CI: Add SonarCloud scan GHA workflow
[nonrtric/plt/ranpm.git] / templates / app-statefulset.yaml
1 #  ============LICENSE_START===============================================
2 #  Copyright (C) 2023 Nordix Foundation. All rights reserved.
3 #  ========================================================================
4 #  Licensed under the Apache License, Version 2.0 (the "License");
5 #  you may not use this file except in compliance with the License.
6 #  You may obtain a copy of the License at
7 #
8 #
9 #
10 #  Unless required by applicable law or agreed to in writing, software
11 #  distributed under the License is distributed on an "AS IS" BASIS,
12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 #  See the License for the specific language governing permissions and
14 #  limitations under the License.
15 #  ============LICENSE_END=================================================
16 #
18 apiVersion: apps/v1
19 kind: StatefulSet
20 metadata:
21   name: dfc
22   namespace: nonrtric
23   labels:
24     app: dfc
25 spec:
26   replicas: 1
27   serviceName: dfc
28   selector:
29     matchLabels:
30       app: dfc
31   template:
32     metadata:
33       labels:
34         app: dfc
35     spec:
36       volumes:
37         - name: config-truststore
38           configMap:
39             name: dfc-cm-truststore
40         - name: config-cm
41           configMap:
42             name: dfc-cm
43         - name: token-cache-volume
44           emptyDir: {}
45       containers:
46       - name: dfc
47         securityContext:
48           runAsUser: 0     # Need to run as root - needed when writing to hostpath
49         image:
50         imagePullPolicy: Always
51         ports:
52         - name: http
53           containerPort: 8100
54         volumeMounts:
55         - name: config-truststore
56           mountPath: /opt/app/datafile/config/truststore.jks
57           subPath: truststore.jks
58         - name: config-cm
59           mountPath: /opt/app/datafile/config/application.yaml
60           subPath: application.yaml
61         - mountPath: /token-cache
62           name: token-cache-volume
63         env:
64         - name: APPID
65           valueFrom:
66             fieldRef:
67               fieldPath:
68         - name: APPNS
69           valueFrom:
70             fieldRef:
71               fieldPath: metadata.namespace
72         - name: APP_KAFKA_CLIENT-ID
73           value: "datafile-collector.$(APPNS).$(APPID)"
74       - name: auth-token
75         image:
76         imagePullPolicy: Always
77         env:
78         - name: CREDS_GRANT_TYPE
79           value: client_credentials
80         - name: CREDS_CLIENT_SECRET
81           value: {{ .Values.dfc.clientsecret }}
82         - name: CREDS_CLIENT_ID
83           value: dfc
84         - name: AUTH_SERVICE_URL
85           value: http://keycloak.nonrtric:8080/realms/nonrtric-realm/protocol/openid-connect/token
86         - name: OUTPUT_FILE
87           value: /token-cache/jwt.txt
89         volumeMounts:
90         - mountPath: /token-cache
91           name: token-cache-volume