[oom.git] / kubernetes / policy / components / policy-drools-pdp / templates / statefulset.yaml

{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}

apiVersion: apps/v1
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
  selector: {{- include "common.selectors" . | nindent 4 }}
  serviceName: {{ include "common.servicename" . }}
  replicas: {{ .Values.replicaCount }}
  template:
    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
    spec:
      initContainers:
      - command:
        - /app/ready.py
        args:
        - --job-name
        - {{ include "common.release" . }}-policy-galera-config
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: {{ include "repositoryGenerator.image.readiness" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: {{ include "common.name" . }}-db-readiness
        resources:
          limits:
            cpu: "100m"
            memory: "500Mi"
          requests:
            cpu: "3m"
            memory: "20Mi"
{{- if not .Values.nexus.offline }}
      - command:
        - /app/ready.py
        args:
        - --service-name
        - {{ .Values.nexus.name }}
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: KAFKA_URL
          value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
        - name: SASL
          value: {{ .Values.kafkaUser.authenticationType | upper }}
        - name: GROUP_ID
          value: {{ .Values.config.kafka.consumer.groupId }}
        - name: PAP_TOPIC
          value: {{ .Values.config.app.listener.policyPdpPapTopic }}
        image: {{ include "repositoryGenerator.image.readiness" . }}
        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        name: {{ include "common.name" . }}-readiness
        resources:
          limits:
            cpu: "100m"
            memory: "500Mi"
          requests:
            cpu: "3m"
            memory: "20Mi"
{{- end }}
      containers:
        - name: {{ include "common.name" . }}
          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command: ["sh","-c"]
          args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
          ports: {{ include "common.containerPorts" . | nindent 12  }}
          {{- if eq .Values.liveness.enabled true }}
          livenessProbe:
            httpGet:
              path: /healthcheck/controllers
              port: 6968
            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.liveness.periodSeconds }}
            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
          {{- end }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          env:
          - name: REPLICAS
            value: "{{ .Values.replicaCount }}"
          - name: SQL_USER
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
          - name: SQL_PASSWORD
            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
          volumeMounts:
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
          - mountPath: /tmp/policy-install/config/{{ base $path }}
            name: drools-secret
            subPath: {{ base $path }}
          {{- end }}
          {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
          - mountPath: /tmp/policy-install/config/{{ base $path }}
            name: drools-config
            subPath: {{ base $path }}
          {{- end }}
          resources: {{ include "common.resources" . | nindent 12 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}
      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
      volumes:
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: drools-config
          configMap:
            name: {{ include "common.fullname" . }}-configmap
            items:
            {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
            - key: {{ base $path }}
              path: {{ base $path }}
              mode: 0755
            {{- end }}
        - name: drools-secret
          secret:
            secretName: {{ include "common.fullname" . }}-secret
            items:
            {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
            - key: {{ base $path }}
              path: {{ base $path }}
              mode: 0644
            {{- end }}
      {{- include "common.imagePullSecrets" . | nindent 6 }}