Merge "[DMAAP] DMaaP ServiceMesh compatibility"

[oom.git] / kubernetes / policy / components / policy-api / templates / deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ include "common.release" . }}
    heritage: {{ .Release.Service }}
spec:
  selector:
    matchLabels:
      app: {{ include "common.name" . }}
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ include "common.name" . }}
        release: {{ include "common.release" . }}
    spec:
      initContainers:
        - command:
          - /app/ready.py
          args:
          - --job-name
          - {{ include "common.release" . }}-policy-galera-config
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          image: {{ include "repositoryGenerator.image.readiness" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
        - command:
          - sh
          args:
          - -c
          - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
          env:
          - name: SQL_USER
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
          - name: SQL_PASSWORD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
          - name: RESTSERVER_USER
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
          - name: RESTSERVER_PASSWORD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
          volumeMounts:
          - mountPath: /config-input
            name: apiconfig
          - mountPath: /config
            name: apiconfig-processed
          image: {{ include "repositoryGenerator.image.envsubst" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-update-config
{{ include "common.certInitializer.initContainer" . | indent 8 }}
      containers:
        - name: {{ include "common.name" . }}
          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.global.aafEnabled }}
          command: ["sh","-c"]
          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
                  /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
{{- else }}
          command: ["/opt/app/policy/api/bin/policy-api.sh"]
          args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
          env:
          - name: KEYSTORE_PASSWD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
          - name: TRUSTSTORE_PASSWD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
{{- end }}
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          # disable liveness probe when breakpoints set in debugger
          # so K8s doesn't restart unresponsive container
          {{- if eq .Values.liveness.enabled true }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.liveness.periodSeconds }}
          {{ end -}}
          readinessProbe:
            httpGet:
              path: {{ .Values.readiness.api }}
              port: {{ .Values.service.internalPort }}
              httpHeaders:
                - name: Authorization
                  value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
              scheme: {{ .Values.readiness.scheme }}
            successThreshold: {{ .Values.readiness.successThreshold }}
            failureThreshold: {{ .Values.readiness.failureThreshold }}
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
            timeoutSeconds: {{ .Values.readiness.timeout }}
          volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /opt/app/policy/api/etc/mounted
            name: apiconfig-processed
          resources:
{{ include "common.resources" . }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}
      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
      volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
        - name: localtime
          hostPath:
             path: /etc/localtime
        - name: apiconfig
          configMap:
            name: {{ include "common.fullname" . }}-configmap
            defaultMode: 0755
        - name: apiconfig-processed
          emptyDir:
            medium: Memory
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"