sidecar.istio.io/includeInboundPorts: '*'
  33       {{- end }}
  34       {{- end }}
  35     spec:
  36       imagePullSecrets:
  37       - name: "{{ include "common.namespace" . }}-docker-registry-key"
  38       volumes:
  39 {{- if .Values.global.addTestingComponents }}
  40         - name: cmp-servers-template-volume
  41           secret:
  42             secretName: {{ .Values.cmpServers.secret.name }}
  43         - name: {{ .Values.cmpServers.volume.name }}
  44           emptyDir:
  45             medium: Memory
  46 {{- else }}
  47         - name: {{ .Values.cmpServers.volume.name }}
  48           secret:
  49             secretName: {{ .Values.cmpServers.secret.name }}
  50 {{- end }}
  51         - name: {{ .Values.tls.server.volume.name }}
  52           secret:
  53             secretName: {{ .Values.tls.server.secret.name }}
  54 {{- if .Values.global.addTestingComponents }}
  55       initContainers:
  56         - name: wait-for-ejbca
  57           command:
  58           - /app/ready.py
  59           args:
  60           - --container-name
  61           - ejbca-ejbca
  62           env:
  63           - name: NAMESPACE
  64             valueFrom:
  65               fieldRef:
  66                 apiVersion: v1
  67                 fieldPath: metadata.namespace
  68           image: {{ include "repositoryGenerator.image.readiness" . }}
  69           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  70         - name: subsitute-envs
  71           image: {{ include "repositoryGenerator.image.envsubst" . }}
  72           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  73           command: ['sh', '-c', "cd /config-input &&  envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
  74           volumeMounts:
  75             - name: cmp-servers-template-volume
  76               mountPath: /config-input
  77               readOnly: true
  78             - name: {{ .Values.cmpServers.volume.name }}
  79               mountPath: {{ .Values.cmpServers.volume.mountPath }}
  80               readOnly: false
  81           env:
  82             - name: CLIENT_IAK
  83               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }}
  84             - name: CLIENT_RV
  85               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }}
  86             - name: RA_IAK
  87               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }}
  88             - name: RA_RV
  89               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }}
  90 {{- end }}
  91       containers:
  92         - name: {{ include "common.name" . }}
  93           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
  94           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  95           ports: {{ include "common.containerPorts" . | nindent 10 }}
  96           env:
  97             - name: HTTPS_PORT
  98               value: "{{ .Values.envs.httpsPort }}"
  99             - name: KEYSTORE_PATH
 100               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
 101             - name: KEYSTORE_P12_PATH
 102               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
 103             - name: TRUSTSTORE_PATH
 104               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
 105             - name: ROOT_CERT
 106               value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
 107             - name: KEYSTORE_PASSWORD
 108               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
 109             - name: TRUSTSTORE_PASSWORD
 110               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
 111           livenessProbe:
 112             exec:
 113               command:
 114                 - /bin/bash
 115                 - -c
 116                 - {{ .Values.liveness.command }}
 117             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
 118             periodSeconds: {{ .Values.liveness.periodSeconds }}
 119           readinessProbe:
 120             exec:
 121               command:
 122                 - /bin/bash
 123                 - -c
 124                 - {{ .Values.readiness.command }}
 125             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 126             periodSeconds: {{ .Values.readiness.periodSeconds }}
 127           volumeMounts:
 128             - name: {{ .Values.cmpServers.volume.name }}
 129               mountPath: {{ .Values.cmpServers.volume.mountPath }}
 130               readOnly: false
 131             - name: {{ .Values.tls.server.volume.name }}
 132               mountPath: {{ .Values.tls.server.volume.mountPath }}
 133               readOnly: true
 134           resources: {{ include "common.resources" . | nindent 12 }}
 135 {{ end -}}